General discussion

Locked

Hardware suggestion for wireless access point

By dmelb ·
I am looking for a way to set up a secure wireless access point that would be used by visitors to our office to check their email, get internet access, etc. I have some security concerns about implementing this and would like to know what kind of hardware I should be considering that could allow internet access for visitors through our T1 line but would restrict any access to the internal LAN. It seems that the less expensive routers such as Netgear and Belkin would not provide the necessary security features to properly protect the network. Do I need to consider something like Cisco? Any help would be appreciated. I am fairly new to wireless networking.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by HAL 9000 Moderator In reply to Hardware suggestion for w ...

Well most routers on a Sub Net will prevent browsing the the Internal LAN but there are other problems that you need to consider first.

WiFi connections have a fairly decent range somewhere around 500 yards so anything within that range is able to log onto the system and download data. If this is Kiddy Porn or Terrorist Material you or your company will be responsible for that Download and when the Feds come Knocking on your door it's your responsibility that you or none of your people or anyone associated with the company was involved in the download and you have to tell them who was responsible for making the download. Even then depending on what it was that was downloaded you can be considered as an Accessory to the crime so the best thing to do is have a hardwired access point available for visitors to log in through.

That way you have records of who was using what when and have some legal protections in place but if you go WiFi there is nothing to prevent someone parking outside with a NB and charger and spending all night downloading Illegal Material which you can not prevent. Of course if this Wasn't gong to be a Public Access Point you could lock it down somewhat but there is no 100% intrusion proof method currently available.

Col

Collapse -

by dmelb In reply to

Poster rated this answer.

Collapse -

by robo_dev In reply to Hardware suggestion for w ...

The cheapest and most simple way to do this is to provision a seperate DSL line for the lobby access and do not go near your company network. Then you just buy a simple DSL router/AP, configure the security appropriately, and you are done.

To do it through the company lan would involve buying an 'enterprise class' AP such as a Cisco, designing and provisioning a VLAN and special firewall and proxy rules, deploying a IDS/IPS (Intruder detection/prevention) system while, at the same time, risking the legal issues if your lobby visitor or his friend in the parking lot downloads 4gig of MP3 files...leading to a love-note from the RIAA about illegal content downloaded from your IP address.

Collapse -

by dmelb In reply to

Poster rated this answer.

Collapse -

by dmelb In reply to Hardware suggestion for w ...

This question was closed by the author

Back to Networks Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums