Hey, all. I'm putting together a proposal for my local coffee shop. I want to set up broadband with a wireless AP so customers can bring in laptops or whatever and do their work. Maybe even set up a few desktops. Anyway, we'd probably charge 10-15 cents/minute for this.

The first problem I run into is this: how do I secure it? Do I need to hook a computer up to the access point to act as a firewall to keep track of who has an account, how long they've spent online, etc, or is there a cheaper way? And what software would you guys recommend, or is this done through the OS? Keep in mind, I should be able to allow access to multiple different OS's - definietely Win and Mac, hopefully *nix, BeOS and BSD. I'd like to use linux for the firewall/server, but I'm probably going to end up with Windows http://campcaen.engin.umich.edu/iB_html/non-cgi/emoticons/sad.gif.

So what are your recommendations - how hard is this to set up? I've got experience setting up an 802.11 network at home, but there's no security/quotas on it, so that's what I need to learn.

Thanks in advance.

Ugh setting up wireless or networks with end user authentication and keeping track of how many minutes the end user uses and billing systems is way different than home 802.11 network setups. I've heard about total software suites or software components some companies offer to do this setup(like http://www.nomadix.com). Or you can build your own network of servers, configure it yourself (more fun this way), etc. Or the 3rd method is to join a nationwide wireless service and you just act like a client like Wayport <http://www.wayport.com> or Boingo <http://www.boingo.com> (See being a hot spot provider requirements, etc.)

If I were you, I would just set up everything myself and of course you gotta secure it. There's open-source software to do this for the security, etc. Also for the client OS support, you should support the most popular OS'es which means Windows and Mac OS but also say that it's compatible with *ANY* other OS as long as the client/user in the Cafe sets it up and it's compatible with the protocals/technical requirements for the wireless network(and you also publish the SSID info, WEP key if used, etc, etc...).

Also, I HIGHLY recommend you secure your home network since making it unsecure makes it a POPULAR SPOT for wardrivers and it is a *HUGE* security risk. (Example: If you have windows machines without a firewall on the client, etc and you have a public wi-fi network, someone within the physical range can connect to your wifi network, using the default netbios exploits and start looking @ your files, etc which is probably what you DON'T want.)

Also what cafe are you doing this for? I'm actually intrested in FREE wi-fi internet access cafes in my local area (Novi).

WEP isn't really secure, and, frankly, I don't have anything on my system that's important. Plus, I don't like windows security - it's a PITA. Linux, now ... seems to be well designed for such.

So far, this is only speculation; I don't know if the owner will go for it. But his family & mine are friends, so there's a good shot.

This would be in Elmhurst, where I live, about 45 minutes west of chicago. However, it's probably not going to be a free hotspot. Sorry.

Ooh, almost forgot - the only way you'd come in range of my family's network is to trespass on the grounds of our neighbors, who don't know Wi-Fi from cat5.

I keep forgetting, meant to ask this earlier ... isn't WEP really insecure? In which case, it'll keep the script kiddies out, but ... if you have the knowledge/inclination to get on my network, wouldn't you probably have the knowledge/inclination or tools to break WEP?

I was joking on getting into your network (I live all the way in Michigan, hundreds of miles away lol...)
Anyways about Wi-Fi being insecure, it's really kinda insecure... Because cracking a 40-bit WEP key only takes 20 minutes and a 128-bit WEP key only 50 minutes on average (with the correct tools of course... :-D) (I can imagine some guy with cracking software in the Cafe and just leaving his laptop there doing the work... lol)

If possible you should really use the latest 802.1x encryption or whatever since I heard it's more secure and if it's supported by the AP/wi-fi router. I also have a home wi-fi network but I use the Hide SSID/Not broadcast it feature and Mac address authentication (which is pretty secure and will keep out the occasional wardrivers but I needed to disable WEP on mine since it slows down the wireless network connection).

and lol yes WEP will keep out mostly 90% of script-kiddes but won't keep me out of your network (ha ha ha... lol) since I may just crack your wep key and say hello if I ever come to Chicago, and have the time to drive around!

Yea I absolutely *HATE* windows security also, if your gonna implement this wi-fi solution in the Cafe then definetly have ummm a firewall of some sort and use Linux or some other secure OS (mostly *nix or *BSD)

Well, have fun and tell me if you ever get this wi-fi network up in Elmhurst! http://campcaen.engin.umich.edu/iB_html/non-cgi/emoticons/cool.gif

Thanks for your help. Just FYI, I'm also considering the tip-jar model - firewall it, but since the owner doesn't like to hassle with stuff, set up a tip-jar. I'm hoping that the small-town feel we have (probably 75% of the folks in there are regulars, if not more) will help limit abuse - and I can set up extra security as needed.

Again, thanks.

I'm not sure if you guys are taking the Sysadmin class, but one of the topics we will be discussing is network security models and access control. http://campcaen.engin.umich.edu/iB_html/non-cgi/emoticons/smile.gif

802.1x. As for tracking you could do it based on MAC addy for account. Also you could setup with iptables if you wanted to do permit/deny and just deny all outgoing minus the mac addies you allowed.

I'm not in SysAdmin, no. I wish, but ... web development is my weak spot. Just building my first comp tho http://campcaen.engin.umich.edu/iB_html/non-cgi/emoticons/smile.gif. Linux http://campcaen.engin.umich.edu/iB_html/non-cgi/emoticons/biggrin.gif .

And 802.11x is not an option - most peeps use 802.11b, and even if that wasn't an issue... /me shudders ... I've heard horrible things about 11x.

Thanks for the help, guys!

Oh, and does anyone know about a timeframe for Write support for NTFS on linux?

im taking the sysadmin class. if you want to know what i learned ask me after:D