Conference Wireless setup
Last Post: August 25, 2004:
-
G'day,
Just a quick question regarding the setup of wireless internet access for a conference. From all i've read,, it seems that I need to have a router(s)connect to a broadband connection and provide DHCP addresses. Also have a few Wireless Access Points which are patched into the Router (patch points for eg). The thing here is that for compliance, I would need a 802.11g Wireless Access Point which would cater for the people with 802.11b and 802.11g wireless cards and a 802.11a Wireless Access Point for the users with 802.11a wireless cards.
Due to the different settings, and this being a conference with over 300 people, I cannot see implementing 128bit Encryption or SSID as options, meaning the wireless is totally open.
The router would probably have a firewall inbuilt to block certain incoming port traffic (eg port 80).
I can see a lot of possible things going wrong here - especially if one computer is infectted with a worm, the entire network will be probed/infected. There is also the security concern of someone tapping/listening to the WiFi and compromising the notebooks.
Anyone have any ideas here on what would be the best way to setup a one-off conference with wireless connectivity? -
You're asking for security and seemless access - these are at opposite ends of the spectrum most of the time.
The simplest way to do this is to use 802.11a/g access points with WPA-PSK. That will give you individual unicast keys per client. Though this can be sniffed using Commview for WiFi, it's the only one i know of that can do this...and even still it's not as easy as you might think. You'd have to pass out a key to everyone, or post it all over the place...which is fine for a one-off conference - you certainly wouldn't do this in a corporate environment.
You could use a captive portal, but you'd spend quite a bit of money, and still have no security without passing out a shared key or giving everyone an individual login. When it comes to hotspots, security is the reponsibility of the user, not the admin.
Next, make sure to block OUTBOUND port 25 unless you want a spammer to drop by to senda few gozillion emails through your open connection. Be sure to change the default password for your router/firewall device as well. Closing port 25 will mean that people can get their email, but not be able to send unless they use webmail. This is pretty standard considering spam these days. It isn't pleasant for the users, but it keeps the admin out of trouble.
- 1