Wireless network secure and unsecured?

tee2

Distinguished
Sep 2, 2004
12
0
18,510
We are redoing the network at our church. The network is all unsecured wireless now. The new will be wired to the desktops, hard drive (NAS) and printers. There are a few notebooks that will be wireless. We are going to use a Linksys router with an AP.

The thing that I need to know is we need both secure wireless for a few of the notebook people, but we want to have an unsecured wireless for internet access only (no network) for visitors. Can this be done?

Thanks
 

Iceblue

Distinguished
Sep 9, 2006
537
0
18,980
Not with just an access point. First, a single wireless infrastructure device (access point or router) can be either encrypted or not, but not both at the same time. Second, the function of an access point is to connect wireless clients to the LAN, so you can't use it for WAN access only.

If the AP is built into your Linksys router, it may be capable of managing which clients have access to the LAN, but, still, it won't be capable of running both an encrypted channel and an unencrypted one.

Assuming your church LAN has computers attached that contain sensitive information (membership information, confidential pastoral notes, memos, and letters, etc.), I strongly discourage you from having any non-encrypted wireless connection to the LAN, and I strongly encourage you to encrypt with WPA or WPA2 with a strong, random key. Don't let the capabilities of your laptops drive this decision. It is not that expensive to upgrade the wireless adaptors in laptop computers.

If you have been running with unsecure, open wireless and have not had any data leaks, you've been lucky, IMO.
 

tee2

Distinguished
Sep 2, 2004
12
0
18,510
Thanks for the info. I was planning on using WPA for the wireless. We have one person that insists we have some type of unsecured wireless web access. I don’t know why, maybe he uses the broadband connection from the parking lot in the middle of the night.

I think we are lucky the network even works at all. If someone got in through the unsecured wireless and found anything ,maybe they can tell me what is there, because I can’t find stuff that I know is there.

Any other ideas?
 

Iceblue

Distinguished
Sep 9, 2006
537
0
18,980
I don't know what your budget is for this, but maybe "the person" who wants unsecured internet access would like to raise the money for the extra equipment. It will require a second router and second wireless AP (these could be a combo "wireless router" if it has all the necessary functionality).

I've set up internal LANs with wireless for clueless church users / staff before. You have my sympathy (and prayers!).

The additional router / access point device(s) will be placed between your WAN connection (DSL modem, cable modem, whatever) and your existing Linksys router. This new router's wireless connection will be left "open" - unsecured.

Then, you need to set up the internal church LAN (managed by your Linksys router) with the secured wireless AP. Proper configuration of the 2 routers will block wireless clients of the unsecured access point from gaining access to the church LAN.

Here is an article that explains how to set this up.
 
G

Guest

Guest
You could use 2 wireless routers. The one with the Internet connection could be secure and the second could be unsecure. All you need to do is connect the Internet port of the second router to a local port of the first one and make the IP addresses different. ie: First router 192.168.0.1 & Second router 192.168.1.1. Since 192.168.X.X IP addreses are non-routable, computers connected to the second router won't be able to access computers of the first but will be able to have Internet access.

Grumpy
 

tee2

Distinguished
Sep 2, 2004
12
0
18,510
Thanks, I can use the new router and AP for the secured network, and use the old wireless B router for the unsecured network. That way I am using the old router for the people that say "why do we need new stuff when the old stuff is working".

Todd