One of my friends owns a business and wants to offer wireless internet access to his walk in customers. He currently has the following setup:
1 cable modem connected to a switch to provide internet access to his internal network. The internal network clients are assignned 10.x.x.x Ip addresses. He has a LINKSYS firewall sitting between the switch and cable modem for security.
Someone had attempted to set up the wireless hotspot by plugging in a Linksys WRT54G wireless router into the internal network switch. He assignned the router and wireless clients 192.168.x.x addresses...(different subnet).
His internal LAN security is of the utmost importance. I didn't feel comfortable with just having different subnets to keep outside users from his internal network, without some physical seperation. I saw the FAQ on setting up an unsecured WAN connection while isolating the internal LAN (I just did not understand it). I told him to get a completely seperate Internet connection for his customers. This seemed to be the most straightforward way to ensure LAN isolation.
Are my concerns about subnet security completely invalid? I am paranoid that somehow a walk-in customer would be able to wirelessly hack into his internal network and grab sensitive data. The router does not seem to have any sort of advanced features to disallow certain routes. If subnetting can be done securely, is there a test I can run from the wireless side to make sure it is 100% secure (a IP scan perhaps?)?
Has anyone else gone through this scenerio, and can offer any suggestions?