adam's notes

Guest Networks and Captive Portal

  • Open authentication is used to facilitate guest access
  • separate SSIDs are created for employee and guest access
    • keeps the traffic for each network separate
    • can also apply more restrictions
      • only allowing Internet access, rather than to LAN
      • can be fully segmented from employee traffic
  • Open authentication may be combined with a secondary authentication mechanism managed via a browser
    • When client associates with the open hotspot and launches the browser,
      • redirected to a captive portal
        • allows the client to authenticate to the network
        • uses HTTPS
          • so needs a trusted certificate
        • may have terms and conditions or payment requirements
  • using open wireless securely:
    • use HTTPS and file transfer with TLS
    • or use VPN
      • associated with hotspot
      • then start VPN connection
      • must use certificate-based tunneling to setup the “inner” authentication method

Graph View

Backlinks