dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
2513

planet
join:2001-11-05
Oz

planet

Member

router security using guest access

My Linksys e1500 router has a guest access feature that I like using for times when I have visitors wanting to access the internet using their own devices (IPad). I have mine set up to allow only one guest at a time. Otherwise I could allow up to 10.

My question, is there any way you are more vulnerable leaving your guest access on when not in use?

Taken from here: »www6.nohold.net/Cisco2/G ··· verted=0
The Guest network is a virtual network within your private network because it operates on a different IP address range (192.168.33.x). This allows your guests to connect to the Internet without becoming a part of your private network.

SoonerAl
MVM
join:2002-07-23
Norman, OK

SoonerAl

MVM

Click for full size
Current home network
FWIW I have a ZyXEL NBG334W wireless router with a guest wireless network. In my case I keep the guest WLAN on 24/7 protected by a long ASCII key. I use the guest WLAN for guest devices (obviously) and for internet connectivity for my Wii game console and a DIRECTV wireless cinema connection kit (CCK-W). My guest WLAN is configured for up to 16 device IP addresses.

Provided you use a sufficiently long encryption key/passphrase and WPA2/WPA I see no reason not to simply leave the guest WLAN enabled.

planet
join:2001-11-05
Oz

planet

Member

The Linksys E1500 is a cheaper router. Paid somewhere around $99. The guest account is seen via SSID as an unsecured network. However, a password is needed to access the internet. I'm assuming it's similar to an open wifi (like Starbucks) where you'd be provided a password to get on the net.

I'm wondering how secure it is when not in use. Theoretically, could someone connect to the router and do mischief w/o accessing internet with needed password?

SoonerAl
MVM
join:2002-07-23
Norman, OK

1 edit

SoonerAl

MVM

said by planet:

The Linksys E1500 is a cheaper router. Paid somewhere around $99. The guest account is seen via SSID as an unsecured network. However, a password is needed to access the internet. I'm assuming it's similar to an open wifi (like Starbucks) where you'd be provided a password to get on the net.

I'm wondering how secure it is when not in use. Theoretically, could someone connect to the router and do mischief w/o accessing internet with needed password?

Have you tested that? I presume you have changed the routers admin password to something other than the default.

What happens if you use a program like inSSIDer on a wireless computer? Does the guest network showup as not being secured?

I would post to the Linksys forums for help with that question...

»Linksys

»homecommunity.cisco.com/ ··· _Routers

I would in anycase use a long password. The Cisco help page indicates you can use a max 32-character alphanumeric password...

»homekb.cisco.com/Cisco2/ ··· 1461.xml

FWIW my ZyXEL cost me $20 a few years ago on sale, including an 802.11g USB adapter for a laptop, so cost is certainly not a factor...
HarryH3
Premium Member
join:2005-02-21

HarryH3 to planet

Premium Member

to planet
IIRC, the Linksys guest access is unsecured. In this case, unsecured means unencrypted (No WEP, WPA/WPA2 on that connection). You can force the user to enter a password, but that just grants them access to the net. Their data is still passing as clear data.

SoonerAl
MVM
join:2002-07-23
Norman, OK

SoonerAl to planet

MVM

to planet
said by planet:

The Linksys E1500 is a cheaper router. Paid somewhere around $99.

I just saw an E1500 in one of our local Walmarts for $60 FWIW...
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to planet

MVM

to planet
said by planet:

My question, is there any way you are more vulnerable leaving your guest access on when not in use?

Depends on how the vendor implements "guest" wireless. Truth be told, there's no standard for this.
Some just do a 2nd SSID. Others offer full isolation from your main LAN.

For $99, I'd expect something that "just works" and nothing more.

My 00000010bits.

Regards

planet
join:2001-11-05
Oz

planet

Member

Thanks for the responses. Not much chatter about this subject on the net at all. I will enable it when necessary and disable it for peace of mind. Was hoping that I could simply leave it enabled. But with no standard, the potential for exploit could be there.