|
How to add WIFI to my office painlessly?
Tech guys. I have a networked office that currently uses 14 work stations, 1 server, 1 dsl modem, 1 wired router, and allows access to the Internet through all computers. I'd like to add a wireless router, but I don't necessarily want to replace the old router for several reasons, (it works fine and it has been configured to allow remote use to several workstations.). What is the easiest way to get a signal in from the modem, configure through a computer, and not conflict with the present system. I understand that the best way would be to have the present router swapped for the wireless, but I'm looking at a couple of hundred in service fees for something that, frankly, isn't really that needed in the first place. Just like to offer it to my patients. Thanks.
|
should be able to find a simple access point without a router in it
most wireless routers will automatically assume they should be the router, and cannot be configured otherwise, however there are some that can be configured properly there is however the added problem of security if you enable wifi, then you have secure it and you have to know what you're doing, because you are opening up your network not just to those who work for you, but also to your neigbours... also keep in mind , that it also means that people you lay off, can park their cars near the office in a weekend, and wreak havoc, so your internal systems need to be more secure to if this scenario is worrying you... either way , enabling wireless in a business is not something to take too lightly.... your enviroment, i'de consider setting up the wifi as a seperate router, on a seperate DSL, still moderately secured, but not directly connected to your existing setup... anybody who knows the setup can connect, but still needs valid VPN authentication to your wired router via the regular remote-use config no default, access to everything once you pass the wifi connection problem, any hacker that get's passed that, just get's 'internet', and even that can be limited to be work safe |
|
Not happy with doing WiFi without encription anywhere, so you might want to re-think this.
Once you encript it then the patient you had last week who is now mad at you can sit outside and use the old code (unless you are going to change them on a regular basis and thats more work) then the network would not be secure. One option would be to take your main internet output and split it. One side goes to your office router and the other to the WiFi. Teach the sect how to generate a new code every morning and give it out to the patients. This would keep your office (and business data) separate from the patient access and give them internet connectivity while keeping the two systems separate. |
Thanks, never planned on doing without security measures. And as far as patients, they all love me!:rolleyes: I'll keep this in mind. I am leaning towards splitting the signal and running the wifi router off a workstation. Now I just have to run some Cat5 cable overhead and drop down some walls. Fun, fun.
|
didn't even notice the "offer it to patients " thing
in that case, you'll need a seperate DSL , anything else is just a liability price wise, new DSL line and subscription , low bandwith or high , depends on how happy you want to make your surfers ( lower = less attractive for abuse, who needs 3 mb/sec for email, i sure don't ) + 1 basic internet router, 50-100 USD, no more no need to secure the wifi, just configure the name, and post the config data with a disclaimer "use at your own risk, absolutely NO guarantees" done nothing changes in terms of office data security, sine you don't touch it, anybody accessing it from the wifi ,has the same security hastles as anyone now trying it from the Internet |
Yeah, the problem here is not offering open wireless. If its a benefit for you patients, then it should be open (uncrypted). But that would park them on your network. There are some ways cheapie ways around this, but it involves using Internet Connection Sharing off a windows box......I don't think I want to tell you the rest of the solution. Its to embarassing...... :)
|
Quote:
|
Quote:
|
Can't the router be configured not to allow access to the rest of the network and just add a WIFI access point for the public?
|
If you're in the US and subject to HIPAA regulations then you would really need to ensure the security of your office computers if they hold patient data.
