ceez Posted December 22, 2011 Posted December 22, 2011 Hey everyone.I have a friend that has a small pizza shop, he has comcast internet and wants to share it via wifi for his clients.Security becomes a concern since his running his registers and cc equipment via the same comcast line. The only TRUE way to prevent any packet sniffing on his comcast is to order a 2nd line or a DSL line that runs separate from his comcast.I thought of segmenting his network via a VLAN so register/cc traffic is separate from free wifi.Do any of you have any options or expereince with this?Thanks,ceez
tain Posted December 22, 2011 Posted December 22, 2011 Sounds like you've got the right idea about threats and mitigation. It somewhat depends on what hotspot solution he will use as some may already have segregation features or may not work with certain network configs.
ceez Posted December 23, 2011 Author Posted December 23, 2011 Tain what do you mean by hotspot solution? Are you talking about a wifi router or ap OR actually some device that's called a hotspot that provides additional security for environments like these?my idea is as followscloud - cable modem - linksys wifi router with 2 vlansvlan1 - clients ip: 192.168.x.x dynamic ipvlan2 - store ip: 10.201.x.x. each store device with static ip.
tain Posted December 28, 2011 Posted December 28, 2011 Not to be smart about it, just for clarification:https://secure.wikimedia.org/wikipedia/en/wiki/Captive_portalhttps://secure.wikimedia.org/wikipedia/en/wiki/Hotspot_%28Wi-Fi%29
IcemanND Posted December 29, 2011 Posted December 29, 2011 You should be able to get a second IP from Comcast, and likely a new modem and run two networks on the same incoming line.Whatever solution you chose be sure that it meets the PCI DSS requirements. It also depends upon what equipment they are using and how it handles CC data.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now