Many small business owners create wireless hot spots for their customers and you might be asked to help them configure one. If you’re planning to take the Security+ exam, you should have a basic understanding of troubleshooting security issues related to wireless networking.
For example, can you answer this question?
Q. You are assisting a small business owner in setting up a public wireless hot spot for her customers. Which of the following actions are MOST appropriate for this hot spot?
A. Enabling Open System Authentication
B. Enabling MAC filtering
C. Disabling SSID broadcast
D. Installing Yagi antennas
More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.
Captive Portals
A captive portal is a technical solution that forces clients using web browsers to complete a specific process before it allows them access to the network. Organizations commonly use it as a hot spot that requires users to log on or agree to specific terms before they can access the Internet. Here are three common examples:
- Free Internet access. Many hospitals and other medical facilities provide free Internet access to patients and visitors. The captive portal requires users to acknowledge and agree to abide by an acceptable use policy. Free captive portals rarely require users to log on, but instead just require them to check a box indicating they agree, and then click a button to continue.
- Paid Internet access. Many hotels, resorts, cruise ships, and airlines provide Internet access to customers, but on a pay-as-you-go basis. When users attempt to access the Internet, they are redirected to the captive portal and must successfully log on with a precreated account or enter credit card information to pay for access.
- Alternative to IEEE 802.1x. Adding an 802.1x server can be expensive and is sometimes not a feasible option. Organizations can use captive portals as an alternative. It requires users to authenticate before granting them access.
Hot Spots and Isolation Mode
Many small business owners create wireless hot spots for their customers and you might be asked to help them configure one. If you want to prevent wireless clients from communicating with each other, you can enable Isolation mode on the WAP. Clients are able to connect to the WAP, but Isolation mode segments or isolates each wireless user. This provides a level of security for the customers, but does not prevent someone from hosting an evil twin.
Another consideration is the type of security. Many hot spots use WEP with Open System Authentication (OSA), which doesn’t use a preshared key, or they just disable the security. When configured this way, hot spot administrators often use a captive portal to provide a warning to the users that their communications are not secure.
Remember this
Isolation mode is used in an access point (AP) to prevent clients from connecting to each other. Public networks sometimes use this to protect wireless clients. You can configure hot spots with WEP and Open System Authentication or security disabled so that users do not need a preshared key.
Q. You are assisting a small business owner in setting up a public wireless hot spot for her customers. Which of the following actions are MOST appropriate for this hot spot?
A. Enabling Open System Authentication
B. Enabling MAC filtering
C. Disabling SSID broadcast
D. Installing Yagi antennas
Answer is A. Open System Authentication is the best choice of those given for a public wireless hot spot. It is used with Wired Equivalent Privacy (WEP), doesn’t require users to enter a preshared key or passphrase, and doesn’t require the business owner to give out this information.
It’s also possible to disable security for the hot spot. Media access control (MAC) address filtering would be very difficult to maintain.
Disabling service set identifier (SSID) broadcasting would make it difficult to find the wireless network, and installing a directional Yagi antenna isn’t appropriate for a hot spot that needs an omnidirectional antenna.