Filtering for Church WiFi

[JesusisGod]

There are WAP out there that will segment your LAN and only allow access to the internet. If you want a cheap solutions for protecting filtering sites use CA Security Suite with the parental controls. It connects to their content filtering database and you can set how strong you want the filter to be. You can also set it for over rides for staff. Also netgear latest firewalls allow you to filter websites and by key words..

[darmstrong]

Quote:

I have a similar setup where my wireless is segmented from the rest of the office so that if a client comes in and wants to use their laptop, they can.

I have a 4-port wireless DSL modem w/built in firewall and router. What I did was install second wired router behind the DSL modem and then I configured it as a different network. All of the office PC's run on 172.16.x.x and all of the visiting wireless users come up on 192.168.1.x giving them a straight shot out to the public network. The wired router is seen as wired DHCP client on the 192 side making my 172 side invisible if someone attempts to hack my network.

If the network is split at the modem with two routers for each section of the network there will not be problems. However, if the wireless router creates a separate subnet, but is connected to your 172.16.x.x network it is insecure. That said, it's not easy to connect to you 172.16.x.x without knowing the subnet it's on.

Look at the diagram attached to see what I mean. Those with networking experience will understand that is has to do with a protocol called Network Address Translation.

[kbob]

I used to run a segmented network-worked well, in modified form, using what I described as interior/exterior routers, with the wireless router on the outside network, and the wired router connected through that. Wired to wireless, wireless to cable modem...

Not as nice/secure as a true segmented router, but the only things on the wireless were a single notebook and two printers.

[petereit]

We just installed a new Apple Airport. It works great for us since it has two separate "zones" built in. We have the office zone locked down, password protected and do not broadcast the SSID, but we left the other zone completely open (but using OpenDNS.) It's funny how many times I have driven by the church at night and seen a strange car in the parking lot with an "illuminated" occupant.

[timlinden]

Hi All

Today I installed a "GuestGate MK II" I found on Amazon. We've set it up so anyone can connect to our WIFI, but first must agree to the terms of using the internet. I was actually searching to find an example terms to use when I came across this post.

The router itself is a bit pricey but it's very simple to setup and very secure. You plug it into your current network that is secured so guests can't access it, and then this new router allows them to connect in and only access if they agree first. You can also setup a password, a list of sites they can or can't use, etc.

We had a neighbor ask if they could use our wifi, and he admitted he already was, so having this screen come up first lets them know up front that they can use it, but also the guidelines we expect. We can also encourage them to stop by sometime

Tim

[EricE]

I know it's an older thread, but thought I would bump it for those subscribed...

For filtering, I second OpenDNS - it works great. IPCop is another good free solution, and you can use SquidGuard with firewalls like pfSense but now you are going to be tinkering. Beyond that I haven't found anything that didn't require a costly subscription.

For wifi we now use Ubiquiti Unifi. You can have both a secure network for your staff and a public network, and by default the public network can only browse the Internet. My experiences: Looking for a great wifi solution that won't cost a fortune?

Finally an affordable, enterprise grade managed wifi solution perfect for Churches!