Nine Steps to a More Secure WLAN
There's plenty of upside to wireless computing as long as you don't forget your security basics.
Follow these recommendations:
Help Secure the Real-time Traffic
Wireless eavesdroppers can easily capture and view the traffic of your Wi-Fi hotspot. Thus, make sure you do what you can to help protect your users:
- Make Sure Users can Access VPNs
Most wireless routers and hotspot gateways have specific settings that opens up the ports used by VPNs, typically referred to as VPN Pass-through, and can usually be found in the miscellaneous or security section of the router or access point's Web-based configuration utility.
- Protect any Public Workstations
Properly protecting of any public PCs, such as disabling administration rights, helps ensure the security of the users. Special software, such as Public Access Desktop, can help lock down free-to-use workstations on the premises.
- Protect User Data
Any hotspot login and registration pages should be secured with SSL (Secure Socket Layer), especially if user payment information is submitted. Most hotspot gateways and payment processors provide SSL support.
Help Prevent Authorized Access of User Devices
- Client Isolation
Enabling this type of feature blocks the users connected to the hotspot from communicating with each other via the wireless network. This protects users who havent disabled file sharing (which they may turn on at home or work where it's useful). The client isolation setting is usually found in the advanced wireless section of most wireless routers and hotspot gateways Web-based configuration utility.
Inform Users of the Issues
Some Wi-Fi hotspot users may not understand the risks involved in using these unsecured networks. Try to let them know. In addition to helping the users, this may also be necessary for liability reasons. You could mention statements and tips such as those listed in Wi-Fi Hotspot Security: Solutions for Users on your hotspots splash screen and/or in a terms and conditions statement they must agree to before Internet access is granted.
Keep Your Networks Secured
Its very important that you properly secure any private wired or wireless networks at your location when trying to integrate a Wi-Fi hotspot.
- Use VLANs or Multiple SSIDs
Most enterprise class access points have the capability of virtual LANs or multiple SSIDs so you can create multiple networks simultaneously over one physical network. Therefore, you could create a separate virtual network, for public users, that is left unprotected.
- Use Public/Private Hotspot Gateways
Some hotspot gateways, such as the D-Link DSA-3200, allow you to easily offer public Internet access and have a separate private network sharing a single Internet connection. Typically, these gateways offer separate Ethernet ports for the public and private network interfaces. This makes it very easy to properly secure a private network.
- Install a Separate Internet Connection
In order to separate your private and public networks there is always the option of installing and using a completely different Internet connection for your public hotspot. In addition, you wont have to compete among the public users for bandwidth. The downside is, you pay twice as much for the access. But it could be worth it.
- Follow General Security Methods
When users connect to your Wi-Fi hotspot they choose the network out of a list of available networks nearby. Therefore, make sure any private wireless networks you have are secured so your users cant connect or view unencrypted traffic. You can refer to one of my earlier tutorials, Wi-Fi Security Issues Up Close, for more information.
Eric Geier is a computing and wireless networking author and consultant. Hes employed with Wireless-Nets, Ltd., a consulting firm focusing on the implementation of wireless mobile solutions and training. Eric is also an author and contributor of several books, including Wi-Fi Hotspots: Setting up Public Wireless Internet Access, and eLearning (CBT) courses.
Article courtesy of Wi-Fi Planet