|
windows
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Public Internet AccessWe are a hospital that has a wireless network configured but only for our
wireless devices, not for public use. We would like to setup internet access for our patients/visitors wirelessly but do not want to put our network at risk. Can I have some ideas on how to go about implementing this? Any help would be greatly appreciated! Sure buy more access points and set them up their own network, put a good
firewall between them and the hospital's network. If you give the public access to the hospital's network it is just a question of time till someone is into something they shouldn't be. -- Show quoteHide quoteDavid Hettel Please post any reply as a follow-up message in the news group for everyone to see. I'm sorry, but I don't answer questions addressed directly to me in E-mail or news groups. Microsoft Most Valuable Professional Program http://mvp.support.microsoft.com DISCLAIMER: This posting is provided "AS IS" with no warranties, and confers no rights "Joel" <J***@discussions.microsoft.com> wrote in message news:1A68FB99-D791-4560-944E-2E8F7372BAD0@microsoft.com... > We are a hospital that has a wireless network configured but only for our > wireless devices, not for public use. We would like to setup internet > access > for our patients/visitors wirelessly but do not want to put our network at > risk. Can I have some ideas on how to go about implementing this? Any help > would be greatly appreciated! Can I control authentication/bandwith with our public access? Would I need
IAS and an account in Active Directory? Show quoteHide quote "David Hettel" wrote: > Sure buy more access points and set them up their own network, put a good > firewall between them and the hospital's network. If you give the public > access to the hospital's network it is just a question of time till someone > is into something they shouldn't be. > > -- > David Hettel > > Please post any reply as a follow-up message in the news group > for everyone to see. I'm sorry, but I don't answer questions > addressed directly to me in E-mail or news groups. > > Microsoft Most Valuable Professional Program > http://mvp.support.microsoft.com > > DISCLAIMER: This posting is provided "AS IS" with no warranties, and > confers no rights > > > "Joel" <J***@discussions.microsoft.com> wrote in message > news:1A68FB99-D791-4560-944E-2E8F7372BAD0@microsoft.com... > > We are a hospital that has a wireless network configured but only for our > > wireless devices, not for public use. We would like to setup internet > > access > > for our patients/visitors wirelessly but do not want to put our network at > > risk. Can I have some ideas on how to go about implementing this? Any help > > would be greatly appreciated! > > > What you can control depends on the hardware and software that you have, in
a public setting you have no real control over either the software, or the hardware that the public uses. All you can hope to control is a minimum required level to connect. There is nothing to prevent the "public" from bringing any tools they like to crack your network. In a hospital setting, you are dealing with private records that most would not want made public, the strongest defense is to not let the public into the private network (LAN) at all. That's why I recommended a separate (or segregated LAN) network for the public. -- Show quoteHide quoteDavid Hettel Please post any reply as a follow-up message in the news group for everyone to see. I'm sorry, but I don't answer questions addressed directly to me in E-mail or news groups. Microsoft Most Valuable Professional Program http://mvp.support.microsoft.com DISCLAIMER: This posting is provided "AS IS" with no warranties, and confers no rights "Joel" <J***@discussions.microsoft.com> wrote in message news:B51F7FF9-9AB1-4B48-8CF0-0AA10B34107A@microsoft.com... > Can I control authentication/bandwith with our public access? Would I need > IAS and an account in Active Directory? > > > "David Hettel" wrote: > >> Sure buy more access points and set them up their own network, put a good >> firewall between them and the hospital's network. If you give the public >> access to the hospital's network it is just a question of time till >> someone >> is into something they shouldn't be. >> >> -- >> David Hettel >> >> Please post any reply as a follow-up message in the news group >> for everyone to see. I'm sorry, but I don't answer questions >> addressed directly to me in E-mail or news groups. >> >> Microsoft Most Valuable Professional Program >> http://mvp.support.microsoft.com >> >> DISCLAIMER: This posting is provided "AS IS" with no warranties, and >> confers no rights >> >> >> "Joel" <J***@discussions.microsoft.com> wrote in message >> news:1A68FB99-D791-4560-944E-2E8F7372BAD0@microsoft.com... >> > We are a hospital that has a wireless network configured but only for >> > our >> > wireless devices, not for public use. We would like to setup internet >> > access >> > for our patients/visitors wirelessly but do not want to put our network >> > at >> > risk. Can I have some ideas on how to go about implementing this? Any >> > help >> > would be greatly appreciated! >> >> >> I understand the importance of having the segregated LANs but thought I could
get away with having one AP, VLANed and then configuring security on our switches (Cisco 3750s). The public VLAN would have no access to other VLANs (our internal network). My director is a control freak and would like to limit bandwith to the public so that it does not affect our employees bandwith. If I configured these VLANs, I could then implement an IAS solution so I could "monitor" internet activity? Or am I missing the boat? :) Show quoteHide quote "David Hettel" wrote: > What you can control depends on the hardware and software that you have, in > a public setting you have no real control over either the software, or the > hardware that the public uses. All you can hope to control is a minimum > required level to connect. There is nothing to prevent the "public" from > bringing any tools they like to crack your network. > > In a hospital setting, you are dealing with private records that most would > not want made public, the strongest defense is to not let the public into > the private network (LAN) at all. That's why I recommended a separate (or > segregated LAN) network for the public. > > -- > David Hettel > > Please post any reply as a follow-up message in the news group > for everyone to see. I'm sorry, but I don't answer questions > addressed directly to me in E-mail or news groups. > > Microsoft Most Valuable Professional Program > http://mvp.support.microsoft.com > > DISCLAIMER: This posting is provided "AS IS" with no warranties, and > confers no rights > > > "Joel" <J***@discussions.microsoft.com> wrote in message > news:B51F7FF9-9AB1-4B48-8CF0-0AA10B34107A@microsoft.com... > > Can I control authentication/bandwith with our public access? Would I need > > IAS and an account in Active Directory? > > > > > > "David Hettel" wrote: > > > >> Sure buy more access points and set them up their own network, put a good > >> firewall between them and the hospital's network. If you give the public > >> access to the hospital's network it is just a question of time till > >> someone > >> is into something they shouldn't be. > >> > >> -- > >> David Hettel > >> > >> Please post any reply as a follow-up message in the news group > >> for everyone to see. I'm sorry, but I don't answer questions > >> addressed directly to me in E-mail or news groups. > >> > >> Microsoft Most Valuable Professional Program > >> http://mvp.support.microsoft.com > >> > >> DISCLAIMER: This posting is provided "AS IS" with no warranties, and > >> confers no rights > >> > >> > >> "Joel" <J***@discussions.microsoft.com> wrote in message > >> news:1A68FB99-D791-4560-944E-2E8F7372BAD0@microsoft.com... > >> > We are a hospital that has a wireless network configured but only for > >> > our > >> > wireless devices, not for public use. We would like to setup internet > >> > access > >> > for our patients/visitors wirelessly but do not want to put our network > >> > at > >> > risk. Can I have some ideas on how to go about implementing this? Any > >> > help > >> > would be greatly appreciated! > >> > >> > >> > > > Please do not backwards quote.
http://ursine.ca/Top_Posting Joel wrote: > My director is a control freak and would like to limit bandwith to the Since you mentioned you have Ciscos, you should be able to play with QoS to> public so that it does not affect our employees bandwith. give packets from the public wifi a priority lower than all other traffic. This should cause the public to use whatever bandwidth isn't being used by the hospital in most cases. Please don't quote backwards.
http://ursine.ca/Top_Posting David Hettel wrote: > Sure buy more access points and set them up their own network, put a good No, a "firewall" is not a magic fix.> firewall between them and the hospital's network. http://www.samspade.org/d/firewalls.html You need to actually know something about networking and using routers (and not those POS home routers, either, the real Cisco thing) to solve this problem in a way that satisfies HIPAA. Internet connection should go into a DMZ zone consisting of only routers, and these routers should not allow any traffic to pass from the public to the employee network and vice versa, and nothing from the outside to the employee network. At minimum, you're going to need to divide things up into four zones: Internet (which should just be the connection to the outside world), Employees (for employee access to the hospital's IT functions and internal servers), Public (for just public internet access, properly secured to prevent abuse as a spam and network abuse vector vector (ie, port 25 and 119 blocked or filtered for outgoing spam, etc), and DMZ (containing the network's common routers between zones, as well as any servers that need to be accessable from the outside as well as the inside, such as the hospital's web and email servers). If you're not sure how to accomplish this and you're the one in charge of implementing it, now is probably the time to start shopping for a network security consultant to come in and give you some pointers. > If you give the public access to the hospital's network it is just a This can't happen if you know anything about network design and apply> question of time till someone is into something they shouldn't be. it. Hi
The solution greatly depends on how the hospital Network is configured. The best protection would be a segregated Network + Strong software security. This page describes the principle of Segregated Network, http://www.ezlan.net/shield.html Jack (MVP-Networking). Show quoteHide quote "Joel" <J***@discussions.microsoft.com> wrote in message news:1A68FB99-D791-4560-944E-2E8F7372BAD0@microsoft.com... > We are a hospital that has a wireless network configured but only for our > wireless devices, not for public use. We would like to setup internet > access > for our patients/visitors wirelessly but do not want to put our network at > risk. Can I have some ideas on how to go about implementing this? Any help > would be greatly appreciated! Joel wrote:
> We are a hospital that has a wireless network configured but only for our You should have a separate network used exclusively for public access that> wireless devices, not for public use. We would like to setup internet > access for our patients/visitors wirelessly but do not want to put our > network at risk. Can I have some ideas on how to go about implementing > this? Any help would be greatly appreciated! cannot be routed to your employee network and attach your public APs to this network instead. 
Other interesting topics
Is key length important when using WPA-PSK Encryption ?
Connection not recognized Using a router as a repeater to extend range. Problems sharing a wireless network connection WiFi reset Intel 2200BG new driver without conexion with the AP in Win XP Unable to access wireless network from a laptop / Can from other PC and laptop Using unsecured network no WLAN with Vista Explorer can't detect wireless connection |
|||||||||||||||||||||||
