September 12, 2019

The Risk from Offering Public Wi-Fi – WST

Many organizations want to offer wireless internet access for customers.  There are a variety of reasons for this ranging from convenience to supporting devices used for helping customers open accounts. This must be done carefully, with all risks taken into consideration.

Even when implemented as a completely separate network from your internal LAN, offering wireless network access to guests can still carry risk.  Take for example a case in the Midwest several years back where an organization had the FBI show up with a search warrant based on someone accessing child pornography from their internet connection.  Computers were seized and the story was splashed all over the local news for days.  As it turns out, the organization had an open wireless access point, which someone had used from their parking lot.  While eventually all staff was exonerated from any wrongdoing, quite a bit of reputational damage to the organization had already been done.

Institutions must carefully weigh the risk of guest wireless networks and make sure it is worth the time and expense to implement and monitor access.  Whether evaluating a current deployment, or planning a new one, here are a few things to keep in mind:

  • Publicly accessible Wi-Fi should never touch the internal network, in any way.  Ideally, the segmentation should be physical.  Separate internet connection, etc.  If using VLANs, this should be properly documented and periodically tested to make sure errors aren’t introduced that break the segmentation.
  • Public wireless networks should still utilize encryption.  Hosting an “open” hotspot is just asking for trouble.  A strong pre-shared key is still needed to keep random passers-by off your network.
  • Users should have to accept a terms of use agreement before being allowed to use the service.
  • Keep logs of activity, even for your guest network.  This will be invaluable if someone does abuse your internet connection and you want to know who, what, and when.

Past Weekly Security Tips – WST