Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Free-Wifi - Preventing Illegal Downloads

Posted on 2014-12-18
8
Medium Priority
?
396 Views
1 Endorsement
Last Modified: 2015-04-27
We are required for most of our customers to provide a free-wifi to their customers.  We have Free-Wifi deployed everywhere for some time now.  Every so often we get a notification from the ISP of an illegal movie download.

What does everyone use to secure these Free-Wifi's from the illegal downloading.

Most of the equipment used is Cisco router (1811) and the open-mesh AP.

Anyone that is willing to give some of their products used would be great.  We are looking to implement something to lock this down to just basic web surfing even if it blocks downloading legitimate material.

Sonicwall is a possibility for us to put in as a router.  Any suggestions on that?
1
Comment
Question by:considerscs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 5

Assisted Solution

by:Sean Jackson
Sean Jackson earned 752 total points
ID: 40507330
The best you can do is block access to the sites the downloads are coming from. If you say in your TOS that users of your wi-fi agree to such filtering, you should be ok legally.

Neither you or the ISP want this to happen, so work with them to find what addresses are being used to download them, and add them to your firewall or proxy to block traffic to those addresses.

And if you need help setting up (or administering) a firewall or proxy, let me know.
0
 
LVL 3

Accepted Solution

by:
vipelite earned 752 total points
ID: 40507614
1. Almost free - Hassle free you can't stop everyone but I bet you 90% of the downloads will stop - What do you use for DNS? on your DHCP server use OpenDNS. Sign up for a free account and test it out. It's great for filtering everything from porn to illegal websites.

2. Expensive route - Not so hassle free you can manage a web-proxy server that you can filter a lot of things like manually like Sean mentioned  above and some appliances offer you to download free definitions with support. Palo-Altos are great for this and you can do much more with bunch of clicks.
0
 
LVL 5

Assisted Solution

by:Sean Jackson
Sean Jackson earned 752 total points
ID: 40507632
Actually, managing a proxy doesn't need to be expensive. You could filter this activity easily with a PFSense box. That costs only the price of the machine running it.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 3

Assisted Solution

by:vipelite
vipelite earned 752 total points
ID: 40507640
I never used pfSense how is that? And you're saying it's basically free?
0
 
LVL 5

Assisted Solution

by:Sean Jackson
Sean Jackson earned 752 total points
ID: 40507684
Yes, PFSense is opensource. It's quite a robust little firewall project.  Augment it with Snort (and someone who knows how to use both of them), and you've not only secured your little public wifi AP, but you're also protecting yourself from bad users. And all on the cheap.

Of course, if you have the budget, go with the PaloAlto and Juniper devices. If I had it, I'd have a bank of them in my home.
0
 
LVL 3

Assisted Solution

by:vipelite
vipelite earned 752 total points
ID: 40507695
Yeah, Palo-alto/Juniper same engineer behind it and also uses snort but the appliances's usability is far superior for an average Joe.
0
 
LVL 11

Assisted Solution

by:remixedcat
remixedcat earned 248 total points
ID: 40539803
El-cheapo-el solution-o: PF sense and SQUID

Mid Tier: Cisco Meraki MX60W and squid

God tier: Commercial Firewalls from Cisco with custom ACLs
0
 
LVL 1

Assisted Solution

by:skipskip
skipskip earned 248 total points
ID: 40543832
Agree'd Cisco Meraki access points have a inbuilt firewall that will block traffic at the access point layer... very easy to use is well.

Or if you wanted to block/firewall the whole network I would recommend FortiGate products... model depends on how much throughput your talking about.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Need WiFi? Often, there are perfectly good networks that don't have WiFi capability - and there's a need to add it.  - Perhaps you have an Ethernet port into a network but no WiFi nearby. - Perhaps you have a powerline extender and no WiFi at the…
Working settings for French ISP Orange "Prêt à Surfer" SIM cards for data connections only. Can't be found anywhere else !
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question