|
My
Publications -
Tutorials
Wi-Fi
Hotspot Security: Solutions for Admins
By
Eric Geier
-
Originally Published by Wi-Fi
Planet on August 28, 2006 -
Wi-Fi hotspot
administrators can help protect users from security threats such as
discussed in Wi-Fi Hotspot Security: The Issues. Don't forget,
offering public wireless access also creates a few security concerns
for the admins and providers themselves. However, Wi-Fi hotspots can
still be safe and secure for both the users and the businesses or
organizations hosting them if the issues are properly addressed.
Follow these
recommendations:
Help Secure
the Real-time Traffic
Wireless
eavesdroppers can easily capture and view the traffic of your Wi-Fi
hotspot. Thus, make sure you do what you can to help protect your
users:
- Make Sure Users can Access VPNs:
Most wireless routers and hotspot
gateways have specific settings that opens up the ports used by
VPNs, typically referred to as VPN Pass-through, and can usually
be found in the miscellaneous or security section of the router or
access point's Web-based configuration utility.
- Protect any Public
Workstations: Properly protecting of any public PCs, such as
disabling administration rights, helps ensure the security of the
users. Special software, such as Public Access Desktop, can help
lock down free-to-use workstations on the premises.
- Protect User Data: Any
hotspot login and registration pages should be secured with SSL
(Secure Socket Layer), especially if user payment information is
submitted. Most hotspot gateways and payment processors provide
SSL support.
Help
Prevent Authorized Access of User Devices
When users
connect to Wi-Fi hotspots, they connect to a network. As a result, the
devices may be able to communicate with each other and hackers may be
able to access other mobile devices on the network. Thus, you should
enable this feature:
Inform
Users of the Issues
Some Wi-Fi
hotspot users may not understand the risks involved in using these
“unsecured” networks. Try to let them know. In addition to helping
the users, this may also be necessary for liability reasons. You could
mention statements and tips such as those listed in Wi-Fi
Hotspot Security: Solutions for Users on
your hotspot’s splash screen and/or in a terms and conditions
statement they must agree to before Internet access is granted.
Keep Your
Networks Secured
It’s very
important that you properly secure any private wired or wireless
networks at your location when trying to integrate a Wi-Fi hotspot.
- Use VLANs or
Multiple SSIDs: Most enterprise class access points have the
capability of virtual LANs or multiple SSIDs so you can create
multiple networks simultaneously over one physical network.
Therefore, you could create a separate virtual network, for public
users, that is left “unprotected.”
- Use
Public/Private Hotspot Gateways: Some hotspot gateways, such
as the D-Link
DSA-3200, allow you to easily offer public Internet access and
have a separate private network sharing a single Internet
connection. Typically, these gateways offer separate Ethernet
ports for the public and private network interfaces. This makes it
very easy to properly secure a private network.
- Install a
Separate Internet Connection: In order to separate your
private and public networks there is always the option of
installing and using a completely different Internet connection
for your public hotspot. In addition, you won’t have to compete
among the public users for bandwidth. The downside is, you pay
twice as much for the access. But it could be worth it.
- Follow
General Security Methods: When
users connect to your Wi-Fi hotspot they choose the network out of
a list of available networks nearby. Therefore, make sure any
private wireless networks you have are secured so your users
can’t connect or view unencrypted traffic. You can refer to one
of my earlier tutorials, Wi-Fi
Security Issues Up Close,
for more information.
|
