Re: Semi-Public Wireless Access Setu....

From: GuidoZ (uberguidoz_at_gmail.com)
Date: 11/02/04

  • Next message: Ghaith Nasrawi: "Re: Information on Bandwidth Issues" 
    Date: Mon, 1 Nov 2004 21:43:15 -0500
To: Paul Kurczaba <paul@myipis.com>

    Awesome write-up Paul. Very complete with excellent ideas. =)

    Chad, I had just a few things to add... clarification more then
    anything else. You asked about how do coffee houses and airports do
    it... they use what's called a "Captive Portal". There are a bunch of
    options out there (both free/open source and commercial). You can see
    a listing of many of them here:
     - http://wiki.personaltelco.net/index.cgi/PortalSoftware

    Basically, a portal (as you likely know) is a website/service that
    offers access to a collection of resources and other services. (Like
    Yahoo is a web portal.) A captive portal is the same thing, but it's a
    portal in which users are first "caught" and restricted in what they
    can do. The restriction can be anything capable from the software
    (from a login screen to a unrestricted portal).

    I won't go into immense details on list, as you may decide not to even
    go with any specific software package. The most popular of the
    freebies is called "NoCatAuth". It's a Linux based solution. There are
    many others to choose from, though NoCatAuth is certainly the most
    popular and most widely used captive portal for amatuer "HotSpots" and
    such. Check out the link above (and Google) for additional
    information.

    Feel free to email me directly if you have other specific questions
    and I'll do my best to help. =) Of course you can feel free to email
    to the list instead and hopefully get different perspectives and ideas
    too. 

    --
Peace. ~G
On Mon, 1 Nov 2004 19:06:48 -0500, Paul Kurczaba <paul@myipis.com> wrote:
> Although it is not a bed and breakfast, while staying at Mandalay Bay in Las
> Vegas, I tried connecting to their wireless network.
> 
> I quickly found out that they don't use WEP, probably because it would be a
> pain in the *** for guests to set up. Instead, they have a proxy server set
> up. Here is how it works: You connect your computer to either their wireless
> or wired network. If you try to browse a page on the internet, say
> google.com, their proxy will intercept it and redirect your browser to their
> "login" page. Trying to check emails, or connect to the office via VPN would
> not work (at this time).
> 
> You would then request a four digit password from the TV. Your password
> would be active for 24 hours. You then go back to the computer and type in
> the password in the browser, and click "ok". Their system would then map
> your MAC address to the 4 digit password; and allow you to use the internet.
> At this point, they also unblock all ports. This now allows you to check
> emails, and use VPN(s).
> 
> For your bed and breakfast, I would do the following:
> 
> Set up a gateway running Linux/FreeBSD, which is free :). Install IPTables
> and Apache. When your guests want to use your WiFi, they can request a
> password from the front desk or office. Once they have the password, the
> guest can browse to any page they wish. The first time their MAC address is
> recognized, they will be re-directed to your proxy; which has the login
> screen. They type in their password and are set.
> 
> Some security concerns:
> 
> It *is* easily possible to sniff wireless packets. Therefore an "attacker"
> could sniff your wireless waiting until one of your guests types in the
> password they received. Then, the attacker could use the password they
> sniffed.
> 
> To secure the bed and breakfast owned boxes, you can set IPTables to drop
> packets from Wireless to the bed and breakfast owned boxes.
> 
> Just my 2 cents,
> Paul Kurczaba
> 
> 
> 
> -----Original Message-----
> From: Chad Thomsen [mailto:chad.thomsen@bramespecialty.com]
> Sent: Monday, November 01, 2004 4:50 PM
> To: security-basics@securityfocus.com
> Subject: Semi-Public Wireless Access Setu....
> 
> Hello all.  Our CEO owns a small Bed and Breakfast and wants me to setup
> wireless for him in that facility.  The question is how would you recommend
> setting it up so that anybody that comes in can use in a secure fashion?
> How do airport and coffee houses and the like set theirs up?  I am pretty
> sure the only thing on his little network will be a few home PCs of his own
> which I will make sure run a personal firewall on them to keep those guests
> who may become a bit "curious" out of his equipment.  Other then that I am
> not really sure what to do.  Also since this is a very small business, cost
> is crucial.  Any suggestions would be appreciated.
> 
> Thanks,
> Chad Thomsen, MCSE, CCNA
> Network Administrator
> Brame Specialty
> 
>
  • Next message: Ghaith Nasrawi: "Re: Information on Bandwidth Issues"