Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Risk of offering free wi-fi

P

Patrickulating

macrumors newbie
Original poster
Sep 1, 2006
4
0
I live in a small town. A few weeks ago I got a new modem with built-in wireless router.

My office is next to a popular bar and grill. As I was eating the other day, I noticed my office wi-fi signal is very strong in there. Before the new modem it didn't even reach there.

Anyway, I would offer open wi-fi if it didn't pose an unreasonable security risk of to my office network.

Advice?
 
0dev

0dev

macrumors 68040
Dec 22, 2009
3,947
24
127.0.0.1
I don't see what you're asking.

If you don't want to offer free WiFi, use WPA2 with a decent password. If you're worried about security (and you should be if you use the network for business stuff), then certainly don't leave it open.

If you want to provide free WiFi for customers, set up a separate network for them and leave that one open.
 
Intell

Intell

macrumors P6
Jan 24, 2010
18,955
509
Inside
I would be more concerned with what could be downloaded or viewed with a public network. If someone uses bittorrent insecurely and gets caught, you'd be the one with a fine. Another less likely but far worse thing would be underage porn.

One thing you could do is put your machines and the public side on different subnets to separate them. Then put OpenDNS on the public side to help filter out things you don't want on your network.

You could also see if the bar & grill owner would like to have their name put on the SSID. You could possibly have them subsidize part of the internet bill.
 
kdarling

kdarling

macrumors P6
Jun 9, 2007
17,373
5,925
First university coding class = 47 years ago
For one thing, you'd open the risk of someone in the bar going to a child porn site, which could easily lead to your own arrest when they track back the source to your router. Or someone downloading copyrighted material.

I've seen both kinds of errors happen to coworkers, and it took a while to prove their innocence.

Edit- while i typed, Intell mentioned the same risks.

Not worth it.
 
0dev

0dev

macrumors 68040
Dec 22, 2009
3,947
24
127.0.0.1
kdarling said:
For one thing, you'd open the risk of someone in the bar going to a child porn site, which could easily lead to your own arrest when they track back the source to your router. Or someone downloading copyrighted material.

I've seen both kinds of errors happen to coworkers, and it took a while to prove their innocence.

Edit- while i typed someone else mentioned the same risks.
Click to expand...

Yeah but it's not on his computers and the chances of that happening in the first place are tiny.
 
S

snberk103

macrumors 603
Oct 22, 2007
5,503
91
An Island in the Salish Sea
If you do go this route, just make sure to get your security in place first. More than one of our local establishments (including a couple of pubs and a non-profit) decided to leave their WiFi networks open as a nice gesture. Without securing their own backend networks at all.

I showed the owners of the pubs (both friends of mine) how anyone with a laptop had access to their accounting records, menus, portion controls, etc etc. Both took way too long to close the network. Ah.... life in a small town. Where no really cares about such things.....
 
0dev

0dev

macrumors 68040
Dec 22, 2009
3,947
24
127.0.0.1
snberk103 said:
If you do go this route, just make sure to get your security in place first. More than one of our local establishments (including a couple of pubs and a non-profit) decided to leave their WiFi networks open as a nice gesture. Without securing their own backend networks at all.

I showed the owners of the pubs (both friends of mine) how anyone with a laptop had access to their accounting records, menus, portion controls, etc etc. Both took way too long to close the network. Ah.... life in a small town. Where no really cares about such things.....
Click to expand...

You got into all that just by connecting to a WiFi network? Do they have local file sharing turned on without any password on their computers or something?
 
S

snberk103

macrumors 603
Oct 22, 2007
5,503
91
An Island in the Salish Sea
0dev said:
You got into all that just by connecting to a WiFi network? Do they have local file sharing turned on without any password on their computers or something?
Click to expand...

I don't know the details since I was not privy to their backend setups.... but....
The Wifi network was in fact protected by a password - but they gave it out to any customer in the place who wanted to surf the internet, and they never changed it so once you had surfed once the system would just re-connect on subsequent visits. Plus, if you were at the table with someone new to the joint you could just tell them the password without needing to bother the server. So... effectively wide open, if not fully open technically.

In the Shared section in the Finder sidebar a number of their computers would appear. More than one, but I don't know for fact I could see all of them. However, there was one labeled for the kitchen - which had the supply ordering spreadsheets, plus the meal costing spreadsheets. There was an admin computer with financial data, etc. I could see lots of folders with admin type names, and year and months dates, etc

I didn't snoop around extensively. I just looked enough to make sure I was actually seeing what I thought I was and then backed out. I immediately told the server(s) - and then the owners when I saw them next. It took a few months before this hole was closed at either pub - owned by two different people. I believe they were Windows shops.

The non-proft is a Mac shop ... and it was essentially the same thing. However that hole got closed much faster. Days instead of weeks and months.

