wifi in the office...

Discussion in 'Mac Accessories' started by OfficiallyPB, Aug 12, 2013.

  1. OfficiallyPB, Aug 12, 2013
    Last edited: Aug 12, 2013

    OfficiallyPB macrumors newbie

    Joined:
    Aug 2, 2013
    Location:
    London
    #1
    Right hopefully some of you tech / network geeks can help me here! *im hoping anyways*

    We are looking to get wifi into our office, our office is rather small about 10 users (currently) The network is managed by the states, but part of my job is IT related.

    The guys in the states replied with this relating to our wifi query:

    Sorry about the late reply. I do have some concerns on a wireless access point using our network. Any wireless connection on the existing network would allow a malicious user access to your network as well as our network here in the states. I spoke with Joel who is in charge of the sys admins and network team about this and we came up with a couple options:

    1. 1. If the existing network were to be “tapped into” to get Internet access via wireless, we would have to have each user VPN (via Cisco Anyconnect client) anytime a resource from the US is needed (Email, web tools, any datacenter server access and PG US file servers). Pretty much the entire time the VPN would have to be connected for the user.
    2. 2. Using this option, a separate broadband Internet service provider (ISP) would have to be secured with Internet access independent of the existing UK office network. A wireless ISP card attached to a wireless router or something similar would have to be setup.


    From reading that to me it seems that they wouldnt want anyong piggy backing off our wifi network. Or having the chance to hack into it? But surely this can be prevented from locking down the wifi network with a password? I understand what they mean by VPN as everything is hosted in the states, but the wifi would simply just be for internet access....

    I am looking at using one of the apple routers, maybe the extreme would be more suited to my security needs?

    What would be the best response to this? I would go back just saying that the network would be locked down with a password and anyone who required access to our wifi would need this password. However Id like to go back with a more techy answer so i can stuff it to them lol
     
  2. BrianBaughn macrumors 603

    BrianBaughn

    Joined:
    Feb 13, 2011
    Location:
    Baltimore, Maryland
    #2
    Sounds like security is strict for your company. Any wifi security can be compromised hence their stance. I don't think you're going to get past that.

    Looks like if you want wireless it's going to have to be a on a separate ISP account. Any users on that network wanting to access your company's stateside resources will have to do so via the VPN mentioned. Devices not needing to access those resources wouldn't need to go through the VPN.
     
  3. FreakinEurekan macrumors 68040

    FreakinEurekan

    Joined:
    Sep 8, 2011
    Location:
    Eureka Springs, Arkansas
    #3
    In a business network it's sound advice to have any WiFi access points only wired to a network that is outside the firewall for your primary LAN. That doesn't necessarily mean an entirely different ISP.

    The sensible thing is to have a router/firewall that allows a DMZ partition, and whenever you connect via Wireless you then use VPN to tunnel in through the firewall to access LAN resources. You would not need to log into VPN to simply access Internet resources from your Wi-Fi connected device.

    The only thing there is that your ISP would need to allow you to have two public IP addresses (one for your firewall into your LAN, and one for your Wi-Fi router to use for NAT). If you can work that out with your existing ISP connection then you're home free. Depending on the router/firewall you're using, if it has a 2nd LAN port that can be partitioned as a DMZ, you may not even need additional hardware.

    If your existing router doesn't support DMZ, or getting additional public IPs from your current ISP would cost a lot, it may actually be cheaper & simpler to just use a separate ISP connection for your Wi-Fi network as your IT guys suggest in option 2.

    ----------

    Nowhere near good enough.
     

Share This Page