Hotspot security for AP isolation

**maheja** · 23-11-2010

I am looking to structure a WIFI hotspot and I was just wondering what insinuations the security setup would pretense: Wireless access component configured with AP isolation but no encryption. Redirect all transfer to a web page so that access to the web, or something else would need a suitable username and password. If I have AP isolation, and user verification, do I actually require WIFI encryption? What safety threat would be there? Does AP isolation defend next to suitable genuine users setting up an Address Resolution Protocol (ARP) spoof and packet sniffer? It would be pleasant so that users would not have to primary join the WIFI network with a network key, and after that have to validate on the webpage. Is there such too way to organize incredible like that? Essentially, I am finding for customers to join the network, type their username and password and be off. I don't require them to have entered a network key first, and after that enter their username and password to be off and surfing.

**teenQ** · 23-11-2010

You can attempt the AeONsafe AP. It has been fine organized in Silicon Valley for hotspot networks. The AP has for each sta WPA feature, which permits each customer or each client to setup his own WPA security, in its place of a shared key. It as well comes with a wireless firewall feature, which does not permit Wi-Fi users to access LAN devices. It has a redirect web portal as well.

**Visala28** · 23-11-2010

I have had to execute a wireless hotspot in my friend’s place some month earlier than I intended. Obviously, this has not permitted me the time to learn up on the security of the hotspot. The tool I am utilizing is:

AP's are COLUBRIS CN3200 with cn320 for repeaters switches are dell power connects 2724's that are handled router is DrayTek 2950.

[*]Access necessary is:

Protected encrypted access for friend place LAN. Simply executed with MAC & WPA, this goes to VLAN1 which permits access to the friend place private LAN and internet.
Guest access to only the internet. Another time, it is simply executed using DHCP and an https logon with no MAC or WEP or WPA encryption. This goes to VLAN2 which simply lets access to the internet.

**Sabastiaan** · 23-11-2010

I am not familiar with switches but quite superior or pretty superior sufficient. A few ideas please note that protection cannot be unspecified and wants to be experienced.

You don't emerge to have a Radius server. As a result there machines are utilizing a shared WPA-PSK key. The trouble with shared keys is that they are simply leaked and recovered from the client machines. If you don't have physical security, or expect it may be leaking the key, I recommend you implement a Radius server. This will transport a inimitable, one time, per session encryption key, in its place of the general shared key.
MAC address filtering is a misuse of time. MAC address is not encrypted and can consequently be inhaled. It does not obtain a lot work to take out a suitable MAC address and utilize it.

**Candace** · 23-11-2010

I advise you install a few method of SNMP traffic monitoring, almost certainly at the router and the switches. By means of MRTG or RRD Tool, you will get graphs which will give you a few hints as to what normal traffic seems like. While something goes incorrect, you can frequently tell where and when something distorted. You require this because not anything you talked about is appropriate for mistreatment recognition or alleviation.

**Carley** · 23-11-2010

The previous time someone inquired me regarding wireless security, I rejoined that they in reality should be anxious regarding wired and physical security. They had purchased the top wireless hardware but had left live Ethernet ports all over the position, with no NAC (network access control) security or MS NAP (network access protection). I left the ports exist, but execute NAC. Does they have any client accessible open Ethernet ports?