|
|
|
|
| Author |
|
|
Registered
Join Date: Jan 2000
Posts: 6,950
|
How to add WIFI to my office painlessly?
Tech guys. I have a networked office that currently uses 14 work stations, 1 server, 1 dsl modem, 1 wired router, and allows access to the Internet through all computers. I'd like to add a wireless router, but I don't necessarily want to replace the old router for several reasons, (it works fine and it has been configured to allow remote use to several workstations.). What is the easiest way to get a signal in from the modem, configure through a computer, and not conflict with the present system. I understand that the best way would be to have the present router swapped for the wireless, but I'm looking at a couple of hundred in service fees for something that, frankly, isn't really that needed in the first place. Just like to offer it to my patients. Thanks.
Last edited by 89911; 01-02-2007 at 06:21 AM.. |
||
01-02-2007, 05:51 AM
|
|
|
Gon fix it with me hammer
|
should be able to find a simple access point without a router in it
most wireless routers will automatically assume they should be the router, and cannot be configured otherwise, however there are some that can be configured properly there is however the added problem of security if you enable wifi, then you have secure it and you have to know what you're doing, because you are opening up your network not just to those who work for you, but also to your neigbours... also keep in mind , that it also means that people you lay off, can park their cars near the office in a weekend, and wreak havoc, so your internal systems need to be more secure to if this scenario is worrying you... either way , enabling wireless in a business is not something to take too lightly.... your enviroment, i'de consider setting up the wifi as a seperate router, on a seperate DSL, still moderately secured, but not directly connected to your existing setup... anybody who knows the setup can connect, but still needs valid VPN authentication to your wired router via the regular remote-use config no default, access to everything once you pass the wifi connection problem, any hacker that get's passed that, just get's 'internet', and even that can be limited to be work safe
__________________
Stijn Vandamme EX911STARGA73EX92477EX94484EX944S8890MPHPINBALLMACHINEAKAEX987C2007 BIMDIESELBMW116D2019 |
||
|
01-02-2007, 06:02 AM
|
|
|
Registered
|
|||
|
01-02-2007, 06:05 AM
|
|
|
Senior Member
Join Date: Jun 2000
Location: N. Phoenix AZ USA
Posts: 28,943
|
Not happy with doing WiFi without encription anywhere, so you might want to re-think this.
Once you encript it then the patient you had last week who is now mad at you can sit outside and use the old code (unless you are going to change them on a regular basis and thats more work) then the network would not be secure. One option would be to take your main internet output and split it. One side goes to your office router and the other to the WiFi. Teach the sect how to generate a new code every morning and give it out to the patients. This would keep your office (and business data) separate from the patient access and give them internet connectivity while keeping the two systems separate.
__________________
2013 Jag XF, 2002 Dodge Ram 2500 Cummins (the workhorse), 1992 Jaguar XJ S-3 V-12 VDP (one of only 100 examples made), 1969 Jaguar XJ (been in the family since new), 1985 911 Targa backdated to 1973 RS specs with a 3.6 shoehorned in the back, 1959 Austin Healey Sprite (former SCCA H-Prod), 1995 BMW R1100RSL, 1971 & '72 BMW R75/5 "Toaster," Ural Tourist w/sidecar, 1949 Aeronca Sedan / QB |
||
|
01-02-2007, 06:10 AM
|
|
|
Registered
Join Date: Jan 2000
Posts: 6,950
|
Thanks, never planned on doing without security measures. And as far as patients, they all love me!
 I'll keep this in mind. I am leaning towards splitting the signal and running the wifi router off a workstation. Now I just have to run some Cat5 cable overhead and drop down some walls. Fun, fun.
|
||
|
01-02-2007, 06:17 AM
|
|
|
Gon fix it with me hammer
|
didn't even notice the "offer it to patients " thing
in that case, you'll need a seperate DSL , anything else is just a liability price wise, new DSL line and subscription , low bandwith or high , depends on how happy you want to make your surfers ( lower = less attractive for abuse, who needs 3 mb/sec for email, i sure don't ) + 1 basic internet router, 50-100 USD, no more no need to secure the wifi, just configure the name, and post the config data with a disclaimer "use at your own risk, absolutely NO guarantees" done nothing changes in terms of office data security, sine you don't touch it, anybody accessing it from the wifi ,has the same security hastles as anyone now trying it from the Internet
__________________
Stijn Vandamme EX911STARGA73EX92477EX94484EX944S8890MPHPINBALLMACHINEAKAEX987C2007 BIMDIESELBMW116D2019 |
||
|
01-02-2007, 06:21 AM
|
|
|
|
Slackerous Maximus
Join Date: Apr 2005
Location: Columbus, OH
Posts: 18,157
|
Yeah, the problem here is not offering open wireless. If its a benefit for you patients, then it should be open (uncrypted). But that would park them on your network. There are some ways cheapie ways around this, but it involves using Internet Connection Sharing off a windows box......I don't think I want to tell you the rest of the solution. Its to embarassing......
