Easy Guest Access in Secure Wireless Networks

The Challenge

I’ve seen it happen; people sometimes hand out the corporation’s wireless security passphrases to allow visitors access to the internet.  Without the right equipment and design, this opens the internal network to the guest.  

Even though they’ve been warned that this behavior may put their infrastructure at risk, employees often want and need to give this access to their visitors.  It’s even more scary when policies are not in place to change pass phrases at regular intervals; possibly permitting the guest to retain the pass phrase for years without being noticed (obviously, I’m not talking about two factor authentication devices here).

One Solution

Several methods are available to allow guest access to the internet from your wireless network without sacrificing security.  Some require purchasing secondary wireless devices, and/or configuring VLANs throughout the network infrastructure.  Or if you’re lucky enough to have a Ruckus Wireless Controller, it’s built in.  Active Directory users can create their own guest passes on an easy-to-use webpage.

The Configuration

Within the Ruckus ZoneDirector, click the Configure tab.  Under the WLANs tab, create a new WLAN.  After the naming and description option, the Ruckus software allows three types of WLAN Usages (Standard, Guest Access, and Hotspot Service).  For Guest Access WLANs, the access is based on Guest Access Policies and access controls which are defined in Guest Access area of the Configuration tab.  Within here, you can define Authentication, compose your Terms of Use, and even Redirection of website requests.  Guest Pass Generation Authentication permissions can based either on a local database, or Microsoft’s Active Directory.  Most important within this section is Restricted Subnet Access.  The Ruckus setup acts as a proxy for guests thus easing the configuration by avoiding complex VLAN configurations throughout the networking infrastructure.

Problem solved!

 

2017-07-27T00:01:08+00:00 November 17th, 2011|Uncategorized|

About the Author: