Solved

Free-Wifi - Preventing Illegal Downloads

Posted on 2014-12-18
8
298 Views
1 Endorsement
Last Modified: 2015-04-27
We are required for most of our customers to provide a free-wifi to their customers.  We have Free-Wifi deployed everywhere for some time now.  Every so often we get a notification from the ISP of an illegal movie download.

What does everyone use to secure these Free-Wifi's from the illegal downloading.

Most of the equipment used is Cisco router (1811) and the open-mesh AP.

Anyone that is willing to give some of their products used would be great.  We are looking to implement something to lock this down to just basic web surfing even if it blocks downloading legitimate material.

Sonicwall is a possibility for us to put in as a router.  Any suggestions on that?
1
Comment
Question by:considerscs
8 Comments
 
LVL 5

Assisted Solution

by:Sean Jackson
Sean Jackson earned 188 total points
ID: 40507330
The best you can do is block access to the sites the downloads are coming from. If you say in your TOS that users of your wi-fi agree to such filtering, you should be ok legally.

Neither you or the ISP want this to happen, so work with them to find what addresses are being used to download them, and add them to your firewall or proxy to block traffic to those addresses.

And if you need help setting up (or administering) a firewall or proxy, let me know.
0
 
LVL 3

Accepted Solution

by:
vipelite earned 188 total points
ID: 40507614
1. Almost free - Hassle free you can't stop everyone but I bet you 90% of the downloads will stop - What do you use for DNS? on your DHCP server use OpenDNS. Sign up for a free account and test it out. It's great for filtering everything from porn to illegal websites.

2. Expensive route - Not so hassle free you can manage a web-proxy server that you can filter a lot of things like manually like Sean mentioned  above and some appliances offer you to download free definitions with support. Palo-Altos are great for this and you can do much more with bunch of clicks.
0
 
LVL 5

Assisted Solution

by:Sean Jackson
Sean Jackson earned 188 total points
ID: 40507632
Actually, managing a proxy doesn't need to be expensive. You could filter this activity easily with a PFSense box. That costs only the price of the machine running it.
0
 
LVL 3

Assisted Solution

by:vipelite
vipelite earned 188 total points
ID: 40507640
I never used pfSense how is that? And you're saying it's basically free?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 5

Assisted Solution

by:Sean Jackson
Sean Jackson earned 188 total points
ID: 40507684
Yes, PFSense is opensource. It's quite a robust little firewall project.  Augment it with Snort (and someone who knows how to use both of them), and you've not only secured your little public wifi AP, but you're also protecting yourself from bad users. And all on the cheap.

Of course, if you have the budget, go with the PaloAlto and Juniper devices. If I had it, I'd have a bank of them in my home.
0
 
LVL 3

Assisted Solution

by:vipelite
vipelite earned 188 total points
ID: 40507695
Yeah, Palo-alto/Juniper same engineer behind it and also uses snort but the appliances's usability is far superior for an average Joe.
0
 
LVL 11

Assisted Solution

by:remixedcat
remixedcat earned 62 total points
ID: 40539803
El-cheapo-el solution-o: PF sense and SQUID

Mid Tier: Cisco Meraki MX60W and squid

God tier: Commercial Firewalls from Cisco with custom ACLs
0
 
LVL 1

Assisted Solution

by:skipskip
skipskip earned 62 total points
ID: 40543832
Agree'd Cisco Meraki access points have a inbuilt firewall that will block traffic at the access point layer... very easy to use is well.

Or if you wanted to block/firewall the whole network I would recommend FortiGate products... model depends on how much throughput your talking about.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now