How do you do....it? Thread, Visitors using Wifi in Technical; I have had a request from a parent to be able to use our WIFI during the Christmas fair so ...
10th November 2010, 10:54 AM #1
Visitors using Wifi
I have had a request from a parent to be able to use our WIFI during the Christmas fair so she can use her Sagepay account.
We have a guest account (its not a seperate network) so i can just input the key and add the proxy to her LAN settings.
Now, she shouldn't be able to browse our network without some sort of account or password?
I was gonna get her to sign some sort of user agreement as well.
What should i do?
10th November 2010, 11:12 AM #2
Personally I would just say No and spout security, licensing and Virus reasons. You may beleive that this parent is trustworthy, but who knows what she could find with a few tools. My feeling will be that you could be starting a dangerous precedent, but thats just my opinion.
Thanks to Bezwick from:
Little-Miss (10th November 2010)
10th November 2010, 12:38 PM #3
Depends on the securty you have on stuff like server shares and if they are allowed for everyone or only domain users etc. It does put the device behind the firewall so if it has a verilant virus that could spread but from a casual level of inspection it would be secure looking and would require effort to exploit.
Depending on your setup there are all sorts of things that you could do to make it more secure but most are not simple. Depending on your internet provision one thing that you could do would be to reconfigure the key on the AP she would be using and put this on the other side of your firewall connected directly to the net. This would give them unrestricted access to the net and the school would still be secured behind the firewall but it all depends on your setup.
10th November 2010, 06:34 PM #4
I posted a question here a few days ago about a suitable AP to do something similar. I'd like to allow staff to connect wirelessly to the domain and have a second SSID to which visitors can connect but go straight out to the internet without access to domain resources. I haven't received any suggestions yet though about any suitable hardware.
10th November 2010, 07:16 PM #5
You could get a free turnkey router platform such as endian or smoothwall (or ipcop or m0n0wall or...) and vlan the AP to it. Set up your ACLs and away you go. We have an open access WIFI set up like this. The only ports which are open are dns and www, and even www is proxied with rules only allowing access to BBC, our VLE and samlearning iirc.
Assuming you have a virtual server ready to drop the router OS onto and you are comfortable with firewall ACLs and vLans, you should be able to get it all done in around an hour (assuming you dont have a million switches between the server cab and the AP). You should probably really have your WIFI set up in a similar fashion anyway so 2 birds with 1 stone as you are improving the security of your WIFI (obviously you'd allow smb, auth, etc to your servers for your wireless clients)
Last edited by j17sparky; 10th November 2010 at 07:23 PM.
11th November 2010, 03:06 PM #6
That's more useful information about attacking this question, in addition to the comments elsewhere.
11th November 2010, 07:48 PM #7
I'd keep them off it completely. As mentioned before, state that it's a case of protecting the data on the network. This includes sensitive data on the children. Something, being one of the parents, means they should respect it
By HodgeHi in forum Wireless Networks
Last Post: 15th June 2010, 04:39 PM
By Dos_Box in forum General Chat
Last Post: 17th July 2009, 07:13 PM
By ctaylor2 in forum Web Development
Last Post: 3rd March 2009, 08:22 AM
By elsiegee40 in forum General Chat
Last Post: 6th June 2007, 11:02 AM
By contink in forum Comments and Suggestions
Last Post: 6th July 2006, 02:07 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)