Jump to content

Small Business Wifi Setup


G-Stress
 Share

Recommended Posts

Curious to know what you guys think or might suggest. I setup a small breakfast diner's wireless network today, just a basic setup. They had a cable modem and netgear wireless router secured with wpa-wpa2 tkip/aes. They offer their customer's free wifi service meaning they have to give their customer's the passphrase to access the internet.

Now I can think of ways to setup a radius server so they can authenticate with a username and pass, the only issue with that is as far as I know every customer would have to be manually added meaning they would need an administrator. I'm wondering if there is a service that will run on a router/server something similar to starbucks where the user's are prompted with authentication page to create their own accounts then are allowed access to the internet? I've searched for this before quite a few times, but I'm not a developer and wouldn't know where to get started to develop something such as this.

If it were YOU setting up this business how would you guys do it?

ANY advice is greatly appreciated.

Link to comment
Share on other sites

I think a Captive portal is what you are after. Untangle currently supports it. So users must log in first before they can surf the net.

Edit: from a security point of view, an open wireless is like inviting a stranger into your house, very bad idea.

Also check out this link, I think it has you are looking for.

http://www.personaltelco.net/PortalSoftware

Edited by Infiltrator
Link to comment
Share on other sites

I think a Captive portal is what you are after. Untangle currently supports it. So users must log in first before they can surf the net.

Edit: from a security point of view, an open wireless is like inviting a stranger into your house, very bad idea.

Also check out this link, I think it has you are looking for.

http://www.personaltelco.net/PortalSoftware

exactly what i was going to say. Also you can just get 2 routers say once 192.168.1.0/24 and the other 192.168.2.0/24 have one of them be an open network and one be your wpa2

Link to comment
Share on other sites

If they are only using it for free wifi, and not their business side of things, then best bet is leave it unsecured but have a login portal. No need to use WPA, just change the default password on the router and let customers surf unobstructed. This way you don't have to give them the WPA passphrase but will have to give them a simple logon to use for the portal to reach the web instead of having to know or even be capable of WPA.

Then, just have them change the pasphrase every day to keep people from abusing it. Not secure by any means, but since they are offering free wifi, its the simplest solution. Not everyones wireless cards are capable of WPA2. For instance, my sisters laptop, while it is a bit dated, only does 802.11a and 802.11b, and for whatever reason, not capable of WPA, only WEP. I set her router up with WPA2, and only her boyfriends laptop can connect to it. Her wireless card just doesnt have WPA functionality for some reason(junk laptop anyway). Just something to think about.

Standard disclaimer anyway is that wifi is inherently insecure, so if they are willing to use it outside their home, they take that risk upon themself. There is nothing to stop someone from doing the whole pineapple setup in the cafe and intercepting the WPA phrase anyway. One of the reasons I hate wifi for production use, there are too many ways people can get in, even with WPA2. Short of smart cards or like you said, radius and certificates, etc, its not worth the effort. A FON (not pineapple, but the real fon, default router) would actually be a better setup in the diner's case, as they can have the two subnets, one for the diner and one for free wifi, while keeping the stores network on the secure WPA side, and the unsecured for customers to use at their own peril.

Link to comment
Share on other sites

@ Infiltrator,

Yes I'm looking for a good captive portal. I run Untangle at home currently and love it. Problem is that Untangle require's administration of manually adding user accounts. I need a portal that user's are redirected to and has the ability to create their own account OR if there is a portal that exist where multiple user's can use the same account that will work also.

@ ParMan,

I thought about doing the whole 2 router setup. I use to have a guest ap setup like that a few years ago at home which worked great.

@ digip,

I'm right there with you when it comes to wireless in a production environment. Security is always at risk, or shall I say more at risk. I was going to leave it unsecured so any client could connect, but supposedly there was a near by user abusing the service already. The particular router they had didn't have any restrictions as far as time of day, etc. or I would have disabled the connection an hour after business closed.

These portal software's all look pretty good I'm sure there are many here that will suit my own personal needs as well as this business. Any of you guys used any or recommend one vs another?

My main issue is which ever solution I choose the portal needs to be able to create user accounts without having an administrator manually adding the account.

Thanks for all the replies guys. As I said I have been looking at doing this at home for sometime just for learning purposes.

Link to comment
Share on other sites

I googled for these: http://www.google.com/search?hl=en&source=hp&q=internet+cafe+portal+software&btnG=Google+Search

and first one looks like it would be sufficient but never set one up personally

http://www.patronsoft.com/firstspot/

I also see things like Sonic Wall or something to that effect used on a lot of internet cafes in my area. Not sure how secure they are, but when you access their network, it forces you to a login portal.

There is also this VM that apparently does all sorts of things, including a captive portal: http://www.vmware.com/appliances/directory/1059

Link to comment
Share on other sites

double post, something went amuck..

Edited by digip
Link to comment
Share on other sites

I googled for these: http://www.google.com/search?hl=en&source=hp&q=internet+cafe+portal+software&btnG=Google+Search

and first one looks like it would be sufficient but never set one up personally

http://www.patronsoft.com/firstspot/

I also see things like Sonic Wall or something to that effect used on a lot of internet cafes in my area. Not sure how secure they are, but when you access their network, it forces you to a login portal.

There is also this VM that apparently does all sorts of things, including a captive portal: http://www.vmware.com/appliances/directory/1059

Thanks again digip. Yea I found that PatronSoft FirstSpot the other night and it would work perfectly based of it's listed features. Would be nice if there were a general use edition for free though. I also found zeroshell and downloaded it last night that seems like it will suit my needs. I was just getting ready to toy with it just now :)

I also see alot of SonicWall AP's in hospital's larger businesses, etc. was thinking of purchasing one to toy with.

Link to comment
Share on other sites

McDonald's has free open wi-fi, I think that if you just leave it open but make sure everything behind the scenes is secured, then they should be allright correct or no? Giving each customer that walks into the small resteraunt a username & PW sounds like a hassle. Keep the main data pc with important information off line, then have a seperate one just for the free wifi so even if they do manage to get threw your firewall and all that and root your wifi box their will be nothing important on there, if a hacker comes in and deleted the HD on your wifi box just use Norton ghost or something to put the box back to the way it was and fix however they got in to break the free public wifi, but I seriously doubt a hacker would attack and kill a free wifi spot unless they were really a douche.

Link to comment
Share on other sites

Yea giving out a username and pass or passphrase would be a hassle. Some places have an open ap, but secured with a portal service running that allow you to connect and create your own account before accessing the internet and I believe arp poisoning is prevented due to a VLAN somewhere in their setup. I've been to a gas station that was setup like this and I think starbucks is setup like this.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...