RE: Semi-Public Wireless Access Setu....

From: xyberpix (xyberpix_at_xyberpix.com)
Date: 11/03/04

  • Next message: xyberpix: "Win2k Audit+AD settings" 
    To: Paul Kurczaba <paul@myipis.com>
Date: Wed, 03 Nov 2004 21:15:39 +0000

    Just read this post now, this is perfect for what you're after in my
    opinion.
    Great suggestion Paul

    xyberpix

    On Tue, 2004-11-02 at 00:06, Paul Kurczaba wrote:
    > Although it is not a bed and breakfast, while staying at Mandalay Bay in Las
    > Vegas, I tried connecting to their wireless network.
    >
    > I quickly found out that they don't use WEP, probably because it would be a
    > pain in the *** for guests to set up. Instead, they have a proxy server set
    > up. Here is how it works: You connect your computer to either their wireless
    > or wired network. If you try to browse a page on the internet, say
    > google.com, their proxy will intercept it and redirect your browser to their
    > "login" page. Trying to check emails, or connect to the office via VPN would
    > not work (at this time).
    >
    > You would then request a four digit password from the TV. Your password
    > would be active for 24 hours. You then go back to the computer and type in
    > the password in the browser, and click "ok". Their system would then map
    > your MAC address to the 4 digit password; and allow you to use the internet.
    > At this point, they also unblock all ports. This now allows you to check
    > emails, and use VPN(s).
    >
    > For your bed and breakfast, I would do the following:
    >
    > Set up a gateway running Linux/FreeBSD, which is free :). Install IPTables
    > and Apache. When your guests want to use your WiFi, they can request a
    > password from the front desk or office. Once they have the password, the
    > guest can browse to any page they wish. The first time their MAC address is
    > recognized, they will be re-directed to your proxy; which has the login
    > screen. They type in their password and are set.
    >
    > Some security concerns:
    >
    > It *is* easily possible to sniff wireless packets. Therefore an "attacker"
    > could sniff your wireless waiting until one of your guests types in the
    > password they received. Then, the attacker could use the password they
    > sniffed.
    >
    > To secure the bed and breakfast owned boxes, you can set IPTables to drop
    > packets from Wireless to the bed and breakfast owned boxes.
    >
    > Just my 2 cents,
    > Paul Kurczaba
    >
    > -----Original Message-----
    > From: Chad Thomsen [mailto:chad.thomsen@bramespecialty.com]
    > Sent: Monday, November 01, 2004 4:50 PM
    > To: security-basics@securityfocus.com
    > Subject: Semi-Public Wireless Access Setu....
    >
    > Hello all. Our CEO owns a small Bed and Breakfast and wants me to setup
    > wireless for him in that facility. The question is how would you recommend
    > setting it up so that anybody that comes in can use in a secure fashion?
    > How do airport and coffee houses and the like set theirs up? I am pretty
    > sure the only thing on his little network will be a few home PCs of his own
    > which I will make sure run a personal firewall on them to keep those guests
    > who may become a bit "curious" out of his equipment. Other then that I am
    > not really sure what to do. Also since this is a very small business, cost
    > is crucial. Any suggestions would be appreciated.
    >
    > Thanks,
    > Chad Thomsen, MCSE, CCNA
    > Network Administrator
    > Brame Specialty
    > 

    -- 
For Security and Open Source news:
http://xyberpix.demon.co.uk

  • Next message: xyberpix: "Win2k Audit+AD settings"