firewall the internal systems from the DSL line. Feed the WAP traffic direct to DSL line.
Hey internet gurus, I am thinking about making my parents restaurant into a wifi hotspot. I already have the router at home that can be flashed with tomato firmware. My main concern is the security of the computer system that the restaurant uses. All of the computers on the system share the same network that the DSL uses. What steps should I take to insure the security of the internal network while allowing my customers to use the internet.
firewall the internal systems from the DSL line. Feed the WAP traffic direct to DSL line.
Subnet it with firewall rules. PITA mostly :-/
Grab a firewall with VLAN capabilities and put the internal systems on a network that is separate from the freebie stuff.
If you pick up an unlimited user plus license version of the ASA-5505 I can help you with the setup.
RJ
Daily Driver: 2013 Club edition in Pearl White Mica
Lightness? What's that? I drive a PRHT!
I read something about an Apple Airport device that had a separate "guest" access for the wifi. I think it was about $179, and would probably do what you want out of the box. I was pretty curious about how that works. I also saw Linksys refurbed wireless routers at CompUSA in Richardson for $29.
Update: I found this on Apple's site, describing their Airport Extreme ($179 retail): "Now you can set up a separate Wi-Fi network with a separate password for your visitors. Simply enable the new guest networking feature, and your guests can use the Internet but can't access other parts of your private network, such as your computers, printers, and attached hard drives."
Last edited by bigDstars; 04-24-2009 at 03:14 PM.
SOLD: 92 silver w/hardtop, voodoo, Kosei wheels, pine tree air freshener, and some JR stuff.
SOLD: 99 silver; the old Goodwin supercharged car with gobs of power and everything else on it.
SOLD: 95 triple black; stock
SOLD: 99 black and tan; loaded and clean; just hit 50k miles.
SOLD: 2006 Copper Mica Red; stock.
FOR SALE: 2007 Galaxy Grey Grand Touring; stock; 38k miles.
If they take Credit Cards on their networked terminals they need to worry about PCI compliance. I seriously doubt the Apple device is PCI compliant. The tomato firmware may not be either.
HH and CM both have good ideas, so I say combine them. Internal stuff behind a firewall and WAP traffic dumped over to the DMZ. Personally I would also limit the amount of bandwidth availible to the WAP to ensure your internal PC's still have the availability they need.
'06 RSX Type-S NBP
Uhhhh....
2005 Lava Orange MSM #601/1428
211 rwhp, 195 ft. lbs on 1/6/07
why not just hook up a second wireless router for customers? Even if you have to have a dedicated phone line, that's like, what, $20 a month?