Now that you know what you’ve been missing,
Offering Public Wi-Fi Service Requires Authentication. Here’s why.March 15, 2021
Numerous property owners have been offering free, open Wi-Fi services for many years in a variety of settings such as retail, hospitality and multi-family buildings. Available networks are widely used by visitors and residents, who often assume the provider is ensuring some level of security and don’t consider (or aren’t aware of) the risks.
However, it’s becoming more important for both users and network operators alike to understand the risks and mitigate them for their own protection.
Allowing access to your Wi-Fi network without authentication protocols exposes your property and network users to avoidable risk.
Treat your Wi-Fi network as an asset and focus on planning for its maintenance will enable you to keep it secure against individuals that will exploit it for their own benefit. Common examples of network attacks include:
- ‘Honeypot’ networks where an identically named and branded network is set up, and traffic is inspected for login and credit card data.
- Injection of malicious ads into otherwise legitimate content to redirect to alternative websites and to spread malware.
- Use of the network for illegal activities such as the transmission of hate speech, stolen assets, or other illicit material.
Increased Liability for Property and Network Owners.
As the entity responsible for running the network, clearly communicate the intent of the service provided both in your agreements and online when a user takes advantage of the service. It’s imperative that you can demonstrate that you have authentication protocols in place and that your network users have accepted terms and conditions of network use to limit your liability.
As a network operator, it’s imperative you know the applicable legislation regarding record keeping, access to those records for law enforcement, and how long those records should be retained.
Help Prevent End Users from Becoming Victims of Identity Theft
Risks to an end user are perhaps the most obvious: If a user can simply turn up and “get online,” exposure to risks such as interception of login credentials, credit card information, and the possible installation of malware onto devices is difficult if not impossible to control. Easily and cheaply available hardware, coupled with tools such as Wireshark, allow bad actors to see anything transmitted over the network – from devices performing network discovery through to websites visited (via DNS requests), and data shared with HTTP websites. If there is no security, the provider can protect themselves at a basic level by presenting a disclaimer and further protecting themselves by implementing a form of authentication.
Protect Proprietary Business Data and Sensitive Information
If your employees decide to meet with others in public venues and require network access, the risks to the user can cascade to the employer. Credential interception and malware injection can lead to corporate network infection or compromise which could lead to loss of data, intellectual property, or access to other sensitive data in the enterprise. Content exchange on open networks puts companies at risk of exposing information, credentials and data.
How can you secure your network and limit your liability without disrupting service?
You’ve got a few options: These include traditional portals that require a user to “log on,” continuing to low friction high security options like key–based and profile authentications.
- Traditional Portal
- Profile Based
Creating a profile that provides a user network access for their registered devices is more secure especially if you have multiple locations and large volumes of transient users on your network. You can learn more in our blog post “It’s Time to Rally Behind Passpoint“.
- Traditional Portal
Single Digits can secure your Wi-Fi while maintaining a seamless user experience.
Whether you need a complete solution that includes captive portal, identity provision, secure profile download or any individual part thereof, we can help.
Contact us to discuss how you can secure your network, limit your liability, and provide the protection users expect without disrupting service.
By Charlie Allgrove
Product Developer/Architect, Single Digits