__________________
2022 Royal Enfield Interceptor. 2012 Harley Davidson Road King 2014 Triumph Bonneville T100. 2014 Cayman S, PDK. Mercedes E350 family truckster. |
||
|
01-02-2007, 07:29 AM
|
|
|
Gon fix it with me hammer
|
Quote:
__________________
Stijn Vandamme EX911STARGA73EX92477EX94484EX944S8890MPHPINBALLMACHINEAKAEX987C2007 BIMDIESELBMW116D2019 |
||
|
01-02-2007, 07:37 AM
|
|
|
Slackerous Maximus
Join Date: Apr 2005
Location: Columbus, OH
Posts: 18,157
|
Quote:
__________________
2022 Royal Enfield Interceptor. 2012 Harley Davidson Road King 2014 Triumph Bonneville T100. 2014 Cayman S, PDK. Mercedes E350 family truckster. |
||
|
01-02-2007, 07:43 AM
|
|
|
Registered
Join Date: Dec 2004
Location: san jose
Posts: 4,982
|
Can't the router be configured not to allow access to the rest of the network and just add a WIFI access point for the public?
__________________
steve old rocket inguneer |
||
|
01-02-2007, 07:53 AM
|
|
|
Registered
Join Date: Mar 2002
Location: My House
Posts: 5,345
|
If you're in the US and subject to HIPAA regulations then you would really need to ensure the security of your office computers if they hold patient data.
In that case the easiest solution is a second data line for the purpose of this wireless hotspot for your patients. Not a terribly big deal but still a recurring cost. I would still use encryption however because it isn't a "public" hotspot but one for your customers. Post the encryption details in your office or post a note that says "wireless available upon request." Be sure to provide detailed instructions so that your office staff doesn't become the wireless help desk. Using WPA-PSK is very easy and just requires a simple pass phrase but provides very good encryption and security. Once you've got your access point setup where you want to provide the Wireless connection to a simple site survey to see how far your wireless signal is readable. IF the signal level is adjustable on your router - adjust it down to where you can only get signal just outside of the area you want so that you are providing good signal within the area you want. Feel free to question any details here, I've done quite a few wireless implementations as well as secured many a network.
__________________
-The Mikester I heart Boobies |
||
|
01-02-2007, 08:04 AM
|
|
|
Gon fix it with me hammer
|
Quote:
and anyone installing an expensive router will tell you to keep patients accessible wifi off the production network completely, then he'de charge you big bucks for configuring the bugger in the end, that cheap second adsl+internet router will be a fraction of the write off costs on the router+installation
__________________
Stijn Vandamme EX911STARGA73EX92477EX94484EX944S8890MPHPINBALLMACHINEAKAEX987C2007 BIMDIESELBMW116D2019 |
||
|
01-02-2007, 08:57 AM
|
|
|
|
Team California
|
Quote:
I wouldn't even bother, free WFI isn't expected in a Dr.'s waiting room anyways. (I assume this is your profession if you have patients). Just be your normal wonderful self, that's enough.
__________________
Denis The shooting of Charlie Kirk, a guy I did not agree with much, is an American tragedy and a horrible crime. -signed, a liberal |
||
|
01-02-2007, 09:35 AM
|
|
|
Gon fix it with me hammer
|
Quote:
Quote:
cheapo computer, then make sure it's not located where anybody can access it, (takes 1 minute to pull the utp cable , and plug it in some other machine, or 2 minutes to reboot from usb key) only have screen, keyboard and mouse accessible and still lock it down completely it's just one big hastle, and you still have to keep and eye out for any activity on that box, maintain the box, test the security regulary etc etc if anything i'de take Linux for this job, not worth paying an expensive XP licence for what is essentially a browser..,it's also a lot easier to lock down, and less folks know enough about it to screw around with it...
