Windows Thread, Wireless Network Security in Technical; Hello
I wonder if folk can help. I work in a small special school, we have a managed wireless network, ...
14th February 2014, 04:50 PM #1
- Rep Power
Wireless Network Security
I wonder if folk can help. I work in a small special school, we have a managed wireless network, but no seperate BYOD network. I have suggested to the powers that be we have a transparent proxy set up so we could do summer lettings etc and for staff phones, guests etc , this would mean getting an extra router from our county provider, I would then set up a Ubuntu DHCP server all would be fine, minimal cost approx £450 for router to be installed. However this was turned down, then within a week I am asked "how much of the school is wireless",
"why's that ?" I ask, ...
"because we are having a summer school and they will need the wireless "
"but we have no BYOD" set up.
"Can't we give out the wireless key "
It was an embarrasing moment as the potential client was present.
In order I can stress to the powers that be, without wanting to appear stupid what are the risks exactly of giving out the wireless key? Just so I can be quite clear, explicit and specific.
Any advice and help will be gratefully received.
14th February 2014, 04:56 PM #2
Just setup a 2nd SSID on your managed wireless with a new key?
Turn it on for the summer?
14th February 2014, 05:02 PM #3
- Rep Power
Is it simple as that ? Would that make the network secure even tho different SSID, bit not different VLAN ?
14th February 2014, 06:29 PM #4
- Rep Power
[Insert usual preface about not being an expert on much of anything]
Changing the SSID doesn't really solve the problem here - you may as well use the same SSID and change the key for the summer if that's the only worry. However, the real problem is opening up your network to so many untrusted devices. If your network isn't segregated, you're just opening yourself up for trouble. If the wireless devices only need access to the internet, there's no reason that they should see your entire network. If a student brings their virus ridden laptop to school, I'd rather not have them connected wirelessly to the curriculum / admin network. Or perhaps someone will start poking around - port scanning etc.. and if the key is known, they only have to be as close as the car park to gain network access.
It's just a bad idea if it can be avoided.
14th February 2014, 06:47 PM #5
- Rep Power
Hi Thanks for reply.
Yes I thought as much myself about the SSID.
What I really want to be able to say to SLT that it really isn't a good idea and these are the risks 1,2,3 etc with unknown laptops/devices. The users will only need internet access, but they'd have to put proxy details in etc as well hence my idea for transparent proxy on totally different subnet using ubuntu (ie no cost !) as dhcp, but as we do not have layer 3 router we would have to have another router added hence the cost. I am clearly no network security expert, how many of us could really claim we are ?. But I want a strong argument, if indeed the risks are there and what are they , as to why I should go the seperate vlan subnet route.
14th February 2014, 07:11 PM #6
The first suggestion wasn't to change the SSID, it was to add another one .. which could work, depends how your router handles them. A second SSID should be assigned a different IP to the Primary SSID.
ie: #1 = 192.168.1.2
and #2 = 192.168.2.2 etc
Could you not set up a wireless router between the WAN port on you internal firewall and your internet connection? That would allow them internet access without access to your network. The router could also handle all DHCP requests too.
Last edited by detjo; 14th February 2014 at 07:13 PM.
By Thelps in forum Wireless Networks
Last Post: 22nd January 2013, 02:29 PM
By tosca925 in forum General Chat
Last Post: 21st November 2011, 05:39 PM
By Edu-IT in forum Windows
Last Post: 7th November 2009, 10:36 PM
By woody in forum Windows
Last Post: 1st December 2007, 07:27 PM
By adamyoung in forum Wireless Networks
Last Post: 1st February 2006, 10:26 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)