What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Access Control?

H

hkkelvinlee

New Around Here
Hi there,

Need a bit help choosing a router/UTM.

I am going to replace my Linksys WRV200 router at home. I am aiming at a wired dual wan wired-only router with SSL VPN. The present network has a few switches here and there, some dumb and some smart. I wish to have some sort of network access control because I noticed a baby-sitter often come to our house with a notebook computer. Whilst she may have 3G connection, it occurs to me that anyone with a Cat5 can have a free ride on my broadband when he/she plugs in to any empty port at the switches.

I heard some SOHO/SMB class router has kind of access control whereby users (connecting by wire or wireless) will be brought to hotel-style webpage for entering username/password. What should I look for at router specification sheets for such feature? I am confused by acronyms like ACL, Radius server and the like and don't know what to look for.

Acronyms aside, I believe such access control can be implemented at the router either (1) locally, such that it affects only internet connection when implemented at router; or (2) over the whole network, such that all networked devices (especially storage devices like NAS) can share the same access control list maintained at router. The (2) option makes perfect sense to avoid trouble of manually maintaining multiple users/passwords lists at multiple networked devices, but I don't know whether it is archived by ACL, Radius or other technology.

Last thing I want to do is to buy an expensive router only to find out it in itself SUPPORTS ACL or Radius or whatever technology but I need to separately run a Radius or whatever server to archive what I want to do.

Any help please? Either to explain the tech/acronyms or to even recommend suitable router/UTM? I have been looking at Netgear, Draytek, Fortinet but getting more confused.

Many thanks.

Kelvin
 
hkkelvinlee said:
Hi there,

Need a bit help choosing a router/UTM. I am going to replace my Linksys WRV200 router at home. I am aiming at a wired dual wan wired-only router with SSL VPN. The present network has a few switches here and there, some dumb and some smart. I wish to have some sort of network access control because I noticed a baby-sitter often come to our house with a notebook computer. Whilst she may have 3G connection, it occurs to me that anyone with a Cat5 can have a free ride on my broadband when he/she plugs in to any empty port at the switches.
Click to expand...
"Free ride"? I dont understand - we actually make the wi-fi and big screen TV a selling point on the nights that we ask my niece to babysit. The more comfortable and entertained your babysitter is in the house, the less you'll have to pay her time, if at all.

Sounds to me like overkill for the use case. Let her have the internet. It's not like she's going to host and operate her own version of Rapidshare or YouSendIt on your connection during the couple of random hours she is looking after your kids. And if you think she is potentially up to criminal activity, then you dont want her in your house looking after your kids in the first place.
 
Osamede said:
"Free ride"? I dont understand - we actually make the wi-fi and big screen TV a selling point on the nights that we ask my niece to babysit. The more comfortable and entertained your babysitter is in the house, the less you'll have to pay her time, if at all.

Sounds to me like overkill for the use case. Let her have the internet. It's not like she's going to host and operate her own version of Rapidshare or YouSendIt on your connection during the couple of random hours she is looking after your kids. And if you think she is potentially up to criminal activity, then you dont want her in your house looking after your kids in the first place.
Click to expand...

Thanks. It was also what I thought until a friend of mine had a baby-sitter trying to do something funny with his network. He had a few attempts to access an internal file server in his SOHO auto-blocked and logged. Could be harmless like a script-kiddy trying to prove what she can do with newly downloaded tools from God knows where but it is a chill on the spine enough to some, myself included. My friend ceased using baby-sitters altogether, and had parents in-law taking care of kids instead. Not sure if it is wise move to me!!;)

It is also illegal (as in criminal) where I live to BT movie & music. Peoples have been busted for that. I bet most kids still do that though, and I don't want to see her caught doing it via my ip address!!
 
When you see references to RADIUS features in routers, you WILL need a RADIUS server.

The simplest way to do what you want is to block physical access to the router / switch / modem (locked room or cabinet) and use WPA2 with a strong password for wireless.
 
hkkelvinlee said:
I heard some SOHO/SMB class router has kind of access control whereby users (connecting by wire or wireless) will be brought to hotel-style webpage for entering username/password. What should I look for at router specification sheets for such feature? I am confused by acronyms like ACL, Radius server and the like and don't know what to look for
Click to expand...

What you're looking for is called a "Captive Portal". As soon as someone plugs in/attaches to your network...their web browser is forced to a webpage that either requires a submission to an end user agreement/terms of use policy, or if you like...requires entering a username and a password to proceed to the internet.

Not a common feature if "off the shelf home grade routers"....but you can find the captive portal feature on some linux distro routers.

When you mention "UTM"...that's Unified Threat Management...and this is a bundle of features above and beyond the basic "router/gateway". UTM products add features such as antivirus scanning, protection against spyware, filtering of spam and viruses from e-mail, various options for content filtering of web traffic, protection against phishing, etc.

An example of a UTM product that is "free", and has a captive portal, is Untangle. Some knowledge of hardware is required, as it requires an x86 based computer to be installed on, and you can get some reporting of user activity.

Astaro is another similar product, they have a captive portal in the works, but it's another great UTM product...free for the home user, and you have even more control of what users can do, and it has excellent reporting. (you can see what your babysitter surfed all night long)
 
You must log in or register to reply here.

Similar threads

bbunge
Control D DNS and possible DNS-rebind attacks
2
Replies
23
Views
1K
sfx2000
sfx2000
J
StrongSwan IPSec (Entware) - Missing kernel crypto modules
Replies
0
Views
272
Jeffrey Young
J
JEofMPK
Reflexive ACL.
Replies
1
Views
1K
CliffordIsReal
C
N
New Official Firmware Support from Asus
2
Replies
25
Views
3K
Tech9
Tech9
U
Want to move away from Asus routers, Ubiquiti? advice needed
4 5 6
Replies
109
Views
6K
Jbennett360
J
Similar threads
Thread starter Title Forum Replies Date
I Router access Routers 5

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 584 (members: 21, guests: 563)
Back
Top