Thanks all in advance.
A customer of mine has asked me to think about how best to secure their network and still offer free wifi to their customers. I'm thinking through the issue(s) involved (noted below) and wonder if this community might be able to offer some thoughts/best practices/Life Lessons from personal experience.
Some notes initial observations/notes:
- The shop has 50mb cable connection via (Atlantic Broadband — a local provider).
- They've received notices about Dig. CopyRight violations from the provider (e.g. someone is d'loading movies from the IP address)
- They do not segment business processes from the public wifi. E.g. the POS system is on the same network as the public. ((I know; It's the first thing I'm going to fix)).
- Cable Modem: Arris Model TM804g (recently upgraded by the cable provider). Provider also indicated that line tests were good with little or no 'flapping' (I honestly don't know what that means).
- Router (will be upgraded to): WRT1900acs (I might not have chosen this model, but the shop owner already purchased).
Here's what I'm thinking about:
- I want to immediately set up a private network for the POS system (and any other business systems that I don't yet know about).
- I'll create a 'guest' network with WP2A encryption and teach the owner how to change the key on a regular basis.
- I'll set the Guest network to only be on during business hours and lock it down with whatever filters and port blocks make sense.
Thought Experiment: Given the above what other best practices could/should I be thinking about as I plan this project out. For the purposes of this post cost is no object, but obviously the real world may offer some constraints….