Securing Public Wireless

pts.
Tags:
Firewalls
Forensics
Incident response
Intrusion management
Network security
VPN
Wireless
I have more of a theory or concept type question. My place of work offers free wireless internet to customers. One costomer asked me if it were a secured connection. I have no WEP (which in insecure anyway) or WAP1/2 or anything else. Question 1: If one customer is surfing the internet through the wireless, could another user sniff their traffic if we are using WPA? If both computers are using the same WPA Key, couldn't they decrypt the sniffed data? or does WPA create a random key off the pre-shared key? I do not know enough about this. Question 2: Is there any way to automatically encrypt data, say after accepting a certificate (or something)? We currently use a Blue Socket Gateway, which handles user authentication, but I do not think it handles encryption. I am just looking for general implementations that someone has used or leads to more information. Question 3: My boss thinks that if attempt to implement ANY type of encryption/security, we are setting ourselves up for a lawsuit. Do you think this is the case? He thinks if we have an open use-at-your-own-risk network, this is better than a partially secured network. Thanks!

Answer Wiki

Thanks. We'll let you know when a new response is added.

This is more from a user perspective, but you might provide this article for your customers: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9007142&intsrc=hm_ts_head&bcsi_scan_4012CCBD6C63F55B=9yq81SuZ3oML8mWWELp3+gMAAADmZoIH&bcsi_scan_filename=article.do

Discuss This Question: 7  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Skepticals
    Steve, Very good article. That may be something we can give to our clients.
    0 pointsBadges:
    report
  • TomGrg
    I think you would be safer from lawsuits with an encrypted wireless network. You can put a sign up in your shop, or use word of mouth, which would help to exclude use of the network from non-customers. Just a minor deterrant. WEP is better than no encryption. There are better, preferred options. Someone connecting to the Internet via cable is not much safer, frankly, as their sessions are subject to being hijacked by anyone on the same network. I'm sure there are others who can suggest a technical approach. Good luck.
    0 pointsBadges:
    report
  • R8escjohn
    Skepticals, We are a small non-profit and recently ran into similar issue with providing wi-fi public access in our large Conference Room. Our first attempt at this was to simply put a 'ole basic Linksys WAP up with 128 bit WEP and then WPA to address same security concerns and connected to our internal network. BAD IDEA! First, who knows what the public will bring in with and trying to set those up for 128 bit WEP was a total nightmare. Even WPA with a standard key was trip as there are still some older laptops out there that do not "fully" support WPA. Second, outsiders having access to our internal network is Bad, Bad, Bad....:-)to provide for "basic" firewalling and DHCP, and put that *completely* outside of our network on a totally separate network. This setup has worked extreamly well for us. Now on the security concerns that your outside clients have, that is somewhat a separate issue- at least for us. It is our stand that we provide a basic wi-fi connection for folks who use our conference room and all responsibly for their security on their equipment is up to them. The Computerworld article that was listed is an excellent resource and will share . Hope this info helps you!
    0 pointsBadges:
    report
  • R8escjohn
    Skepticals, We are a small non-profit and recently ran into similar issue with providing wi-fi public access in our large Conference Room. Our first attempt at this was to simply put a 'ole basic Linksys WAP up with 128 bit WEP and then WPA to address same security concerns and connected to our internal network. BAD IDEA! First, who knows what the public will bring in with and trying to set those up for 128 bit WEP was a total nightmare. Even WPA with a standard key was trip as there are still some older laptops out there that do not "fully" support WPA. Second, outsiders having access to our internal network is Bad, Bad, Bad....:-)to provide for "basic" firewalling and DHCP, and put that *completely* outside of our network on a totally separate network. This setup has worked extreamly well for us. Now on the security concerns that your outside clients have, that is somewhat a separate issue- at least for us. It is our stand that we provide a basic wi-fi connection for folks who use our conference room and all responsibly for their security on their equipment is up to them. The Computerworld article that was listed is an excellent resource and will share . Hope this info helps you!
    0 pointsBadges:
    report
  • Skepticals
    r8escjohn, That you for sharing your experience. We have had some similar concers regarding the WEP/WPA keys on the clients' computers... some support it, some do not. Hard to configure for non-technical people. I am not concerned with the wireless users getting onto out corporate network because I feel it is segmented from the wireless - it resides on a separate VLAN. The concern that I hear most is if another client is around the wireless users using a sniffer program to record traffic. I wish there were an easy way to encrypt the data after associating with the AP.
    0 pointsBadges:
    report
  • Bobkberg
    First off - I also agree that the Computerworld article is useful. Its only shortcoming is that it only addresses XP and Vista, Older O/S's are ignored - and there are still plenty of those out there. Skepticals - I often say that I'm paranoid by policy. Your last comment about not being concerned because the wireless is on another VLAN is an example of why I take that stand. When you're dealing with the general public, ANYTHING is possible, and should be taken into account. Your hotspot should be connected to a cable modem or DSL circuit of its own with NO connection whatsoever to your business. Bob
    1,070 pointsBadges:
    report
  • BobYoung
    Great discussion! I want to express my agreement with bobkberg. I teach wireless security, and one of my tenets is to separate the public Wi-Fi network from the corporate network. Many smaller companies (and non-profits) may be unable to afford this solution, or unwilling to spend the money, but it's still the best recommendation. To add something new to the discussion - many people want the wireless access, and tolerate the risks gladly. So far, I'm unaware of any litigation where a disclaimer has been made available by the provider. You may want to include a browser re-director for initial access, which requires them to check a box acknowledging that they accept the risks and all responsibility.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following