Setting Up Secure Public Networks

Updated: October 31, 2006

Perhaps the simplest way is to deploy separate wireless networks. This works well when the public areas are in their own physical areas, such as a lobby or a training room. You can often arrange your access point placement so the signals between your private and public areas rarely overlap, so even if a would-be hacker were in your facility, the network available to him would never touch your internal network.

When you can't physically separate the spaces — for example, maybe your staff needs to access the internal systems when in the training room — you might still be able to deploy two sets of access points, each connected to a separate network. Visitors would be able to use the public network without signing in, while your employees would be able to sign in to the internal network only if their systems were using, say, WPA or RADIUS authentication. However, having multiple access points in te same area can lead to signal interference, even if the access points are set to different frequencies (called channels) within the access points' range.

Another way to separate the networks is to use access points and switches that support virtual LANs. Each virtual LAN acts like a separate network, with its own SSID, access permissions, and security settings. Your switches and access points keep track of which users are linked to which VLAN, so their traffic follows that VLAN's rules and never mixes with another VLAN's traffic. This approach works well when you can't have separate physical wireless LANs in the same space because of radio interference or power issues.

With all three approaches, you add additional separation between the (virtual) networks by using access points that support 802.11a and 802.11g frequencies, so the public VLAN uses the 802.11g frequencies and the internal VLAN uses the 802.11a frequency. This reduces the chances of someone being able to even connect to your private network in an attempt to break in. (If a visitor has a laptop equipped with a dual-mode radio, which supports both 802.11a and 802.11g, this protection of course goes away, and you can rely only on your internal network's security settings. Also note that 802.11b equipment works fine on 802.11g networks, and vice versa.) Of course, it means equipping all your employees and internal devices with 802.11a-based equipment, which are harder to find and more expensive.

Related Categories
Featured Research
  • Baselining Best Practices

    IT must ensure new applications are rolled out quickly, reliably, and without risk, while at the same time guaranteeing performance and availability. Read this VirtualWisdom white paper to find out how to achieve application-aligned infrastructure performance, and more. more

  • Next Generation End User Experience Management: APM

    In an era of new technologies and cloud-based application delivery models, your business success depends on your ability to ensure optimal application performance and quality user experiences at all times. This complimentary white paper from AppNeta will enlighten you to the new frontiers in end user experience management and much more. more

  • Video: Create an Integrated, Collaborative Microsoft Lync Environment

    Consider HP as your Microsoft Lync Solutions provider! more

  • Optimizing Application Delivery to the Network Edge

    Increasingly, the success of business is being tied to the network. The transformation of the network and IT can help organizations deliver and support highly available applications and services while reacting more quickly to changes in the business environment. In this complimentary white paper from IDC, learn how HP can help its customers and partners improve the overall application experience. more

  • Networking Routers Buyer's Guide for SMB & Enterprise

    This buyer's guide presents an overview of leading products on the market today and aims to improve research for companies needing to purchase or upgrade their equipment. more