[ceez]

Hey everyone.

I have a friend that has a small pizza shop, he has comcast internet and wants to share it via wifi for his clients.

Security becomes a concern since his running his registers and cc equipment via the same comcast line. The only TRUE way to prevent any packet sniffing on his comcast is to order a 2nd line or a DSL line that runs separate from his comcast.

I thought of segmenting his network via a VLAN so register/cc traffic is separate from free wifi.

Do any of you have any options or expereince with this?

Thanks,

ceez

[tain]

Sounds like you've got the right idea about threats and mitigation. It somewhat depends on what hotspot solution he will use as some may already have segregation features or may not work with certain network configs.

[ceez]

Tain what do you mean by hotspot solution? Are you talking about a wifi router or ap OR actually some device that's called a hotspot that provides additional security for environments like these?

my idea is as follows

cloud - cable modem - linksys wifi router with 2 vlans

vlan1 - clients ip: 192.168.x.x dynamic ip
vlan2 - store ip: 10.201.x.x. each store device with static ip.

[tain]

Not to be smart about it, just for clarification:
https://secure.wikim.../Captive_portal
https://secure.wikim...pot_%28Wi-Fi%29

[IcemanND]

You should be able to get a second IP from Comcast, and likely a new modem and run two networks on the same incoming line.

Whatever solution you chose be sure that it meets the PCI DSS requirements.

It also depends upon what equipment they are using and how it handles CC data.