Network security in a hotdesk office

Someone has asked me to get involved in the setting up of a small office in which desks will be rented by individuals or groups on a short or long term basis. There will be around 25 desks situated in different offices, each one with a network data port. There will be a wireless lan also. I'm also told there will be a communal printer station.
Obviously this is going to be a hostile network with lots of strangers working individually or in groups and they will be coming and going at random. Although previously I have handled small office networks for static businesses, I'll have to consider the dynamics of this new proposal and plan the security carefully.
I'm asking for help in creating a fundamental hardware/software plan for a network such as the one described above. Much appreciated!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NetExpert Network Solutions Pte LtdTechnical SpecialistCommented:
whats the main requirement with respect to networking?

do they need internet while they are in desk?
do they need to access special company websites thru internet?
who will be providing workstation ( computers)? is these workstations will be static ?
paulmac110Author Commented:
Thanks for the prompt reply.
There will be no workstations at the desks, the clients will bring their own laptops /devices. Each desk will  have a 2 data ports though as a separate telecoms company will be installing telephones which I guess will be IP phones.
Just got to make sure that the security is tight and that stations are separated where required although if a group of people rent an office then they will probably want to share files. The that group of people may move out and that particular office may then be rented by individuals on random desks.
My suggestion would be to put the data ports in a private VLAN so that they can only access the default gateway, and not other machines on the VLAN.  Set up an access list on the router's VLAN interface to restrict what people can access.  (Internet, printers, etc.)

Then set up the printer(s) on a separate subnet.  Limit access so that they can only access the print queue (TCP/9100), only specific services allowed out from the printers, such as SMTP.

For file sharing, they will need to use some external service.  (Box, Google Drive, etc.)  You can probably compile a list of useful commercial services and provide folks a list.  Possibly even set up an OwnCloud instance or something for people to use.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.