Wireless Guest Access – Guest WLAN Access for Office, Campus and Local Government Environments

Introduction

Historically, many businesses have been reluctant to offer wireless access in their offices due to the insecure nature of the technology. An often quoted example of security concerns are so called “car park snooping”, where hackers sit in the car park of a business   ทางเข้าufabet7777   and use the wireless network to penetrate firewalls and access the targets network.

The growth of the internet though has made access now almost mandatory in order for business to function. Guests to a site often need to be provided access to cloud applications such as salesforce.com and Google Docs or to web based demonstrations in order to support interaction and allow the business to function. The growth of tablet PCs, iPhones and other high end devices has also meant that Company executives are now demanding wireless internet connectivity as an essential ‘must have’ rather than a luxury.

Wireless access to customers, contractors, visitors and Company employees can be provided easily and without compromising corporate network security using the latest generation of wireless technologies. A well thought out guest access portal improves business productivity; increases brand loyalty, improves staff satisfaction and eliminates the burden of supporting unplanned network access by guests (and staff) to perform essential business meetings.

Types of Wireless Access

There are four main methods for controlling access to a wireless network:

– Open

– Pre-shared keys (PSK)

– Private Pre-shared keys (PPSK)

– Username and password

The following discusses the key advantages and disadvantages of each method.

Open

An open wireless network eliminates the need for configuration of guest devices. Anyone can connect to an open network. The service set identifier (SSID) is advertised via the wireless interface and can be freely discovered and connected to by users.

The downside to open guest access is that unwanted guests (e.g., neighbouring businesses) can connect to the network and can use it search for weaknesses and penetrate the corporate/secure side of the network. Since no key is passed between the wireless access point (AP) and the device when linking up then open access also means that the wireless link itself must be ‘open’ (unencrypted) enabling anyone with a modicum of knowledge to snoop the wireless link and intercept any network traffic.

As a result most network managers refuse to use open wireless links in their network, and increasingly sophisticated guest users also refuse to use them, on grounds of security.

Pre-Shared Keys

Pre-Shared Keys (PSK) allow users to access the Wireless LAN securely. In the standard configuration, anyone who knows the key can access the network. The key enables traffic between the device and the AP to be encrypted providing an accepted level of security. The key is “pre-shared” as it is statically configured before the device associates to the wireless network. Typical PSK encryption methods are WEP and (the newer/more secure) WPA2. One problem with standard PSK is that as the fixed key becomes more and more widely known by guests and 3rd parties the security is compromised. So while this methodology works well in fixed environments and provides secure wireless access between AP and device, it must be seen as endangering the corporate network over time. Whilst the PSK for the guest SSID may be regularly updated this quickly becomes challenging as the number of guests on a network increases.

Private Pre-Shared Key

Aerohive have a private pre-shared key (PPSK) solution that overcomes some of the limitations of PSK. PPSK provides a unique (private) PSK for each user. PPSKs have several strengths:

– Individualised security

– Ease of use

– Can be provisioned and revoked one by one

– Each key can be tied to a different set of user/group policies