[kwlug-disc] OT? Running Wifi hotspots sanely

Myles Braithwaite me at mylesbraithwaite.com
Tue Mar 23 08:36:29 EDT 2010


Anwsers inline.

On Monday, March 22, 2010, Paul Nijjar <paul_nijjar at yahoo.ca> wrote:
> - Do I want to have any kind of encryption (WPA/WPA2) on the wireless
>   routers? Or should I be leaving the access unencrypted and have the
>   portal page do all the authentication?

It comes down to if you want your network encryped or not. If any of
your users are going to use services that don't have https it might be
a good idea.

> - Do I want to bother with usernames and passwords for the hotspot?
>   For now I don't think we are bothering to charge for Internet
>   access. We still could have usernames and passwords for the day, but I
>   don't know whether this is worth the effort.

If you are scared of someone downloading things they shouldn't, having
a unique username might be a decent legal defence.

> - What kind of privacy concerns do I have to worry about? I am running
>   quite a bit of logging for the rest of our users -- with the
>   firewall logs that already exist I can identify a computer by MAC
>   address and go so far as to see what websites are being accessed.
>   As a user I guess I feel a little uneasy about this. As an IT
>   admin I want to know what is happening on my network so I can
>   stop/troubleshoot problems. I don't know whether there are rules
>   prohibiting me from logging certain things, and/or what kind of
>   forewarning I need to provide. (I would like to provide some heads
>   up warning that we do record activity on the network.)

As long as you are only logging URL and not the data being sent then
you are okay.

> - Because I am a terrible paranoid person, so far I am only allowing
>   traffic out on DNS and HTTP/HTTPS ports (which I understand may not
>   be DNS/HTTP/HTTPS traffic exclusively). Is this standard practice? Do
>   public access locations generally permit traffic more liberally?

Yes that is common but I don't like it.

-- 
Myles Braithwaite
http://mylesbraithwaite.com | me at mylesbraithwaite.com




More information about the kwlug-disc mailing list