Inside TDV - The Data Vault Blog
Securely Managing Guest WiFi Networks
Almost every organization has some sort of visitor access to their wireless internet. From fast food chains to hospital waiting rooms, partners and clients have come to expect this service; but in the era of increased security concerns on the digital front, how can a business maintain their integrity while still allowing for this essential function?
In a recent article by Craig Mathias of Farpoint Group (a wireless and mobile security advisory firm), he discusses some of the best ways to handle the dual needs of security and customer service. Though common sense would dictate some of these practices, others would seem to be less obvious to the casual observer or small organization. With the proliferation of smart devices in society, now is the time to heed advice on how to handle this sensitive topic.
Many devices offer identity management capabilities that enable IT staff to collect guest credentials information. Companies can then capture and maintain this data for their own analysis of guest network usage. These services also make it easy to create multiple classes of guests and apply different permissions to different groups. After all, organizations often have several types of visitors; some who require different levels of network access than others.
Login credentials for guests should expire after a pre-defined period, such as the end of the work day, 24 hours or a multi-day (but preferably brief) engagement. Credentials that do not expire often become a security hole, allowing unauthorized reentry onto the network down the road.
Splash Page Agreements
Organizations should list their local network access policies on a splash page that any connecting guest must pass through before connecting to the network. That page should include a “click here to agree” button. This provides a degree of protection if a guest violates IT’s policies or even local laws. This may seem trivial in the grand scheme of things, but if it comes down to prosecution it can make a huge difference in the outcome.
Per-Session Security Keys
Look for third-party services that automatically assign security keys on a per-user basis. Don’t just give out a single password to everyone; per-user, per-session keys make it easier to block a specific troublesome guest user with no interruption to everyone else. Enterprise-grade guest wireless network access should require security at the WPA2 level or greater — 802.1X, IPsec, SSL, or a similar level of security. No company should ever leave its wireless network open.
When creating corporate policies for internet access, it pays to take these tips into consideration. As cybersecurity threats stay on the forefront of all considerations, striking a balance between usability and reducing vulnerabilities is possible.