Wireless Guest Access – Not as easy as you may think

By - April 30, 2015

Businesses and organizations of all types are deploying wireless access for their guests.  Coffee shops, schools, libraries, shopping centers, restaurants, and hotels are just a few examples of places where patrons expect free Internet access.  For some organizations, wireless guest access is as simple as a trip to the nearest discount store, a consumer grade access-point, and a few minutes of setup time.  Some companies will even add a separate Internet connection to segregate their guest traffic from their business network.  But are these methods enough to meet the expectations of their guests while protecting their business?   Let’s examine just a few of the risks associated with wireless guest access:

  • Bandwidth hogs – A single download or streaming media by a small number of users can make the Internet connection unusable for the rest of your guests.  If your business shares an Internet connection with your guests, your business applications could also suffer.  Having the ability to limit bandwidth and prioritize applications is just as important as a strong wireless signal.
  • Wi-Fi freeloaders – Bandwidth is getting cheaper but it still isn’t free.  Most organizations are not in the business of providing free Internet access to their local neighborhood.  A guest network should limit users without making it too difficult for your guests to get connected.
  • Dual-homed hosts – Many devices now come standard with wired and wireless network interfaces.  A system on the protected business network could connect to the unsecured guest network and provide hackers a backdoor into the business network.  Protected business assets should be restricted to secured networks only.
  • Filter bypass – Employees may connect to the guest network in order to bypass web filtering and data-leak prevention controls which are typically deployed on the protected business network.    The guest network should provide visibility and alerting to potential attempts to bypass network security controls by protected assets.
  • Unauthorized or unlawful activity – An organization is still liable for the activity sourced from their Internet connection regardless if it is separated from their business network or not.  A rouge system attached to the wireless network could be utilized to attack other systems or host illegal content.  The guest network should have the ability to track potential incidents back to the original source.

Providing reliable wireless access for your guests while keeping your business network secure doesn’t have to be difficult or expensive.  Contact the professionals at RSM to review your wireless needs and learn more about today’s wireless solutions.

Scott leads the national network and unified communication solutions team, which encompasses network cyber-defense technologies, transport systems and unified communication platforms. Prior to joining RSM in 2003, Scott worked for a software company as a senior network engineer where he was responsible for the design and implementation of data and voice networks to support financial transactions in excess of over $1 million every minute and up to 800,000 online traders. Scott also has an extensive background in network design and architecture. He has designed infrastructures to support both front and back-office financial transactions with a variety of firms. Scott has great discipline in the field of network documentation and operational procedures. He has created web-based systems to capture network-based move, add and change requests, and a live documentation management system. He also has detailed experience for the implementation of network monitoring and management tools from a variety of vendors. In order to accommodate government regulation of financial-based networks, Scott has designed networks for five nines of availability. During his employment with a software company, the core network designed by Scott was able to switch all 800,000 users and over a dozen back-end connections to a remote recovery facility in less than three minutes. Switching services to the remote facility was performed once per month to ensure clients of the business continuance plan.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Receive Posts by Email

Subscribe to the IT Infrastructure blog and receive notifications of new posts by email.
  • This field is for validation purposes and should be left unchanged.