Results 1 to 10 of 10

Thread: internet connection to avoid sniffing

  1. #1

    internet connection to avoid sniffing

    People On Earth Mabuhay! Just some tips or any reccomendation software for internet connection to avoid sniffing?

    On our apartelle, we are planning to have internet access on every room and hot spots too on lobby for laptops that has wireless network card.

    So far we only offer room accommodation and planning if they like to have internet access we will charge them for additional cost.

    My problem is how can i sure that they are not using the internet on each room? on hot spots? any help?

    Some answered came from net,from my colleagues and needs some more info before we decide what we will use.

    FOR EACH ROOM AND HOT SPOTS

    - Put a password protect of the day on each computer.

    nice answer but is it secure? any software (for free or available for patch) that can generate daily password? I know on online has, how about on software and free to download?

    - Incorporate to any third party service that has a validation or pin code.

    great! i know it is secured but that's additional cost.

    - Try using remote power switch. Only the receptionist can open the computer using his/her computer if the guest want to have internet.

    should i buy some additional hardware? it is secured too?

    - download internet monitoring software that has disconnect/or ban user option.

    that's good too! but i need someone to monitor the internet connection and disconnect or ban the user and if i will ask our receptionist to do this, i dont think he/she can monitor properly because of lots telephone calls...

    any suggestion or recommendation? thank you and more power!

  2. #2
    Regular Member _uNDeRsCoRE's Avatar
    Join Date
    Jun 2002
    Posts
    252

    not bad :)

    b4 u wer after avatar. now u wanna sticky post!

  3. #3
    SG DC Team Member Paft's Avatar
    Join Date
    Feb 2001
    Location
    Charlottesville, VA
    Posts
    5,736
    If I'm getting what you want..

    Why don't you bind the MAC addresses of each computer to their respective airports so only those computers that are authorized to use it can use it? If other people try to connect, they won't be able to get a DHCP lease and won't be able to connect to the internet.

  4. #4
    Ok! Let me shortcut and direct to the point what my question is...

    On our apartelle, we are planning to have internet access on every room and hot spots too on lobby for laptops that has wireless network card.

    Every room has a network socket (CAT5/RJ45) and they can use it if their laptop/computer has no wireless network card.

    So far we only offer room accommodation and if they like to have internet access we will charge them for additional cost.

    My problem is how can i sure that they are not using the network socket in every room then use the internet? on hot spots?

    Just to be sure, im planning to have a daily password before they use the internet and of course the password is only available at the counter area.

    FOR EACH ROOM (ethernet)

    All I want is, if they plug their computer/laptop network cable on our network outlet a password login prompt and need to a
    authentication(password) before they use the internet. Is it possible? Any software to download similar that i want?

    FOR LOBBY (wireless)

    I have no idea what kind of authentication will i use...We will focus first on every room

    Then if they have a password, how can i know if my network is secured?

    opppsss...my question is getting longer again..follow question to follow up.. Many Thanks and More Power!

  5. #5
    SG DC Team Member Paft's Avatar
    Join Date
    Feb 2001
    Location
    Charlottesville, VA
    Posts
    5,736
    For the ethernet jacks: I reccomend getting your hands on an old 386/486 or low-class Pentium machine, and then setting up Freesco on it. Freesco's routing software that you can use to block the IPs of certain computers from going off the network. The hitch is that you need to have static IP addresses for every person coming in that buys internet access from you.

    Example: John comes in and wants internet access on your Cat5 jacks. You sell it to him. After giving him a static IP address (127.0.0.2 or whatever), you go on Freesco. You have set up the firewall to deny from all addresses. But, now, you add a rule to allow from 127.0.0.2. Only John's computer will be able to access the internet. Of course, he can use any jack in the building, but there's really nothing you can do to prevent that in any case.

    You can also, in Freesco, do what I mentioned above and limit access to certain MAC addresses. This is more secure than by IP, but is slightly harder to get the information for.

    However, if you really want a software setup for this, then you could try a piece of software that does ask for passwords called "DansGuardian". It'll require a LOT of configuring, but it will do what you want when you set it up.



    Wireless: As I said before, limit the people connecting on laptops to the MAC addresses of the laptops. This is the most secure way of doing it, and can't be bypassed (unless the laptop changes hands, and you can't stop people physically sitting at someone else's computer). DansGuardian will also cover this, so long as the routers and airports are behind the computer running it.



    A note with DansGuardian: You'll need a computer between the airports and routers, and the internet. This is why I reccomend Freesco - Since the situation requires another computer, with Freesco it is a LOT easier to deny and allow people access to the network than it is with DansGuardian. However, Freesco does not ask for a username and password (the authentication is given by IP or MAC). So it's really up to you what you use there.



    Does that help?

  6. #6
    SG Enthusiast
    Join Date
    Jan 2001
    Location
    DC
    Posts
    4,717
    Here is freeware that can easily accomodate your needs - sorta what it was made for. http://nocat.org

    Load this software on any machine running linux/bsd/unix with two NICs. plug the AP into one nic and the other should have path to the internet.

    Users must use hte "WiFi Gateway" machine as a proxy. When they launch their browser, the must enter their password (this part uses SSL). If the password is accepted, they may open a second browser window and access the internet. **If they close the SSL (login) browser, their connection is blocked.

    How? The sw rewrites firewall rules dynamically upon successful SSL login - it allows that IP address to access the internet. A heartbeat message is sent regularly to check htat the browser is still open. Once it closes, the app rewrites the firewall rules again to block that ip.

    Neat, huh? Not a very secure setup, but if you are having 'randoms' use your service, you want to put all of this in a DMZ anyway; keeping your private machines protected from your guests by another router/firewall. An inner circle and an outer perimeter.

    Have fun,

    Skye
    anything is possible - nothing is free


    Quote Originally Posted by Blisster
    It *would* be brokeback bay if I in fact went and hung out with Skye and co (did I mention he is teh hotness?)

  7. #7

    Thanks for the answer...

    Thnx Paft, Thnx cyberskye. Anyway, I forgot to mention that we are only using third party proxy server (freeproxy) not a router coz our modem is not capable for router connection. Our modem is for PC connection only.


    Load this software on any machine running linux/bsd/unix with two NICs. plug the AP into one nic and the other should have path to the internet.
    Freesco's routing software that you can use to block the IPs of certain computers from going off the network.
    software that does ask for passwords called "DansGuardian".
    All Computer in SOHO are windowsXp home/pro.

    Is there any way? Many thanks!

  8. #8
    SG DC Team Member Paft's Avatar
    Join Date
    Feb 2001
    Location
    Charlottesville, VA
    Posts
    5,736
    Do what I said. Freesco and DansGuardian both run on PCs. You'd have to format the one that's currently connecting them to the internet, but I'm assuming that wouldn't be a problem?

  9. #9
    toofast99
    Guest
    How about just getting a switch the has a web interface? You could turn on/off each room's cat5 jack by enabling or disabling the corresponding port on the switch. Your recetionist can turn on that room's port in just a few seconds from a web browser.

    Just an idea.

  10. #10
    Elite Member TonyT's Avatar
    Join Date
    Jan 2000
    Location
    Fairfax, VA
    Posts
    10,337
    For the wired ports;
    Use a switch at the desk and after a patron pays for the www service you manually flip the switch ON.

    For the wireless:
    After a patron pays for the wireless access they are given an access code and a url to enter in the address bar of their browser. The page that gets displayed has a form and they enter their access code. This form can submit to a somple php script or other software on the server that authenticates the access code and then runs another script that grabs the mac address of the laptop's wireless nic and authorizes it for www.
    No one has any right to force data on you
    and command you to believe it or else.
    If it is not true for you, it isn't true.

    LRH

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •