+ Post New Thread
Results 1 to 6 of 6
Windows Thread, Wireless Network Security in Technical; Hello I wonder if folk can help. I work in a small special school, we have a managed wireless network, ...
  1. #1

    Join Date
    Oct 2010
    Posts
    51
    Thank Post
    27
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Wireless Network Security

    Hello

    I wonder if folk can help. I work in a small special school, we have a managed wireless network, but no seperate BYOD network. I have suggested to the powers that be we have a transparent proxy set up so we could do summer lettings etc and for staff phones, guests etc , this would mean getting an extra router from our county provider, I would then set up a Ubuntu DHCP server all would be fine, minimal cost approx 450 for router to be installed. However this was turned down, then within a week I am asked "how much of the school is wireless",
    "why's that ?" I ask, ...
    "because we are having a summer school and they will need the wireless "
    "but we have no BYOD" set up.
    "Can't we give out the wireless key "
    "Not really...no!"

    It was an embarrasing moment as the potential client was present.

    In order I can stress to the powers that be, without wanting to appear stupid what are the risks exactly of giving out the wireless key? Just so I can be quite clear, explicit and specific.
    Any advice and help will be gratefully received.

  2. #2
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,541
    Thank Post
    818
    Thanked 383 Times in 319 Posts
    Blog Entries
    12
    Rep Power
    80
    Just setup a 2nd SSID on your managed wireless with a new key?

    Turn it on for the summer?

  3. #3

    Join Date
    Oct 2010
    Posts
    51
    Thank Post
    27
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Is it simple as that ? Would that make the network secure even tho different SSID, bit not different VLAN ?

  4. #4

    Join Date
    Oct 2012
    Posts
    82
    Thank Post
    0
    Thanked 11 Times in 10 Posts
    Rep Power
    5
    [Insert usual preface about not being an expert on much of anything]

    Changing the SSID doesn't really solve the problem here - you may as well use the same SSID and change the key for the summer if that's the only worry. However, the real problem is opening up your network to so many untrusted devices. If your network isn't segregated, you're just opening yourself up for trouble. If the wireless devices only need access to the internet, there's no reason that they should see your entire network. If a student brings their virus ridden laptop to school, I'd rather not have them connected wirelessly to the curriculum / admin network. Or perhaps someone will start poking around - port scanning etc.. and if the key is known, they only have to be as close as the car park to gain network access.

    It's just a bad idea if it can be avoided.

  5. #5

    Join Date
    Oct 2010
    Posts
    51
    Thank Post
    27
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi Thanks for reply.

    Yes I thought as much myself about the SSID.

    What I really want to be able to say to SLT that it really isn't a good idea and these are the risks 1,2,3 etc with unknown laptops/devices. The users will only need internet access, but they'd have to put proxy details in etc as well hence my idea for transparent proxy on totally different subnet using ubuntu (ie no cost !) as dhcp, but as we do not have layer 3 router we would have to have another router added hence the cost. I am clearly no network security expert, how many of us could really claim we are ?. But I want a strong argument, if indeed the risks are there and what are they , as to why I should go the seperate vlan subnet route.

  6. #6
    detjo's Avatar
    Join Date
    Feb 2008
    Posts
    337
    Thank Post
    12
    Thanked 45 Times in 37 Posts
    Rep Power
    29
    The first suggestion wasn't to change the SSID, it was to add another one .. which could work, depends how your router handles them. A second SSID should be assigned a different IP to the Primary SSID.
    ie: #1 = 192.168.1.2
    and #2 = 192.168.2.2 etc

    Could you not set up a wireless router between the WAN port on you internal firewall and your internet connection? That would allow them internet access without access to your network. The router could also handle all DHCP requests too.
    Last edited by detjo; 14th February 2014 at 06:13 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. How to secure a wireless network against hacking attempts?
    By Thelps in forum Wireless Networks
    Replies: 7
    Last Post: 22nd January 2013, 01:29 PM
  2. Setting up home wireless network with MAC and PC..?
    By tosca925 in forum General Chat
    Replies: 6
    Last Post: 21st November 2011, 04:39 PM
  3. Wireless network - Secure/Unsecure
    By Edu-IT in forum Windows
    Replies: 6
    Last Post: 7th November 2009, 09:36 PM
  4. Map network drives on wireless network
    By woody in forum Windows
    Replies: 24
    Last Post: 1st December 2007, 06:27 PM
  5. securing wireless network
    By adamyoung in forum Wireless Networks
    Replies: 22
    Last Post: 1st February 2006, 09:26 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •