If you can’t secure the guest Internet – trace it
In an ideal world, guests should always connect to a secure guest Internet SSID (Wi-Fi network ID running 802.1x). But, we are not there yet. You will have to balance security with convenience for your guests. The need for unencrypted open guest Wi-Fi SSIDs will not go away soon.
The delivery of the one-time password in an SMS, with a clickable link, was very convenient for John. But it was also crucial for security reasons. If you use an open guest Internet SSID, you must be able to get traceability. This is exactly what the SMS verification does. You can tie the guest account and device to a verified identity, the mobile number. Needless to say, you must separate the open SSID from your corporate network e.g. through a virtual LAN (VLAN).
Security for long-term guests
Contractors and consultants should all connect to a secure and encrypted guest Internet SSID with 802.1x support. Separated from the corporate network, but still with access to office equipment such as printers.
Provision a certificate (EAP-TLS) or username/password (EAP-TTLS) in each device to get it connected to the 1x SSID. In the future, with widespread device support for Hotspot 2.0 R2 online sign-up (OSU) and Passpoint, this process will be more automatic. Right now, we have to rely on manual installation of certificates in each device. Intelligence which supports users during setup can be built into the captive portals in the Aptilo Service Management Platform™ (SMP). If the device supports Hotspot 2.0 Passpoint profiles, users will have the option to watch an instruction video on how to install the certificate for that device. This will improve the user experience and thus the adoption rate. After the installation, they will get encrypted communications and seamlessly fly onto the secure guest Wi-Fi network.
GET OUR MOST WANTED FUNCTIONS
We have collected the most wanted enterprise guest Wi-Fi functions in our cloud service – the Aptilo Guest Wi-Fi Cloud™. Learn more about the main benefits of our guest Wi-Fi solution, adapted for different businesses and verticals.