Nine Steps to a More Secure WLAN

There's plenty of upside to wireless computing as long as you don't forget your security basics.

By Eric Geier | Posted Aug 28, 2006
Page of   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Wi-Fi hotspot administrators can help protect users from security threats such as discussed in Wi-Fi Hotspot Security: The Issues. Don't forget, offering public wireless access also creates a few security concerns for the admins and providers themselves. However, Wi-Fi hotspots can still be safe and secure for both the users and the businesses or organizations hosting them if the issues are properly addressed.

Follow these recommendations:

Help Secure the Real-time Traffic

Wireless eavesdroppers can easily capture and view the traffic of your Wi-Fi hotspot. Thus, make sure you do what you can to help protect your users:

  • Make Sure Users can Access VPNs
    Most wireless routers and hotspot gateways have specific settings that opens up the ports used by VPNs, typically referred to as VPN Pass-through, and can usually be found in the miscellaneous or security section of the router or access point's Web-based configuration utility.
  • Protect any Public Workstations
    Properly protecting of any public PCs, such as disabling administration rights, helps ensure the security of the users. Special software, such as Public Access Desktop, can help lock down free-to-use workstations on the premises.
  • Protect User Data
    Any hotspot login and registration pages should be secured with SSL (Secure Socket Layer), especially if user payment information is submitted. Most hotspot gateways and payment processors provide SSL support.

Help Prevent Authorized Access of User Devices

When users connect to Wi-Fi hotspots, they connect to a network. As a result, the devices may be able to communicate with each other and hackers may be able to access other mobile devices on the network. Thus, you should enable this feature:

  • Client Isolation
    Enabling this type of feature blocks the users connected to the hotspot from communicating with each other via the wireless network. This protects users who haven’t disabled file sharing (which they may turn on at home or work where it's useful). The client isolation setting is usually found in the advanced wireless section of most wireless routers and hotspot gateways Web-based configuration utility.

Inform Users of the Issues

Some Wi-Fi hotspot users may not understand the risks involved in using these “unsecured” networks. Try to let them know. In addition to helping the users, this may also be necessary for liability reasons. You could mention statements and tips such as those listed in Wi-Fi Hotspot Security: Solutions for Users on your hotspot’s splash screen and/or in a terms and conditions statement they must agree to before Internet access is granted.

Keep Your Networks Secured

It’s very important that you properly secure any private wired or wireless networks at your location when trying to integrate a Wi-Fi hotspot.

  • Use VLANs or Multiple SSIDs
    Most enterprise class access points have the capability of virtual LANs or multiple SSIDs so you can create multiple networks simultaneously over one physical network. Therefore, you could create a separate virtual network, for public users, that is left “unprotected.”
  • Use Public/Private Hotspot Gateways
    Some hotspot gateways, such as the D-Link DSA-3200, allow you to easily offer public Internet access and have a separate private network sharing a single Internet connection. Typically, these gateways offer separate Ethernet ports for the public and private network interfaces. This makes it very easy to properly secure a private network.
  • Install a Separate Internet Connection
    In order to separate your private and public networks there is always the option of installing and using a completely different Internet connection for your public hotspot. In addition, you won’t have to compete among the public users for bandwidth. The downside is, you pay twice as much for the access. But it could be worth it.
  • Follow General Security Methods
    When users connect to your Wi-Fi hotspot they choose the network out of a list of available networks nearby. Therefore, make sure any private wireless networks you have are secured so your users can’t connect or view unencrypted traffic. You can refer to one of my earlier tutorials, Wi-Fi Security Issues Up Close, for more information.

Eric Geier is a computing and wireless networking author and consultant. He’s employed with Wireless-Nets, Ltd., a consulting firm focusing on the implementation of wireless mobile solutions and training. Eric is also an author and contributor of several books, including Wi-Fi Hotspots: Setting up Public Wireless Internet Access, and eLearning (CBT) courses.

Article courtesy of Wi-Fi Planet

Add to del.icio.us | DiggThis

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter