Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
624
Views
0
Helpful
3
Replies

should security implemented on a public wireless network?

riderfaiz
Level 1
Level 1

‎07-20-2012 01:49 PM - edited ‎07-03-2021 10:26 PM

Hi everyone,

We are setting up a Cisco Wireless newtork for public access. That means any poeple on the street...as soon as they are in our building they would get free wifi. However, one of my managers would like to implement at least preshare key for the wireless network.

My question is then... is it meanful to deploy the security if everyone in the public can get the same preshare key, or wpa (if leap is used, user account will be wide open offered)?

If the answer is no, it is not menaful to deploy the secuirty, how would I explain technically or logically to my manager? What about if yes, and which kind of security should we use?

I know ssl2 or ssl3 is the way to provide application level encrpytion...

So what is your opinion?

Thank you very much

Takami Chiro

Labels:
0 Helpful
3 Replies 3

Amjad Abdullah
VIP Alumni
VIP Alumni

‎07-20-2012 02:12 PM

Hi,

Security will encrypt the traffic so people does not know the preshared key cant see and analyze packets you send and receive.

Or peshared key can be used if you want only people that knows the key to Connect. This will restrct the network usage to those that knows the key. Leaving the network as open may make everyone to connect including outsiders.

HTH

Amjad

Sent from Cisco Technical Support iPad App

Rating useful replies is more useful than saying "Thank you"
0 Helpful

Karsten Iwen
VIP
VIP

‎07-20-2012 02:22 PM

You receive a security-benefit as it's much harder to sniff traffic of other users. Even if everyone has the PSK. So from a security-standpoint it will get better then before.

From a psychololical standpoint is could get worse. The wireless users see that the WLAN is secured and start to use communication without end to end encryption. But that's a false sense of security because the attacks are just harder, but not impossible.

If there is no security at all on the WLAN, at least some people will recognize that they shouldn't use any communication without end to end security.

And for the mentioned application level encryption: SSLv2 is not an option any more:

http://tools.ietf.org/html/rfc6176

0 Helpful

grabonlee
Level 4
Level 4

‎07-21-2012 02:53 PM

Hi Takami

The purpose of public wifi is so that your external clients can have hassle-free internet connectivity. If you implement a PSK, then users would have to type the key and once it is saved, they would always have unlimited access to Internet without your permission unless you keep changing the key or provide another layer of authentication.

I would suggest that you do not implement PSK and instead reduce the dhcp lease time for IP addresses to about 30mins so that people on the street do not clog up your IPs. Secondly, implement a Radius authentication scheme, so that once your clients have an IP, they only have to type in the Username and Password provided by you. Hence your clients only have one level of authentication and not 2 levels.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card