+ Post New Thread
Results 1 to 7 of 7
How do you do....it? Thread, Visitors using Wifi in Technical; I have had a request from a parent to be able to use our WIFI during the Christmas fair so ...
  1. #1

    Little-Miss's Avatar
    Join Date
    Oct 2007
    Location
    London
    Posts
    5,547
    Thank Post
    2,377
    Thanked 750 Times in 459 Posts
    Blog Entries
    2
    Rep Power
    543

    Visitors using Wifi

    I have had a request from a parent to be able to use our WIFI during the Christmas fair so she can use her Sagepay account.

    We have a guest account (its not a seperate network) so i can just input the key and add the proxy to her LAN settings.

    Now, she shouldn't be able to browse our network without some sort of account or password?

    I was gonna get her to sign some sort of user agreement as well.

    What should i do?

  2. #2
    Bezwick's Avatar
    Join Date
    Feb 2008
    Location
    Nottinghamshire
    Posts
    355
    Thank Post
    92
    Thanked 56 Times in 42 Posts
    Rep Power
    25
    Personally I would just say No and spout security, licensing and Virus reasons. You may beleive that this parent is trustworthy, but who knows what she could find with a few tools. My feeling will be that you could be starting a dangerous precedent, but thats just my opinion.

  3. Thanks to Bezwick from:

    Little-Miss (10th November 2010)

  4. #3

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,168
    Thank Post
    868
    Thanked 2,696 Times in 2,286 Posts
    Blog Entries
    11
    Rep Power
    772
    Depends on the securty you have on stuff like server shares and if they are allowed for everyone or only domain users etc. It does put the device behind the firewall so if it has a verilant virus that could spread but from a casual level of inspection it would be secure looking and would require effort to exploit.

    Depending on your setup there are all sorts of things that you could do to make it more secure but most are not simple. Depending on your internet provision one thing that you could do would be to reconfigure the key on the AP she would be using and put this on the other side of your firewall connected directly to the net. This would give them unrestricted access to the net and the school would still be secured behind the firewall but it all depends on your setup.

  5. #4

    Join Date
    May 2009
    Location
    UK
    Posts
    294
    Thank Post
    64
    Thanked 21 Times in 20 Posts
    Rep Power
    15
    I posted a question here a few days ago about a suitable AP to do something similar. I'd like to allow staff to connect wirelessly to the domain and have a second SSID to which visitors can connect but go straight out to the internet without access to domain resources. I haven't received any suggestions yet though about any suitable hardware.

  6. #5


    Join Date
    Oct 2006
    Posts
    3,411
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    148
    You could get a free turnkey router platform such as endian or smoothwall (or ipcop or m0n0wall or...) and vlan the AP to it. Set up your ACLs and away you go. We have an open access WIFI set up like this. The only ports which are open are dns and www, and even www is proxied with rules only allowing access to BBC, our VLE and samlearning iirc.

    Assuming you have a virtual server ready to drop the router OS onto and you are comfortable with firewall ACLs and vLans, you should be able to get it all done in around an hour (assuming you dont have a million switches between the server cab and the AP). You should probably really have your WIFI set up in a similar fashion anyway so 2 birds with 1 stone as you are improving the security of your WIFI (obviously you'd allow smb, auth, etc to your servers for your wireless clients)
    Last edited by j17sparky; 10th November 2010 at 07:23 PM.

  7. #6

    Join Date
    May 2009
    Location
    UK
    Posts
    294
    Thank Post
    64
    Thanked 21 Times in 20 Posts
    Rep Power
    15
    That's more useful information about attacking this question, in addition to the comments elsewhere.

  8. #7
    fedora_explorer's Avatar
    Join Date
    Nov 2010
    Location
    South Yorkshire
    Posts
    31
    Thank Post
    4
    Thanked 3 Times in 3 Posts
    Rep Power
    8
    I'd keep them off it completely. As mentioned before, state that it's a case of protecting the data on the network. This includes sensitive data on the children. Something, being one of the parents, means they should respect it

SHARE:
+ Post New Thread

Similar Threads

  1. OpenRadius, XP and Self-signed certs for visitors
    By HodgeHi in forum Wireless Networks
    Replies: 0
    Last Post: 15th June 2010, 04:39 PM
  2. New Govt Vetting for School Visitors
    By Dos_Box in forum General Chat
    Replies: 8
    Last Post: 17th July 2009, 07:13 PM
  3. Showing Content to Non-EMBC Visitors
    By ctaylor2 in forum Web Development
    Replies: 2
    Last Post: 3rd March 2009, 08:22 AM
  4. If all 207 Visitors joined us... Yes, I mean you!
    By elsiegee40 in forum General Chat
    Replies: 11
    Last Post: 6th June 2007, 11:02 AM
  5. Visitors list and search engine bots
    By contink in forum Comments and Suggestions
    Replies: 5
    Last Post: 6th July 2006, 02:07 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •