RE: Semi-Public Wireless Access Setu....

["Paul Kurczaba" <paul () myipis com>]

Although it is not a bed and breakfast, while staying at Mandalay Bay in Las
Vegas, I tried connecting to their wireless network. 

I quickly found out that they don't use WEP, probably because it would be a
pain in the butt for guests to set up. Instead, they have a proxy server set
up. Here is how it works: You connect your computer to either their wireless
or wired network. If you try to browse a page on the internet, say
google.com, their proxy will intercept it and redirect your browser to their
"login" page. Trying to check emails, or connect to the office via VPN would
not work (at this time).

You would then request a four digit password from the TV. Your password
would be active for 24 hours. You then go back to the computer and type in
the password in the browser, and click "ok". Their system would then map
your MAC address to the 4 digit password; and allow you to use the internet.
At this point, they also unblock all ports. This now allows you to check
emails, and use VPN(s).

For your bed and breakfast, I would do the following:

Set up a gateway running Linux/FreeBSD, which is free :). Install IPTables
and Apache. When your guests want to use your WiFi, they can request a
password from the front desk or office. Once they have the password, the
guest can browse to any page they wish. The first time their MAC address is
recognized, they will be re-directed to your proxy; which has the login
screen. They type in their password and are set.

Some security concerns:

It *is* easily possible to sniff wireless packets. Therefore an "attacker"
could sniff your wireless waiting until one of your guests types in the
password they received. Then, the attacker could use the password they
sniffed.

To secure the bed and breakfast owned boxes, you can set IPTables to drop
packets from Wireless to the bed and breakfast owned boxes.

Just my 2 cents,
Paul Kurczaba

-----Original Message-----
From: Chad Thomsen [mailto:chad.thomsen () bramespecialty com] 
Sent: Monday, November 01, 2004 4:50 PM
To: security-basics () securityfocus com
Subject: Semi-Public Wireless Access Setu....

Hello all.  Our CEO owns a small Bed and Breakfast and wants me to setup
wireless for him in that facility.  The question is how would you recommend
setting it up so that anybody that comes in can use in a secure fashion?
How do airport and coffee houses and the like set theirs up?  I am pretty
sure the only thing on his little network will be a few home PCs of his own
which I will make sure run a personal firewall on them to keep those guests
who may become a bit "curious" out of his equipment.  Other then that I am
not really sure what to do.  Also since this is a very small business, cost
is crucial.  Any suggestions would be appreciated. 

Thanks,
Chad Thomsen, MCSE, CCNA
Network Administrator
Brame Specialty