Solved

Free-Wifi - Preventing Illegal Downloads

Posted on 2014-12-18
8
331 Views
1 Endorsement
Last Modified: 2015-04-27
We are required for most of our customers to provide a free-wifi to their customers.  We have Free-Wifi deployed everywhere for some time now.  Every so often we get a notification from the ISP of an illegal movie download.

What does everyone use to secure these Free-Wifi's from the illegal downloading.

Most of the equipment used is Cisco router (1811) and the open-mesh AP.

Anyone that is willing to give some of their products used would be great.  We are looking to implement something to lock this down to just basic web surfing even if it blocks downloading legitimate material.

Sonicwall is a possibility for us to put in as a router.  Any suggestions on that?
1
Comment
Question by:considerscs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 5

Assisted Solution

by:Sean Jackson
Sean Jackson earned 188 total points
ID: 40507330
The best you can do is block access to the sites the downloads are coming from. If you say in your TOS that users of your wi-fi agree to such filtering, you should be ok legally.

Neither you or the ISP want this to happen, so work with them to find what addresses are being used to download them, and add them to your firewall or proxy to block traffic to those addresses.

And if you need help setting up (or administering) a firewall or proxy, let me know.
0
 
LVL 3

Accepted Solution

by:
vipelite earned 188 total points
ID: 40507614
1. Almost free - Hassle free you can't stop everyone but I bet you 90% of the downloads will stop - What do you use for DNS? on your DHCP server use OpenDNS. Sign up for a free account and test it out. It's great for filtering everything from porn to illegal websites.

2. Expensive route - Not so hassle free you can manage a web-proxy server that you can filter a lot of things like manually like Sean mentioned  above and some appliances offer you to download free definitions with support. Palo-Altos are great for this and you can do much more with bunch of clicks.
0
 
LVL 5

Assisted Solution

by:Sean Jackson
Sean Jackson earned 188 total points
ID: 40507632
Actually, managing a proxy doesn't need to be expensive. You could filter this activity easily with a PFSense box. That costs only the price of the machine running it.
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 
LVL 3

Assisted Solution

by:vipelite
vipelite earned 188 total points
ID: 40507640
I never used pfSense how is that? And you're saying it's basically free?
0
 
LVL 5

Assisted Solution

by:Sean Jackson
Sean Jackson earned 188 total points
ID: 40507684
Yes, PFSense is opensource. It's quite a robust little firewall project.  Augment it with Snort (and someone who knows how to use both of them), and you've not only secured your little public wifi AP, but you're also protecting yourself from bad users. And all on the cheap.

Of course, if you have the budget, go with the PaloAlto and Juniper devices. If I had it, I'd have a bank of them in my home.
0
 
LVL 3

Assisted Solution

by:vipelite
vipelite earned 188 total points
ID: 40507695
Yeah, Palo-alto/Juniper same engineer behind it and also uses snort but the appliances's usability is far superior for an average Joe.
0
 
LVL 11

Assisted Solution

by:remixedcat
remixedcat earned 62 total points
ID: 40539803
El-cheapo-el solution-o: PF sense and SQUID

Mid Tier: Cisco Meraki MX60W and squid

God tier: Commercial Firewalls from Cisco with custom ACLs
0
 
LVL 1

Assisted Solution

by:skipskip
skipskip earned 62 total points
ID: 40543832
Agree'd Cisco Meraki access points have a inbuilt firewall that will block traffic at the access point layer... very easy to use is well.

Or if you wanted to block/firewall the whole network I would recommend FortiGate products... model depends on how much throughput your talking about.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Today sees the launch of a new case study, focusing on BYOD technologies we have been working with for some time now.  But with the advent of 802.11ac wireless technologies and the story behind our landmark developments, we would like to share this …
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question