Solved

Customer Cafe Wireless Security?

Posted on 2011-03-22
5
482 Views
Last Modified: 2012-05-11
Hi all Experts,
We have a Customer Cafe that we allow our customers to use if they bring in a laptop while they are waiting for the car to be repaired etc... I am looking for an idea, as it appears that either I have someone sitting in the parking sucking down my bandwidth, or I have an employee bringing in an authorized laptop and going to town with downloads. This Customer Cafe is quite a simple setup, I have a separate VLAN configured on my Cisco 3560, (I have for the most part all Cisco as my backbone) and this runs the wireless for a Linksys Wireless Access Point. Other than obtaining a completely different ISP just for the Customers or placing a WEP code in the access point I cannot think of another way to stop this from happening. This maxed out my bandwidth today at this location, and I am kind of at a loss for an idea.
Any suggestions?
0
Comment
Question by:HarleyITGuy
  • 3
5 Comments
 
LVL 41

Accepted Solution

by:
Jackie Man earned 500 total points
ID: 35195358
According to the comment of Johnjces, it says:-

"If you can spend about $300 USD, look into a GuestGate.

http://www.guestgate.com.

Really neat device and protects your LAN and protects your guests from each other with a captive portal web page and more."

Source: http://www.experts-exchange.com/Networking/Wireless/WLAN/Q_23664887.html

The Features of GuestGate are as follows:

• Captive portal provides instant secure guest access to the public network
• The ideal solution for conference rooms, Internet cafés and hotels
• All-in-one wireless high-speed HotSpot for secure access to the Internet
HNP technology protects the network from unauthorized access
• Plug and Play for configuration-free client operation
Guest protection through Layer 3 Client Isolation technology
• Wireless 300 Mbps access point functionality
• Complies with 2.4 GHz IEEE 802.11n standard and is backward compatible with IEEE 802.11g/b standards
• 2T2R MIMO technology for enhanced throughput and coverage
• Integrated 10/100 Mbps LAN switch with Auto MDI/MDI-X support
• Bandwidth throttling (limit global up- and downstream bandwidth)
• Integrated password option for Internet access (global password and individual user passwords)
• Support for IEEE 802.1X RADIUS authentication allowing the deployment of GuestGate in larger networks with RADIUS-based user authentication
• Fully customizable welcome page (Captive Portal)
• Automatic redirect after login to any Web site
• Walled-Garden functionality
• Internet access time scheduler
• Black-list function for IP addresses and Internet domains
• White-list function for local network addresses (e.g., print servers or intranet servers)
• Packet filter for IP addresses, domains and TCP/IP service ports
• Trusted Ethernet addresses
• Multilanguage Web user interface
User logging function can be activated to keep track of the Internet servers visited by the guests
• Firmware upgrade through Web-based user interface
• Three-Year Warranty

I have highlighted the security features which may fit into your requirements on security.
0
 
LVL 41

Expert Comment

by:Jackie Man
ID: 35195371
Besides, it is crucial that you have the control of the bandwidth consumed by the guest wifi as there is a feature called Bandwidth throttling (limit global up- and downstream bandwidth) in the above list.
0
 
LVL 4

Expert Comment

by:m_walker
ID: 35196061
If you want to keep track, filter and block access then you might consider a proxy server and force surfing via the proxy server (eg: squid on linux is free).  You can then just use linux accounts for user access control and logging.  

I am sure there are better systems for a cafe, this is just they way we do it.
WEP is not worth putting on for two reasons
a) If someone is in the car park, the can hack the WEP key and your back to the same problem
b) If its your staff, then they will know the WEP key and back to the same problem.

WPA/WPA2 is better then WEP, but the PSK (Pre Shared Key) the staff member will know, and if you give it to customers, then they will know.

You really need to do a per user system.  WPA2 Enterprise with a radius server will work, but if you are going to that effort for a shop, you will be better off with a proxy server.

0
 

Author Closing Comment

by:HarleyITGuy
ID: 35340689
Thank you
0
 
LVL 41

Expert Comment

by:Jackie Man
ID: 35341170
Glad to know that you have solved the problems. Cheers!
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

MAC Filtering: MAC filtering is like handing a list of names to a doorman. If someone comes to the door and mentions a name, this name is checked by the doorman on his list and granted or denied access by this. This means that if someone menti…
This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now