From: nospam on
In article <jollyroger-AE8D34.18480008022010(a)news.individual.net>,
Jolly Roger <jollyroger(a)pobox.com> wrote:

> In article <080220101611090435%nospam(a)nospam.invalid>,
> (Stop trimming quotes to make it seem like I'm saying things I'm not,
> jerk.)

if you are going to resort to hominems, then you don't really have much.

> You're the one who said "it's easy to update non-Apple routers with a
> single click". Your implication is all-inclusive.

oh please. there's always going to be an exception. if you are going to
nitpick, you're grasping at straws.
From: David Empson on
nospam <nospam(a)nospam.invalid> wrote:

> In article <jollyroger-D43605.18092708022010(a)news.individual.net>,
> Jolly Roger <jollyroger(a)pobox.com> wrote:
>
> > I've had Netgear routers that required you to download the firmware
> > update on your computer, then locate that file from the router
> > administration web page to update it. And after applying the update, the
> > router wouldn't detect the update was complete, leaving a novice person
> > to guess as to how to proceed.

I've also found that every Netgear router I've tried to update via
Safari has failed to do so. I had to use Internet Explorer or Firefox to
apply the firmware update.

--
David Empson
dempson(a)actrix.gen.nz
From: David Empson on
Michelle Steiner <michelle(a)michelle.org> wrote:

> In article <1jdl9m2.1wu0m801x74k7aN%kmorgan(a)spamcop.net>,
> kmorgan(a)spamcop.net (Kathy Morgan) wrote:
>
> > > But I just noticed you said you have a switch. I'm a bit puzzled as
> > > to how things are connected now.
> >
> > Our Internet access is provided by a DSL modem which is connected to an
> > ethernet switch with approximately 10 or 12 ports. (I'm at home now, so
> > I can't look at it to confirm--there are a *whole* bunch of ports, maybe
> > 20 or 30, but I'm not sure they're all active and available for use.)
> > Each of our computers and printers is plugged into one of those ports.
> > If I got either an Express or other wireless router, it would be plugged
> > into one of the empty ports on the switch.
>
> Ah, that clarifies (and somewhat changes) things. In this case, you would
> need to set up the router as a bridge. And with that I'll bow out because
> there are people here more knowledgeable than I as to what and how you
> would need to do things.

I'm assuming Michelle is suggesting setting up the Airport Express in
bridge mode. With the configuration as described here (Airport Express
plugged into an Ethernet port on the existing switch) this would result
in all computers on the wireless network being on the same local network
as all Ethernet-connected computers.

I wouldn't regard this as a good solution for a library.

The main problem is security. It is one thing to allow visitors to use
an existing computer you are providing for them, but it is an entirely
different matter if they are bringing in their own computer and
connecting it to your network.

This is particularly dangerous if there are any Windows computers
involved (e.g. your server) due to the high incidence of malicious
software on Windows.

I wouldn't even consider a setup like this unless your server had the
highest possible degree of protection from malicious software: it must
have a well configured firewall which is closed to as many types of
outside connection as possible, and be running regularly updated
anti-virus software.

A much better arrangement is to have two separate local networks. Your
internal computers (such as your server and any other office computers)
are on one network, and the computers used by the public (and the
publically accessible wireless network) are completely separate. The
only connection between those two networks is via a firewall which
limits access to specific required services on specific devices, or if
no internal services are required, the public network can only access
the Internet.

To achieve this will require another device between your DSL modem and
local network: a more advanced router with dual local networks and the
necessary firewall features. I don't know of any such device offhand
(short of a dedicated computer with at least three network interface
cards running routing/firewall software).

--
David Empson
dempson(a)actrix.gen.nz
From: Matthew Russotto on
In article <1jdjg8f.1gsxyt23x8woN%mikePOST(a)TOGROUPmacconsult.com>,
Mike Rosenberg <mikePOST(a)TOGROUPmacconsult.com> wrote:
>
>If all one wants to do is provide WiFi, an Airport Base Station is
>actually a relatively high cost means to that end. For the $179 it
>costs, you can buy at least four basic routers from other companies. No
>USB port, no ability to stream iTunes, etc., but if those features
>aren't needed, why pay for them? Other routers are usually more easily
>configured, from a web interface.

Don't forget dual-band 802.11n and Gigabit Ethernet.

The Airport Base Station is high cost, but on par with other routers
providing dual-band 802.11n and GigE, such as the NetGear WNDR3700.
--
The problem with socialism is there's always
someone with less ability and more need.
From: Jolly Roger on
In article <1jdlkth.nkxcihv4ghtcN%kmorgan(a)spamcop.net>,
kmorgan(a)spamcop.net (Kathy Morgan) wrote:

> Jolly Roger <jollyroger(a)pobox.com> wrote:
>
> > In article <1jdl5fr.76hjfd1bqwg2pN%kmorgan(a)spamcop.net>,
> > kmorgan(a)spamcop.net (Kathy Morgan) wrote:
> >
> > > Do any routers that support guest networking allow you to put a time
> > > limit on connections? With our slow connection speed, simply putting a
> > > half-hour time limit on connections might be enough to stop any serious
> > > pirating. Aside from moral and legal considerations, we have a 10 GB
> > > per month upload/download limit, so we don't want anyone doing major
> > > downloads. Of course, I guess even if there were a built-in time limit,
> > > a person could simply reconnect after they timed out.
> >
> > You can set Mac OS X 10.6 (maybe earlier versions) to automatically log
> > out after a given time period.
>
> So you happen to know if that works any better in 10.6 than it did in
> 10.4? I have the librarian's iMac (which has 10.4 on it) set to
> automatically log out after a given time period, but the automatic
> logout usually fails due to an open document that hasn't been saved.
> (I'm just asking out of idle curiousity.)

I think you can expect the same behavior in 10.6. If you want a more
forceful logout, there are ways to do it. Just keep in mind there may be
data loss if you force quit running applications that have documents
open with unsaved changes.

> > I think it would be more effective to control which outbound ports are
> > allowed through your router (if your router supports such controls), and
> > what guests can do on the computers themselves. You might consider, for
> > instance, installing Little Snitch on the Macs to limit outgoing
> > connections to specific ports, like port 80.
>
> Controling what people do on the library's Mac's should be fairly
> straightforward; for this subthread I'm more concerned about what guests
> who bring in their own laptop might do.

Yeah. It sounds like you want firewall / proxy protection.

--
Send responses to the relevant news group rather than email to me.
E-mail sent to this address may be devoured by my very hungry SPAM
filter. Due to Google's refusal to prevent spammers from posting
messages through their servers, I often ignore posts from Google
Groups. Use a real news client if you want me to see your posts.

JR