In that case the easiest solution is a second data line for the purpose of this wireless hotspot for your patients. Not a terribly big deal but still a recurring cost. I would still use encryption however because it isn't a "public" hotspot but one for your customers. Post the encryption details in your office or post a note that says "wireless available upon request." Be sure to provide detailed instructions so that your office staff doesn't become the wireless help desk. Using WPA-PSK is very easy and just requires a simple pass phrase but provides very good encryption and security. Once you've got your access point setup where you want to provide the Wireless connection to a simple site survey to see how far your wireless signal is readable. IF the signal level is adjustable on your router - adjust it down to where you can only get signal just outside of the area you want so that you are providing good signal within the area you want. Feel free to question any details here, I've done quite a few wireless implementations as well as secured many a network. |
Quote:
and anyone installing an expensive router will tell you to keep patients accessible wifi off the production network completely, then he'de charge you big bucks for configuring the bugger in the end, that cheap second adsl+internet router will be a fraction of the write off costs on the router+installation |
Quote:
I wouldn't even bother, free WFI isn't expected in a Dr.'s waiting room anyways. (I assume this is your profession if you have patients). Just be your normal wonderful self, that's enough. :) |
Quote:
Quote:
cheapo computer, then make sure it's not located where anybody can access it, (takes 1 minute to pull the utp cable , and plug it in some other machine, or 2 minutes to reboot from usb key) only have screen, keyboard and mouse accessible and still lock it down completely it's just one big hastle, and you still have to keep and eye out for any activity on that box, maintain the box, test the security regulary etc etc if anything i'de take Linux for this job, not worth paying an expensive XP licence for what is essentially a browser..,it's also a lot easier to lock down, and less folks know enough about it to screw around with it... |
Looks like its time to just get a few more magazines! Thanks for all the help. I'll keep the suggestions in mind. I've only had a few ask so far that have come in with laptops and need to do some work. Often they will have families with 2-3 kids, so the parents have to wait an hour or two. Initially I thought it would be easier then it apparently is, at least from a security based point. Another question: Does anyone use a remote source (ie Internet) for backing up data. Presently I rotate 3 250gb external hard drives everyday on a backup, but I like the idea of the data being stored off premises. I generally keep them here in fireproof cases and at times carry the hard drive home.
|
Quote:
One word: 802.1x |
Quote:
your system with external disks to me sounds like a good idea, fast, easy , off site, fire proof case except for one thing , and that is going back in time isn't much of an option eg , if your rotation is a daily backup to disk 1, then disk 2, while disk 3 is off premises, the next week you rotate 3and 2 while 1 is off, and then 3 and 1 , while # 2 is off that will give you 1 week to go back too let's say you have form of data corruption on a non frequently used file ( not to far fetched in medical ) , you would have to see the corruption within 7 days of it occuring, or else it would be on all your backups... i would recommend you keep the daily rotations going with the 3 disks, but keep the disks on site, and add a tape backup at the end of the work week...then keep that tape off site could work with 4 tapes, or more if you want to store a snapshot per month...(typical places with expensive data , like big plants or accounting places would rotate daily, weekly , monthly, and at the end of each year, the full year set get's stored, and all the others get replaced and destroyed) |
Quote:
not true, no link is safer then any link with any type of security if there is no wifi that puts you on the inside, that will be safer then any wifi that does put you on the inside, no matter what you have set up in terms of encryption or authentication this obviously goes from the assumption that "the inside" and "the outside" are allready secured as it is... think of it this way , there's a server standing in the room it has token ring your laptop has Ethernet good luck hacking that server , seriously , i was sent onsite once to do a rip&replace server upgrade, and "somebody" forgot to mention that this customer had TR... it was great fun transferring data over the wire, since the new server didn't have TR, no bridges/switches/hubs with ethernet, no pc's with ethernet, it was all very exiting and i drove 300 miles that day for nothing...EDIT, now that i remember it, it actually was a hospital...in Belgium , with all IBMPS2 hardware, with MCA slots, which meant i couldn't plug in any ethernet cards in the existing server to make the link... i even knew all the passwords and i still couldn't get in no link, no access catch my drift? |
We have 2 networks at work, one is production, one is internet only. Our wifi (and wired in the conference rooms) negotiate via 802.1x protocol and sends the traffic the appropriate way (via IIS authentication).
It's secure. |
i'm sure it is, but it's not more secure then not having a physical link between the two... furthermore, i'm sure your work has a larger budget for these things, and somebody to look after the setup and the users in it.... this is a docters office of some kind, with patients... 802.1x with a backend to sort out the traffic , isn't really a KIS solution...
|
Quote:
And oh we have a hell of a budget alright....one of the reasons I love the job! Personally, if I were him, I'd put a stand-alone PC. I agree, most of us don't take our laptops to the doctor. If I needed anything, I'd have my blackberry. It's a nice offering, but I wonder how utilized it will be. However, he could be setting the trend for the future....I dunno.....you can get a lot done waiting what seems like forever for your appointment..... For him, yes, separate network, separate DSL line, etc. There's no need to have production on the WIFI unless the office workers have laptops. The advice contained herein is all accurate. |
you guys are all paranoid. Then again, i guess you're running windoze...
