[kwlug-disc] OT? Running Wifi hotspots sanely

John Kerr jkerr0102 at rogers.com
Tue Mar 23 23:16:00 EDT 2010


Hi gang

OK I can't program worth a hoot but .....

Could an  OpenWRT program be written modified to use / read the same user database as a CMS like drupal?
Or yank out of Drupal the code that handles the registration and e-mailing of a password and put it 
into an openWRT program. this would be a way of handling user registration.

Just thinking.

John



 ------------------------------------------------------------------------------------------------------------------------
We act as though comfort and luxury
were the chief requirements of life,
when all that we need to make us happy
is something to be enthusiastic about.
—Einstein
------------------------------------------------------------------------------------------------------------------------
==================================
John Eddie Kerr | Guelph, Ontario 
==================================




________________________________
From: Paul Nijjar <paul_nijjar at yahoo.ca>
To: kwlug-disc at kwlug.org
Sent: Mon, March 22, 2010 6:34:04 PM
Subject: [kwlug-disc] OT? Running Wifi hotspots sanely

I am trying to figure out sensible settings for a wifi hotspot, and I
am having trouble finding out what the best practices are. 

Technologically I want to use a router (pfSense) to handle DHCP and
so-called "captive portal" functionality that makes you click through
a page to access the Internet. I also want to have some OpenWRT
routers plugged in that actually provide access to the network. I
think I have some of this figured out, but I am stumbling over how to
run this hotspot sanely: 

- Do I want to have any kind of encryption (WPA/WPA2) on the wireless
  routers? Or should I be leaving the access unencrypted and have the
  portal page do all the authentication?

- Do I want to bother with usernames and passwords for the hotspot?
  For now I don't think we are bothering to charge for Internet
  access. We still could have usernames and passwords for the day, but I
  don't know whether this is worth the effort.

- What kind of privacy concerns do I have to worry about? I am running
  quite a bit of logging for the rest of our users -- with the
  firewall logs that already exist I can identify a computer by MAC
  address and go so far as to see what websites are being accessed. 
  As a user I guess I feel a little uneasy about this. As an IT 
  admin I want to know what is happening on my network so I can
  stop/troubleshoot problems. I don't know whether there are rules 
  prohibiting me from logging certain things, and/or what kind of 
  forewarning I need to provide. (I would like to provide some heads
  up warning that we do record activity on the network.) 

- Because I am a terrible paranoid person, so far I am only allowing
  traffic out on DNS and HTTP/HTTPS ports (which I understand may not
  be DNS/HTTP/HTTPS traffic exclusively). Is this standard practice? Do
  public access locations generally permit traffic more liberally? 

- What else am I not considering? 

If you have answers to these questions or pointers to best practice
documents I would be grateful. This is new territory for me, and
wireless makes me squeamish at the best of times. 


- Paul

-- 
http://pnijjar.freeshell.org


_______________________________________________
kwlug-disc_kwlug.org mailing list
kwlug-disc_kwlug.org at kwlug.org
http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20100323/a23fea65/attachment.htm>


More information about the kwlug-disc mailing list