Home > Security > Why password protect guest WiFi?

Why password protect guest WiFi?

September 30th, 2010

Pogue David Pogue posted this to his twitter feed:

“Me: Why do GUEST networks require passwords? You: “Security.”

Me: Fine–then why HAVE Guest at all? The regular WiFi already requires login!”

It’s a good question and the annoyance of needing a password to get access to what is, presumptively, open by virtue of being called a “Guest” network does seem a bit silly. The truth is though, it’s good policy to limit access even to ‘Guests’ and, in some cases, it may afford some legal protection.

When operating any network, you have certain responsibilities. To some degree, these apply whether corporate or personal but, obviously, more so when corporate, NGO, or the like:

  • Protect the internet at large from the behavior of your users.
  • Protect your ‘resident’ users from the public net.
  • Protect confidential data on your private net.
  • Meet regulatory and certification requirements.

So, guests to your network needing a password means you can ensure they are, at least nominally, invited ones. In cases where you are under regulatory scrutiny, you should generate a unique password for each guest and you might want to log their activities. (no, I don’t LIKE logging people. It offends me but sometimes it’s a job requirement)

By limiting your guests to invited ones, those you give a password, you can:

  • Ensure that only people you want to have access to what may be constrained bandwidth.
  • Provide them access to a sandboxed network to allow them access to only to resources they need, and, more importantly, you need them to have.
  • Segment outgoing traffic to a subnet other than the one your employees and official activities are done with and, possibly, with a unique domain so your ‘guests’ are less likely to accidentally land you on a spamblock or similar list.

Yes, there are those who argue that a wide open network means John Doe claims made against you by the RIAA and the like aren’t ‘you’ because anyone could have used your network but I am of the opinion that one doesn’t leave one’s guns on the porch so you can deny the ballistics data points to you as the killer. To me, there are better ways to have a stand up defense against the xIAA weasels of the world.

Post to Twitter Post to Facebook

Categories: Security Tags:
Comments are closed.