|
Joined: Jun 2005
Posts: 261
Member
|
Member
Joined: Jun 2005
Posts: 261 |
You could try this: treat the wireless as insecure, and put it outside the firewall, on the insecure portion of the network, and then use a VPN between the laptop(s) and the server. They could even offer wireless access to their patients, without compromising security.
at a local non-profit that I work with, our network looks something like this:
(DSL from ISP) / / / (Router/WAP) -- (wireless guest users) / / / (server/firewall) / / / (user PC's)
|
|
|
Visit Atcom to get started with your new business VoIP phone system ASAP
Turn up is quick, painless, and can often be done same day.
Let us show you how to do VoIP right, resulting in crystal clear call quality and easy-to-use features that make everyone happy!
Proudly serving Canada from coast to coast.
|
|
|
Joined: May 2007
Posts: 1,218
Member
|
Member
Joined: May 2007
Posts: 1,218 |
Actually the best way is to use a Cisco ASA for the router and use a cheap wireless AP. What I did with my Cisco ASA was to create a VLAN for the wireless. Vlan1 is the inside interface, Vlan2 is outside and Vlan3 is the wireless. Vlan 3 cannot see Vlan1, so I don't need to worry about someone getting on the wireless network and getting to my servers. I still use WEP keys and MAC filtering for security.
Now how do I get my laptops on the wireless to see the network? Simple... I use the Cisco VPN client on the laptop to make the connection.
This makes for a very secure wireless network and all data between the AP and any notebook travels the VPN, so that data is secure.
I know you want to keep the wireless open for the public, so just don't use any WEP or MAC filtering. The VPN client will be plenty secure and because of the Vlan, users will not be able to get to your internal network.
A base model Cisco ASA 5505 is only around $500 and it's security is tremendous.
Let me know if you need any help setting up the network.
|
|
|
|
Joined: Dec 2002
Posts: 9,424 Likes: 1
Member
|
OP
Member
Joined: Dec 2002
Posts: 9,424 Likes: 1 |
Well, the first stage of the project is done. I installed their server on Saturday. They now want wireless in a couple spots so I think I'm going to need to install 2 access points.
Jeff Moss Moss Communications Computer Repair-Networking-Cabling MBSWWYPBX, JGAE
|
|
|
|
Joined: Jan 2008
Posts: 148
Member
|
Member
Joined: Jan 2008
Posts: 148 |
I know this is an old post, but...
If you can get them to spring for it Marc's recommendation is the one I'd follow. It will also let you provide two additional sell points to your client.
1) You can configure the VPN to authenticate through LDAP to the server you just setup which means that a user only needs to remember the one password and thus will be less likely to write it down.
2) the principles and yourself will be able to work from home if the need arises.
One word of caution. Netstumbler wont see a network that is not broadcasting its SSID unless you set your SSID to that name instead of 'ANY'. If you are familiar with Linux, you should instead run KISMET which is a listen only scanner. Provided your network card supports it, you should still get signal and noise level information.
The ideal method for site surveys is a notebook running with a WiSPY Spectrum Analyzer left over night, then you can record not only potential WiFi networks, but other devices which operate in the 2.4G ISM band(cordless phones, bluetooth, wireless cameras, wonky microwave ovens, etc) and if you spring for the full version 5.8G bands as well.
About me: 8 years of network support 7 years IT field service
Always looking for the next project to be done.
|
|
|
Forums84
Topics94,322
Posts638,968
Members49,779
|
Most Online5,661 May 23rd, 2018
|
|
0 members (),
151
guests, and
67
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|