Wi-Fi Hotspot Security: Solutions for Admins
August 28, 2006
Learn what you need to do to protect yourself and your users when hosting Wi-Fi hotspots.
Wi-Fi hotspot administrators can easily help protect users from security threats such as those discussed in Wi-Fi Hotspot Security: The Issues. Don't forget, offering public wireless access also creates a few security concerns for the admins and providers themselves. However, Wi-Fi hotspots can still be safe and secure for both the users and the businesses or organizations hosting them, if the issues are properly addressed.
Just follow these recommendations:
Help Secure the Real-Time Traffic
Wireless eavesdroppers can easily capture and view the traffic of your Wi-Fi hotspot. Thus, make sure you do what you can to help protect your users:
- Make Sure Users Can Access VPNs
Most wireless routers and hotspot gateways have specific settings that open up the ports used by VPNs, typically referred to as VPN pass-through, which can usually be found in the miscellaneous or security section of the router's or access point's Web-based configuration utility.
- Protect any Public Workstations
Properly protecting any public PCs, i.e. disabling administration rights, helps ensure the security of the users. Special software, such as Public Access Desktop, can help lock down free-to-use workstations on the premises.
- Protect User Data
Any hotspot login and registration pages should be secured with SSL (Secure Socket Layer), especially if user payment information is submitted. Most hotspot gateways and payment processors provide SSL support.
Help Prevent Authorized Access of User Devices
- Client Isolation
Enabling this type of feature blocks the users connected to the hotspot from communicating with each other via the wireless network. This protects users who havent disabled file sharing (which they may turn on at home or work where it's useful). The client isolation setting is usually found in the advanced wireless section of most wireless routers' and hotspot gateways' Web-based configuration utility.
Inform Users of the Issues
Some Wi-Fi hotspot users may not understand the risks involved in using these unsecured networks. Try to let them know. In addition to helping the users, this may also be necessary for liability reasons. You could mention statements and tips such as those listed in Wi-Fi Hotspot Security: Solutions for Users on your hotspots splash screen and/or in a terms and conditions statement they must agree to before Internet access is granted.
Keep Your Networks Secured
Its very important that you properly secure any private wired or wireless networks at your location when trying to integrate a Wi-Fi hotspot.
- Use VLANs or Multiple SSIDs
Most enterprise-class access points can enable virtual LANs or multiple SSIDs so you can create multiple networks simultaneously over one physical network. Therefore, you could create a separate virtual network for public users that is left unprotected.
- Use Public/Private Hotspot Gateways
Some hotspot gateways, such as the D-Link DSA-3200, allow you to easily offer public Internet access and have a separate private network sharing a single Internet connection. Typically, these gateways offer separate Ethernet ports for the public and private network interfaces. This makes it very easy to properly secure a private network.
- Install a Separate Internet Connection
In order to separate your private and public networks, there is always the option of installing and using a completely different Internet connection for your public hotspot. In addition to its other benefits, this ensures that you wont have to compete with the public users for bandwidth. The downside is that you pay twice as much for the access, but it could be worth it.
- Follow General Security Methods
When users connect to your Wi-Fi hotspot, they choose the network out of a list of available networks nearby. Therefore, make sure any private wireless networks you have are secured so your users cant connect or view unencrypted traffic. You can refer to one of my earlier tutorials, Wi-Fi Security Issues Up Close, for more information.
Eric Geier is a computing and wireless networking author and consultant. Hes employed with Wireless-Nets, Ltd., a consulting firm focusing on the implementation of wireless mobile solutions and training. Eric is also an author of and contributor to several books, including Wi-Fi Hotspots: Setting up Public Wireless Internet Access, as well as eLearning (CBT) courses.