Unsecured wireless network at our business

[Renegade23216]

We have a restaurant, and like to offer free WI-FI access to our customers. We just use a standard Linksys router and leave it unsecured so people can connect and use the Internet. While this is great and convenient for our customers, I'm wondering if we're taking a risk by doing this.

The business is a restaurant. The main server which is connected to all the ordering point-of-sale machines is connected to the same router (first through a switch).

Can people easily hack into our server since they connected to our unsecured network? If so, how can we still broadcast a free internet signal, but secure our server so that it doesn't get hacked by people connecting to our network?

Thanks!

 

[her209]

Hugggeeee rissskkk!!!

 

[JackMDS]

Yes huge risk, howevevr ther is s imple solution for $30-$40.

Buy a second Router and create a segregated Network putting you Network behind the second Router.

Here how, http://www.ezlan.net/shield.html

 

[sonoma1993]

like everyone else said, huge risk. Buy a 2nd router.

 

[spidey07]

Huge risk.

You can buy routers purposefully built to provide guest access. It wouldn't be a bad idea to get a second internet connection specifically for this.

 

[sonoma1993]

Originally posted by: Azo313
We have a restaurant, and like to offer free WI-FI access to our customers. We just use a standard Linksys router and leave it unsecured so people can connect and use the Internet. While this is great and convenient for our customers, I'm wondering if we're taking a risk by doing this.

The business is a restaurant. The main server which is connected to all the ordering point-of-sale machines is connected to the same router (first through a switch).

Can people easily hack into our server since they connected to our unsecured network? If so, how can we still broadcast a free internet signal, but secure our server so that it doesn't get hacked by people connecting to our network?

Thanks!

another thing you can do, to improve security somewhat. Depending on the linksys router you are using. if you are using the wrt54g model, get the dd-wrt firmware.

it'll allow you to setup a hotspot portal,

quick descripition from the help menu of the dd-wrt firmware

You can use the router as an Hotspot gateway (Chillispot solution) with authentication, accounting (Radius). ChilliSpot is an open source captive portal or wireless LAN access point controller. It is used for authenticating users of a wireless LAN. It supports web based login which is today's standard for public HotSpots and it supports Wireless Protected Access (WPA) which is the standard of the future. Authentication, authorization and accounting (AAA) is handled by your favorite radius server.

so that way, you can just give out somekind of username and passwords to your customers.

 

[Wik]

Build a smoothwall linux router and set the wireless up on the orange side. Seperate subnet that can not get into the green side.

 

[amdskip]

Originally posted by: Wik
Build a smoothwall linux router and set the wireless up on the orange side. Seperate subnet that can not get into the green side.

This too would work great. You can also setup anti virus filtering and content filtering with this. PM me if you have any questions about my smoothwall box.

 

[Renegade23216]

Ok, it seems like two routers is the easiest way. Lets suppose I do it. Is this how I would set it up?

- My server going into router 1. Which has wireless turned off.
- Router 2 plugged into router 1. Which has wireless turned on.

Based on the above, the people connecting to router 2 via wireless could not access my server which is behind router 1 (wireless off), is this correct? Please confirm.

 

[bsobel]

Originally posted by: Azo313
Ok, it seems like two routers is the easiest way. Lets suppose I do it. Is this how I would set it up?

- My server going into router 1. Which has wireless turned off.
- Router 2 plugged into router 1. Which has wireless turned on.

Based on the above, the people connecting to router 2 via wireless could not access my server which is behind router 1 (wireless off), is this correct? Please confirm.

I think you have it backwards

You want:

ISP->Public Router/Access Point-->Private Router/servers Remember your going from most privledges to least. So, most privledged is your isp, next is your open access point, next is your private network. You don't want to go from ISP to private back to public.

Bill

 

[cmetz]

Azo313, always keep guest and internal networks as separate as possible.

For guests, I would go so far as to post some whiteboard signs inside the restaurant that say "The wireless password for today is:" and fill in a different word or something each day (and obviously change the guest AP). Maybe also include some photocopy flyers that walk people through how to configure their computers to use your network with WPA-PSK. At least this would be a cheap way to help make sure that people using your AP actually set foot in your restaurant, instead of being total freeloaders.

If you have Windows users and they aren't capable of supporting WPA-PSK, then they are a clear and present danger to your network because they almost certainly aren't patched up to date and using up to date wireless device drivers. Rather than taking expensive, annoying, and circumventable access control steps like Cisco's "Network Access Control" thingy, WPA-PSK simply requires that Windows users have their software up to date as of a certain point. Folks who don't meet that criteria are the same folks likely to get viruses that blast garbage out your network and tie up all the resources. This way you can keep those people off your network and not look like you're being difficult.

 

[Renegade23216]

Thanks for the info.