Network Security

[sanjeet]

We have a firspot server sitting on our LAN network. The public network interface is connected to our LAN (which is a switch that connects all our existing computers together and has an ADSL connection) The private network interface is connected to a wireless access point.

When a guest connects wirelessly to Firstspot, I noticed that they can browse the network. They are able to view the contents of other guest's computers connected to Firstspot and also our computers that are on our office LAN including our file server.

How do we secure our office LAN network from guests that are connected to Firstspot?
The only thing guest should have access to is the internet connection and not be able to browse the network.

Please advice.

[kevin]

We've tested out the scenario you described and were able to reproduce the problem. That should be a bug and we'll get it fixed.

As most of our customers connect the public nic directly to the Internet, this scenario is much less experienced and concerned. Thanks very much for pointing out the issue to us.

~ Patronsoft Limited ~

[burg538]

We have had the same problem but could enter the option "Disable client to Client communication" in our accesspoint, maybe your AP have the same option. It solved our problem.

[sanjeet]

Hi,
We have temporarily resolved this issue by installing Zone Alarm on the Firstspot Server. Through the Zone Alarm configuration :-

Private Interface Card:-
Block incoming NetBIOS (ports 135, 137-9,445)
Block outgoing Netbios NetBIOS (ports 135, 137-9,445)
Block incoming ping (ICMP Echo)
Block outgoing ping (ICMP Echo)

This will prevent the visitor based network from accessing the internal network. They won't be able to ping any computer on the internal network or browse it through network neighborhood or search by computer name.

But among the users on the visitor based network, each other still has access to one another.

Thanks.