[kwlug-disc] OT? Running Wifi hotspots sanely

Paul Nijjar paul_nijjar at yahoo.ca
Mon Mar 22 18:34:04 EDT 2010

I am trying to figure out sensible settings for a wifi hotspot, and I
am having trouble finding out what the best practices are. 

Technologically I want to use a router (pfSense) to handle DHCP and
so-called "captive portal" functionality that makes you click through
a page to access the Internet. I also want to have some OpenWRT
routers plugged in that actually provide access to the network. I
think I have some of this figured out, but I am stumbling over how to
run this hotspot sanely: 

- Do I want to have any kind of encryption (WPA/WPA2) on the wireless
  routers? Or should I be leaving the access unencrypted and have the
  portal page do all the authentication?

- Do I want to bother with usernames and passwords for the hotspot?
  For now I don't think we are bothering to charge for Internet
  access. We still could have usernames and passwords for the day, but I
  don't know whether this is worth the effort.

- What kind of privacy concerns do I have to worry about? I am running
  quite a bit of logging for the rest of our users -- with the
  firewall logs that already exist I can identify a computer by MAC
  address and go so far as to see what websites are being accessed. 
  As a user I guess I feel a little uneasy about this. As an IT 
  admin I want to know what is happening on my network so I can
  stop/troubleshoot problems. I don't know whether there are rules 
  prohibiting me from logging certain things, and/or what kind of 
  forewarning I need to provide. (I would like to provide some heads
  up warning that we do record activity on the network.) 

- Because I am a terrible paranoid person, so far I am only allowing
  traffic out on DNS and HTTP/HTTPS ports (which I understand may not
  be DNS/HTTP/HTTPS traffic exclusively). Is this standard practice? Do
  public access locations generally permit traffic more liberally? 

- What else am I not considering? 

If you have answers to these questions or pointers to best practice
documents I would be grateful. This is new territory for me, and
wireless makes me squeamish at the best of times. 

- Paul


More information about the kwlug-disc mailing list