[kwlug-disc] OT? Running Wifi hotspots sanely

[Paul Nijjar]

On Tue, Mar 23, 2010 at 08:36:29AM -0400, Myles Braithwaite wrote:

> On Monday, March 22, 2010, Paul Nijjar <paul_nijjar at yahoo.ca> wrote:
> > - Do I want to have any kind of encryption (WPA/WPA2) on the wireless
> >   routers? Or should I be leaving the access unencrypted and have the
> >   portal page do all the authentication?
> 
> It comes down to if you want your network encryped or not. If any of
> your users are going to use services that don't have https it might be
> a good idea.

I kind of would like to have encryption, but that adds another layer
of hassle to the people using the network and the people who are
helping them (who are not me). 

> If you are scared of someone downloading things they shouldn't, having
> a unique username might be a decent legal defence.

I don't think that will work well in a coffee-shop-type environment,
no? 

I actually have been reading about "voucher" systems, which will give
unique time-limited logins for each user. They do not exist for the
current version of pfSense (whose Captive Portal functionality is not
that good, as it turns out). I think in the future we may move in that
direction. 

> > - Because I am a terrible paranoid person, so far I am only allowing
> >   traffic out on DNS and HTTP/HTTPS ports (which I understand may not
> >   be DNS/HTTP/HTTPS traffic exclusively). Is this standard practice? Do
> >   public access locations generally permit traffic more liberally?
> 
> Yes that is common but I don't like it.

I don't like it either. I get frustrated when trying to check my mail
from the public library, because I can't use SSH with PuTTY. 

What other services are sometimes offered? 

- Paul

-- 
http://pnijjar.freeshell.org