I’ve seen it happen; people sometimes hand out the corporation’s wireless security passphrases to allow visitors access to the internet. Without the right equipment and design, this opens the internal network to the guest.
Even though they’ve been warned that this behavior may put their infrastructure at risk, employees often want and need to give this access to their visitors. It’s even more scary when policies are not in place to change pass phrases at regular intervals; possibly permitting the guest to retain the pass phrase for years without being noticed (obviously, I’m not talking about two factor authentication devices here).
Several methods are available to allow guest access to the internet from your wireless network without sacrificing security. Some require purchasing secondary wireless devices, and/or configuring VLANs throughout the network infrastructure. Or if you’re lucky enough to have a Ruckus Wireless Controller, it’s built in. Active Directory users can create their own guest passes on an easy-to-use webpage.