At my last two places I have *insisted* on having open wireless (albeit with limited port capabilities). I run my home network wide open as well. If someone wants my bandwidth, have fun...I don't pay by the bit. And I have yet to see a homeless person outside stealing signal or trying to hack govt computers from my bushes. All this draconian stuff is an IT manager's wet dream, and a nightmare for someone who actually needs ubiquitous network access... |
regarding 802.1x - it is fairly secure but still breakable - though I don't know how to do it and I consider myself pretty high up there in the network security no-how arena. Cool; don't get too full of yourself - the fall when your network is compromised even by accident will be a hard one.
802.1x the protocol is actually very secure but still relies on stupid humans to implement it. So, you have 802.1x implemented - how many client certs are there? 1 for all or 1 for each individual computer? If it is 1 for all then I can bet with confidence that your network is already compromised. If it is 1 for each client then I will still bet that certs are not being revoked properly at termination and thus still useable. All of these things equal insecure. Next question; how secure is the radius server doing your 802.1x authentication? How secure is your port management on your switches? Are all workstation ports set with port fast and bpdu guard enabled? If not; I'll bring over my cheap switch and figure out your VTP domain name, set mine the same with a higher revision number and figure out your authentication and then erase all of your vlans for you. :-) Just for kicks. Still, this guy's not looking for this indepth of a solution. He can do what he wants to do very easily with a second DSL connection and an off the shelf wireless router that supports WPA2. Really, he could leave it wide open but if someone were to do something bad on his network he would open himself up to some liability. If he didn't get releases from his patients and they did something bad with the access he would still be open to some liability. The key here is that if he's in the US he needs to comply with HIPAA and the easiest way to do that is to ensure that these two networks are separate. |
A stand alone computer seems to be the trick. I've got plenty of outdated ones that I rotated as workstations until they can't handle the next software upgrade. I actually have an extra dsl modem from my home that I have since upgraded to cable. I'm using the same dsl provider in my office. Could a split the phone line thats coming into for the dsl to operated two modems? Then run them separately after this? Thanks again. Geez, this is better then talking to Dell in India!
|
i'de avoid a standalone pc like the plague
for one thing it still needs to connect to "something" and you cannot run it with "internet sharing" one of the existing pc's it's a liability for more reasons then one and will require managing the box, and continious checking if the lock down has not been comprimised... all in all, not a good solution you do not want to be bothered keeping the pc running, with patient and their kids screwing up the box all the time... unless you are a masochist pc hobbyist trust me on this one, you do not want to maintain a public accessible pc they will screw it up if it has anything more then a touch screen with menu options... having wifi enabled from a second dsl line, and then having patients connect with their own laptop or pda's is fine, if they cannot figure out how to connect their own gear to your patient wifi net with the wifi hotspot info posted, then train your people to shrug shoulders and say "i'm not the network geek around here, sorry it works for most people" |
I think you misunderstood me. I am going to have one computer away from patients that is controlling a wireless router. Thats it. The computer will be a marginal one at best, at least good enough to configure a router;) If I can spit off the modem to seperate, I'm looking at not increasing any monthly fees.
|
It is usually possible to use a wireless router as an access point or a router if the router has a few wired switch ports as well as wireless.
http://forums.pelicanparts.com/uploa...1167844658.jpg |
Quote:
|
Well, technically you can even hook the new wireless router up as a router and just have it assign it's own IP's and NAT/PAT them just as it would any place else.
I've read and re-read your initial post. I guess I just don't understand what you are looking for. I'm betting that there's a 99% chance that you can do whatever you want, but I just don't understand what you want. |
| All times are GMT -8. The time now is 01:43 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0
Copyright 2025 Pelican Parts, LLC - Posts may be archived for display on the Pelican Parts Website