(No Ratings Yet)
Loading ...How can I give internet access to visitors without compromising the security of my LAN?
Nearly every visitor, salesman, consultant, or purchasing agent who visits my small business asks for internet access for their laptop. Is there a way to give them access to my T-1 connection without compromising the security of my LAN? I am currently using a Linksys BEFVP41 router.
Posted in Internet | 
Tags: internet access, lan, laptop, linksys befvp41, purchasing agent, small business
4 Responses to “How can I give internet access to visitors without compromising the security of my LAN?”
There are a couple of ways to do this. One is to password protect everything on the LAN – EXCEPT the internet – so to access anything other than the internet they need a password.
Another involves getting a second router. Hook the second router up to the internet and the first router up to the second. You then make your original network a subnet which can be configured through its router to block any unrequested traffic from outside. This way the subnet can still access the internet but any salesmen etc are not on the subnet and can only access the internet.
The first way is less expensive but requires more work to set up and more hassles on a day to today basis since you have to enter a password everytime you want to use anything on the network. The second costs some money but after the initial setup is basically transparent and in some ways more secure.
(Report comment)
I am not familiar with the router, but usually I would assign all machines static IPs and reserve a pool of dynamic IPs which are assigned via DHCP. Then configure your router to drop all packets coming from those dynamic IPs that go to your local network – that way they still have full internet access, but cannot access any local machines on the network.
(Report comment)
If you have shared resources on your LAN, those resources should only be accessible from USER IDs and passwords valid only on the systems on your network. If you’re not using a server, you can still protect files on your LAN by not having open shares; instead, you should restrict each of the shares to a list of valid user IDs and passwords. This would allow outside people to get internet access, but still be restricted from accessing your files.
(Report comment)
I would use a router with wireless internet. Preferably a linksys model. New linksys routers have Cisco Systems installed. Pretty much Cisco provides the highest range of securtity. Find the WRT54GS model, i just got mine last week and its great. No chance they will get into your router with the security features enabled. Goto your administration area for your linksys router "http://192.168.1.1" password "admin" <–by default and find the help tutorial. It will very simply guide you through the process of enabling various security settings.
(Report comment)