diff --git a/hep-0002.md b/hep-0002.md
new file mode 100644
index 0000000..627e672
--- /dev/null
+++ b/hep-0002.md
@@ -0,0 +1,90 @@
+👉 | HEP 2: Network Security Structure
+--- | ---
+Authors | [@safaorhan](https://github.com/safaorhan)
+Status | Active
+Related PRs | [#4](https://github.com/konyahackerspace/heps/pull/4)
+Related HEPs | -
+
+
+## Summary
+This HEP describes how we can manage the internal network on a fundamental level 
+to prevent unauthorized access to our network and internet-connected devices in 
+the space.
+
+## Rationale
+Hackers of all kinds of backgrounds would be common guests of our space. The idea 
+of "hacking a hackerspace" might sound exciting for some of them. Also, motivated 
+by curiosity, some of our members might try to tinker, configure, and eventually 
+break things on our network, rendering other hackers frustrated. These precautions 
+would help us contain possible hostile attempts.
+
+## Securing Physical Access to the Router
+One of the easiest and most frustrating attack vectors is to gain physical access 
+to the router, follow the factory reset sequence on the hardware, and hence disconnect 
+all connected devices from the network. This would let the attacker reconfigure 
+the network as he'd like and create many further attack vectors.
+
+We must keep the router in a difficult-to-reach place, possibly locked in a hard 
+plastic enclosure to discourage tampering.
+
+Another layer to prevent and remedy physical access would be to issue surveillance 
+to the proximity of the router, so if anybody attempts to tinker, the community admins
+would get notified of the attempt, possibly with picture evidence.
+
+## Storing Router Admin Credentials Securely
+We should ensure that the credentials for the router's admin dashboard are stored securely.
+The fewer people who know it, the better. We shall use the password manager of hackerspace's 
+Google account aside with other critical passwords.
+
+## Creating Multiple Wireless Networks
+We shall create different wireless networks serving different purposes:
+
+\# | Type | Hidden | Criticality | Purpose
+--- | --- | --- | --- | ---
+1 | Infrastructure | Hidden | Most Critical | Security systems, smart sensors, automation devices live in this network.
+2 | Member Network | Visible | Critical | Computers and smartphones of the members, printers, 3D printers, shared or interactive electronics live here.
+3 | Guest Network | Visible | Less critical | Guests are allowed, temporary projects and experiments are welcome.
+
+We shall not provide LAN access to the router since it's not easy to 
+control who is connected to what, and nowadays, wireless is fast enough.
+If the router supports it, we can also isolate the wired network from the wireless one.
+
+### 1. Infrastructure Network
+If a device is meant to help operate the space and doesn't need others to interact with it over 
+the network, it shall live within the infra network.
+
+Good examples of these devices are:
+- A Raspberry Pi with HaOS installed
+- A connected LED-light controlled by a PIR sensor
+- A security camera
+- An RFID reader that opens the door
+- A smart switch that publishes to SpaceAPI
+
+Changing the password of this network would be the most troublesome. But for security purposes,
+we can schedule yearly maintenance time to update the infrastructure password.
+
+### 2. Member Network
+The usual network a member would connect their laptop or smartphone to. Shared electronics 
+that members would access should be placed in this network.
+
+Some examples would be:
+- 3D printers, so that members can send jobs over the network
+- Regular printers and scanners
+- Other tools and devices controllable by members over the network
+
+We can change the password for this network a couple of times a year
+as a security measure. And only let current members know the new password.
+
+### 3. Guest Network
+When guests arrive at the space for events and one-off visits, they can connect to
+this network. So that they won't have access to the internet-connected tools. Also,
+when someone wants to experiment with something, share the password with the attendees in 
+a workshop, create a new IoT device, or similar, they can use this network.
+
+The SSID and password of the guest network can be placed in NFC tags and placed 
+on the walls. A QR can be okay, but less safe, since we have a wall of glass on the
+roadside.
+
+Lastly, we can change the password of this network frequently to deal with free 
+loaders, and since it would be really effortless to do it.
+