__________________
Stijn Vandamme EX911STARGA73EX92477EX94484EX944S8890MPHPINBALLMACHINEAKAEX987C2007 BIMDIESELBMW116D2019 |
||
|
01-02-2007, 10:56 AM
|
|
|
Registered
Join Date: Jan 2000
Posts: 6,950
|
Looks like its time to just get a few more magazines! Thanks for all the help. I'll keep the suggestions in mind. I've only had a few ask so far that have come in with laptops and need to do some work. Often they will have families with 2-3 kids, so the parents have to wait an hour or two. Initially I thought it would be easier then it apparently is, at least from a security based point. Another question: Does anyone use a remote source (ie Internet) for backing up data. Presently I rotate 3 250gb external hard drives everyday on a backup, but I like the idea of the data being stored off premises. I generally keep them here in fireproof cases and at times carry the hard drive home.
|
||
|
01-02-2007, 12:53 PM
|
|
|
Living in Reality
Join Date: Jan 2004
Location: Chicago, IL
Posts: 5,671
|
Quote:
One word: 802.1x |
||
|
01-02-2007, 01:09 PM
|
|
|
Gon fix it with me hammer
|
Quote:
your system with external disks to me sounds like a good idea, fast, easy , off site, fire proof case except for one thing , and that is going back in time isn't much of an option eg , if your rotation is a daily backup to disk 1, then disk 2, while disk 3 is off premises, the next week you rotate 3and 2 while 1 is off, and then 3 and 1 , while # 2 is off that will give you 1 week to go back too let's say you have form of data corruption on a non frequently used file ( not to far fetched in medical ) , you would have to see the corruption within 7 days of it occuring, or else it would be on all your backups... i would recommend you keep the daily rotations going with the 3 disks, but keep the disks on site, and add a tape backup at the end of the work week...then keep that tape off site could work with 4 tapes, or more if you want to store a snapshot per month...(typical places with expensive data , like big plants or accounting places would rotate daily, weekly , monthly, and at the end of each year, the full year set get's stored, and all the others get replaced and destroyed)
__________________
Stijn Vandamme EX911STARGA73EX92477EX94484EX944S8890MPHPINBALLMACHINEAKAEX987C2007 BIMDIESELBMW116D2019 |
||
|
01-02-2007, 01:13 PM
|
|
|
Gon fix it with me hammer
|
Quote:
not true, no link is safer then any link with any type of security if there is no wifi that puts you on the inside, that will be safer then any wifi that does put you on the inside, no matter what you have set up in terms of encryption or authentication this obviously goes from the assumption that "the inside" and "the outside" are allready secured as it is... think of it this way , there's a server standing in the room it has token ring your laptop has Ethernet good luck hacking that server , seriously , i was sent onsite once to do a rip&replace server upgrade, and "somebody" forgot to mention that this customer had TR... it was great fun transferring data over the wire, since the new server didn't have TR, no bridges/switches/hubs with ethernet, no pc's with ethernet, it was all very exiting and i drove 300 miles that day for nothing...EDIT, now that i remember it, it actually was a hospital...in Belgium , with all IBMPS2 hardware, with MCA slots, which meant i couldn't plug in any ethernet cards in the existing server to make the link... i even knew all the passwords and i still couldn't get in no link, no access catch my drift?
__________________
Stijn Vandamme EX911STARGA73EX92477EX94484EX944S8890MPHPINBALLMACHINEAKAEX987C2007 BIMDIESELBMW116D2019 Last edited by svandamme; 01-02-2007 at 01:33 PM.. |
||
|
01-02-2007, 01:26 PM
|
|
|
Living in Reality
Join Date: Jan 2004
Location: Chicago, IL
Posts: 5,671
|
We have 2 networks at work, one is production, one is internet only. Our wifi (and wired in the conference rooms) negotiate via 802.1x protocol and sends the traffic the appropriate way (via IIS authentication).
It's secure. |
||
|
01-02-2007, 01:33 PM
|
|
|
Gon fix it with me hammer
|
i'm sure it is, but it's not more secure then not having a physical link between the two... furthermore, i'm sure your work has a larger budget for these things, and somebody to look after the setup and the users in it.... this is a docters office of some kind, with patients... 802.1x with a backend to sort out the traffic , isn't really a KIS solution...
__________________
Stijn Vandamme EX911STARGA73EX92477EX94484EX944S8890MPHPINBALLMACHINEAKAEX987C2007 BIMDIESELBMW116D2019 |
||
|
01-02-2007, 01:35 PM
|
|
BimForce the Third, Esquire
1979 Porsche 911SC 3.0
