Restaurant wifi sharing internet with wired POS equip

Author	All Replies
FzyR Simpsons Addict Premium join:2001-10-28 Bloomington, IN edit: June 14th, @01:12PM	Restaurant wifi sharing internet with wired POS equip Friends of mine run a restaurant where they offer free unsecured wifi to its customers. They are concerned about having their wired point of sales machines being hooked up to this same network (credit card data etc). The current set-up which I'm worried about: [dsl modem] -- [wireless router] -- (wired)[POS Equipment] -- (wireless) Guests Would this setup be safe: [dsl modem] -- [switch] -- [wired router] -- (wired) POS Equipment -- [unsecure wireless router] -- (wireless) Restaurant Guests My suggestion is to split the initial connection with a switch and add another wired-only router where only the pos equipment is hooked to. This would create essentially 2 independent networks... would this work? any feedback or suggestions would be appreciated :) -- They have the internet on computers now?
	to forum · permalink · · 2008-06-14 13:10:09 ·
Anav Sarcastic Llama? Naw, Just Acerbic Premium join:2001-07-16 Dartmouth, NS edit: June 14th, @01:31PM	The best solution would be to get a separate internet account. Alternatively, they could use something like the zywall 2 plus zyxel router that has separate firewalled dhcp serving zones, so that the guests could not access any of the private information and would only have access to the net. This is a wired unit and one would use two separate APs or wifi routers acting solely as AP/switches attached to the different zones. THe zywall 2WG has its own wifi and thus only one other wifi router needs procurement. In the meantime advise your client to cease providing public wifi until security measures are in place. -- Ain't nuthin but the blues! "Albert Collins". Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner" LlamaWorks Equipment
	to forum · permalink · · 2008-06-14 13:30:53 ·
cleckjr cleckjr join:2003-08-30 Trenton, NJ edit: June 14th, @05:08PM	reply to FzyR FzyR As long as the two routers, "wired router" and "unsecured wireless router", are defined as different subnets. It seems secure enough to me. The "wired router" should have its firewall enabled. For example, you could define the "wired router" to be a 192.168.1.X address space; the "unsecured wireless router" 192.168.2.X address space. Unless someone physically hooks into the switch; the dsl modem; or the "wired router," I don't see how they would be able to snoop the traffic on the wired POS network (192.168.1.x). But then again, that is not my forte. I've used a similar setup to allow my kids wifi gaming access, for Nintendo DS, on a separate subnet. In my scenario, I have two wireless routers, one secured and one unsecured. I use the secured. They play on the unsecured. cleckjr
	to forum · permalink · · 2008-06-14 17:07:34 ·
jpg366 join:2004-04-09 Humble, TX ·RoadRunner Cable	Just watch out for the times when a router resets to factory defaults (on its own, or with help from the power company). If both are initially set to non-default IP addresses, then you have a much lower chance of everything ending up in the same subnet. I recently ran across a LinksysV5 running DD-WRT that somehow got reset and was running, quite well, totally unsecured. Fixed it easily enough, but it did not give me a warm feeling about home-quality equipment.
	to forum · permalink · · 2008-06-18 22:55:53 ·
YqE41k24 Premium join:2004-05-02 Tarrytown, NY	reply to cleckjr Re: Restaurant wifi sharing internet with wired POS equip That setup isn't a secure network. The second setup (with [wired router] and [unsecure wireless router] sharing the same switch) does not have two independent networks. The [wired router] network is basically a client to the [unsecure wireless router] network, and a peer of the restaurant guests. I would not worry about credit card data being seen over the network. It should be secured at each end via encryption. And the switch will not broadcast network traffic over both the wired network and wireless. Packets destined for the wireless router won't be seen by the wired router, for example. However, people could jam the system. They could: play with MAC addresses (e.g. making their wireless network adapter have the same hardware MAC as the wired router, for instance); manually assign IP addresses to their machines which could conflict with your wired router; hog all of your DSL bandwidth; or hack your modem. Your modem is probably also acting as a firewall and logged into your DSL provider. That means that the point of sale equipment would be behind two firewalls ([wired router] and [dsl modem]). This double-NAT can introduce problems. Anav has the right advice. Use a device such as the ZyWall 2 Plus which is made for situations like this. Or really get two independent networks by setting up a separate DSL account.
	to forum · permalink · · 2008-06-24 17:11:45 ·
FzyR Simpsons Addict Premium join:2001-10-28 Bloomington, IN	reply to FzyR Thanks everyone! I'll pass this info along and see what we can do. -- They have the internet on computers now?
	to forum · permalink · · 2008-06-27 17:44:09 ·
masterdave23 Premium join:2002-11-21 Satellite Beach, FL edit: July 6th, @11:51PM	reply to FzyR check out »www.pcicomplianceguide.org/ to see if its allowed by compliance by vista or master card »https://www.pcisecuritystandards.org/pdf···v1-1.pdf ****per Visa's stance your business will fail PCI compliance status." "With fines up to $500,000 (USD) for each incident of non-compliance with PCI guidelines, it is in the best interest of all businesses subject to PCI compliance to heed the PCI and PABP guidelines."
	to forum · permalink · · 2008-07-06 23:39:35 ·
baysoor join:2002-03-12 San Jose, CA ·AT&T Yahoo	reply to FzyR check out IPCOP. »www.ipcop.org/ You can install it on any old pc and few network cards. ($10 a pop at fry's near you). Hang your wireless access point/router to external network. You will have a safe firewall for your network and separate network for your customers. You can even limit their bandwidth usage. I have installed it on old AMD K6-300 with 128 MB of RAM and it is working fine. (not much customer load though, most of it is internal use in a small office). You can go fancy with firewall, add other safety features, there is a boatload of plugins.
	to forum · permalink · · 2008-07-08 18:56:06 ·
dervari join:2000-01-17 Atlanta, GA clubs:	reply to FzyR A Netscreen 5GT running in "Home/Work" mode would be ideal. The "Home" network is completely isolated from the "Work" network. You'd have 2 100bT ports on each side that you can daisy chain a switch off of.
	to forum · permalink · · 2008-07-09 12:04:22 ·
genewitch join:2007-09-12 Klamath Falls, OR	reply to baysoor Yay for ipcop. Yeah, red=dsl blue=wifiAP green=POS you're set. ignore the orange network. it will only laugh at you.
	to forum · permalink · · 2008-07-18 02:36:01 ·
MicroWISP join:2008-01-30 TX Republic	reply to FzyR Go for it, yes use two subnets. IPCOP or pfSense will be your best bet for routers. -- "Man who say it cannot be done should not interrupt man doing it."
	to forum · permalink · · 2008-07-21 20:49:41 ·


Saturday, 30-Aug 11:17:26	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9 years online! © 1999-2008 dslreports.com.republican-creole page compression OFF