Wireless Corporate Guest Access

Posted on 2007-07-30
Last Modified: 2013-11-12
I need to setup a  WIreless Guest Access Network in my company. I have very little experience with this .
We are using Cisco Aironet APs'.
Questions I have;
What do I use to protect the data from being snooped while in transit, I know WEP is bad, other suggestions? Is there a wireless encryption thats preferred?
Do I broadcast a Guest SSID or create a new one?
Do I run any proxys on it?
ANy ideas for Best Practices??
Thanks for the help
Question by:dunkndonuts
    LVL 19

    Accepted Solution

    You would want to be using WPA Enterprise Encryption in a business enviroment with a phrase of about 30 characters, not leters so be sure to include $p3(1AL characters as it makes it much more secure..

    As far as broadcasting your SSID its easy to detect anyway with programs such as network stumbler, as long as you have a long WPA pass phrase it shouldnt be an issue to broadcast your SSID as even to try and brute force the key would theoretically take years if its long enough.

    You could run it via a proxy in order to limit access to particular pages etc.. what would the guest be getting access to on the WLAN, would it be purely for net access?

    LVL 1

    Assisted Solution

    If your Access Points are connected to a VLAN capable switch and your Access Points are running IOS, then you can assign your public users to a totally different VLAN.

    For encryption on the secure wireless VLAN, I'd go with WPA2 + certificates.  If you're running a Windows 2003 Enterprise Server anywhere in your network, you can do this all for free.  Let me know if you need further assistance.

    Expert Comment

    What I'd do is buy a separate connection for the wireless, and then have users connect to the main network over the internet using a secure VPN connection.
    That way even is someone does get on your wireless (likely) they will still have to VPN into your corporate network to access any real information (much less likely).
    LVL 33

    Assisted Solution

    by:Dave Howe
    WEP is probably good enough for guest access; just change the key regularly and use the ability of the aeronets to support VLANning to place the guest network into a VLAN "jail".

    If you really care about security, its probably easier to give the guests access to web based resources themselves secured via https than to try and lock down on a guest web. it is a fair guess that guest users could be compromised, so they shouldn't be trusted, by yourself or each other.

    typically in a cisco-specific WLAN environment, you would be using a static key only for the guest SSN; you can tunnel or VLAN the guest traffic, even while roaming, and for the real WLAN you can use radius authentication with FAST EAP or PEAP.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
    Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
    This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now