I have to admit... I am a bit of snoop.... but only at the surface level. Any time I am using a public WiFi I check to see what appears in the Shared section of the Finder, and then I click to see how far I can go. It is extraordinary how much stuff is visible sometimes.... just sitting there for the world to see. Airport lounges - almost always. Hotel Wifi systems - can sometimes be very locked down, or sometimes you can see both the hotel computers and guest systems. Coffee shops - of course lots there.

I never go beyond the folder level. I'm curious, but I'm not an idiot.
 
kdarling

kdarling

macrumors P6
Jun 9, 2007
17,373
5,925
First university coding class = 47 years ago
0dev said:
Yeah but it's not on his computers and the chances of that happening in the first place are tiny.
Click to expand...

The chances are not really that small, and all it takes is one time.

I once got a legal letter from Cablevision telling me that my home line had been pinpointed as transferring copyrighted material. Turned out it was the kids next door using my (open at the time) WiFi... and even they apparently didn't know their computers were being used for purpose that by a background app.

Far, far worse, a contract coworker of mine was wrongly accused of downloading tons of child porn about ten years ago. The Feds raided his house, handcuffed him in front of his young kids, rifled through everyone's drawers looking for porn evidence (you can imagine his wife's reaction), and then confiscated all his computers.

Unfortunately, his entire business and code was on those computers, so he was suddenly income-less as well.

It took almost six months before the authorities grudgingly determined that he had no porn on his computers, and that most likely it was someone who had stolen his WiFi connection. They returned his gear, but it had been messed with so much looking for evidence, that it no longer worked and much of his code was lost. (He had backups, but they weren't off-site.)

He sued the government and eventually won a wrongful arrest settlement, but his business and personal rep had been destroyed, plus there was the lasting memory of the raid on his kids.

Again, it's not worth it to host free WiFi from a personal business router. To prove your innocence, they'll have to tear your business and computers apart.
 
0dev

0dev

macrumors 68040
Dec 22, 2009
3,947
24
127.0.0.1
snberk103 said:
I don't know the details since I was not privy to their backend setups.... but....
The Wifi network was in fact protected by a password - but they gave it out to any customer in the place who wanted to surf the internet, and they never changed it so once you had surfed once the system would just re-connect on subsequent visits. Plus, if you were at the table with someone new to the joint you could just tell them the password without needing to bother the server. So... effectively wide open, if not fully open technically.

In the Shared section in the Finder sidebar a number of their computers would appear. More than one, but I don't know for fact I could see all of them. However, there was one labeled for the kitchen - which had the supply ordering spreadsheets, plus the meal costing spreadsheets. There was an admin computer with financial data, etc. I could see lots of folders with admin type names, and year and months dates, etc

I didn't snoop around extensively. I just looked enough to make sure I was actually seeing what I thought I was and then backed out. I immediately told the server(s) - and then the owners when I saw them next. It took a few months before this hole was closed at either pub - owned by two different people. I believe they were Windows shops.

The non-proft is a Mac shop ... and it was essentially the same thing. However that hole got closed much faster. Days instead of weeks and months.

I have to admit... I am a bit of snoop.... but only at the surface level. Any time I am using a public WiFi I check to see what appears in the Shared section of the Finder, and then I click to see how far I can go. It is extraordinary how much stuff is visible sometimes.... just sitting there for the world to see. Airport lounges - almost always. Hotel Wifi systems - can sometimes be very locked down, or sometimes you can see both the hotel computers and guest systems. Coffee shops - of course lots there.

I never go beyond the folder level. I'm curious, but I'm not an idiot.
Click to expand...

Sounds like a crappy local file sharing setup as I suspected then. Shows just how security aware people are these days.

I used to "hack" my college network and tell the IT guys of any issues I find (I was the local white hat I guess :p) and I've managed to do a lot of stuff even with my relatively limited knowledge of networks. They had this system where you submit your work for the teacher to check and I was able to get into the admin side of it just by snooping through a few network drives which were easily accessible if you know their assigned letter even if they weren't displayed in My Computer. I've also gotten into the software for controlling other computers on the network in a similar sort of fashion and I've been able to get access to the command line at times when they've slipped up during updates. Then there's the simple fact that most teachers have very easy passwords...

Basically, people are idiots :p
 
S

snberk103

macrumors 603
Oct 22, 2007
5,503
91
An Island in the Salish Sea
0dev said:
Sounds like a crappy local file sharing setup as I suspected then. Shows just how security aware people are these days.
Click to expand...
You think? And I say that with a smile on.... :)
0dev said:
....
Basically, people are idiots :p
Click to expand...
I wouldn't go that far.... but certainly naive. I am constantly surprising people when the passwords I've set up for them are actually, you know, random and unobvious (I've done some web domain support for people or groups - and if I set it up it gets a 7+ long password of letters & numbers. Punctuation if I can. I even try to make the usernames hard to guess if it's appropriate.)

But... you do what you can, point out the holes to your friends, and carry on.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom