Hello all. First post so sorry if this has come up before.

I have just installed a wired broadband connection in a friend's pub for her children to use the internet for school and college.

We have had the idea of using a wireless router and allowing customers to connect to the internet from their wireless enabled laptops in the bar and restaurant area, encouraging business lunches etc.

Is there an easy and relatively secure way of allowing customers access to the internet but not the personal and business related files stored on the computer in the office upstairs?

Any info would be appreciated.

nelson

There are five areas that I can think of that need to be secured:

1. Check that there are no network shares (shared folders) on the PC in the office. Even if there are shared folders but they are restricted to named users or groups, there is still the potential for hackers to exploit loopholes in Windows security to elevate their permissions and gain access to the shares.

2. Check that the Administrators group on the PC in the office is restricted, i.e. it is not open to 'Everyone' or 'Authenticated Users'. If the Administrators group covers anyone that can gain access to the PC, then that means that users in the pub downstairs could connect to it through the C$ administrative share (which you cannot remove).

3. Ensure that any desktop sharing applications such as WinVNC or Remote Desktop Connection are protected with strong passwords.

4. Ensure that all user accounts on the PC in the office have strong passwords.

5. Finally, I would also ensure that any connected printer is not shared. This is more for convenience rather than security - you wouldn't want people in the pub accidentally (or deliberately) connecting to the printer and sending massive print jobs to it.

Ultimately, the PC ought to have a firewall that covers the network connection.

As far as I can think with just a couple of minutes thought, this is all that should be a potential problem ...... in theory. Personally, though, I wouldn't feel especially comfortable putting a PC with sensitive data onto a public network like that. As wireless networks are relatively cheap, I would prefer to set up an entirely separate network for the customers downstairs.