hotspot security? AP isolation

hemlock · #1 (**permalink**) 06-17-2008, 01:18 AM

Hello,

I'm looking at building a wifi hotspot and was wondering what implications the following security setup would pose:

Wireless access unit configured with AP isolation but no encryption.
Redirect all traffic to a web page so that access to the web, or anything else would require a valid username and password.

If I have AP isolation, and user authentication, do I really need wifi encryption? What security risk would there be? Does AP isolation protect against valid authenticated users setting up an ARP spoof and packet sniffer? It would be nice so that users wouldn't have to first join the wifi network with a network key, and then have to authenticate on the web page. Unless of course, there was some way to encrypt the wifi data without bothering the user for a network password. Is there such to way to configure something like that?

Basically, I'm looking for users to join the network, type their username and password and be off. I don't want them to have enter a network key first, and then type their username and password to be off and surfing.

How are most hotel and internet cafe hotspots configured?

Thanks!

Mark Oney · #2 (**permalink**) 06-17-2008, 01:49 AM

AP isolation hides wireless clients from each other. If you have 10 wireless users on line, each user can see the computers hard wired to your network, but not each other.

hemlock · #3 (**permalink**) 06-17-2008, 02:02 AM

Quote:

Originally Posted by Mark Oney

AP isolation hides wireless clients from each other. If you have 10 wireless users on line, each user can see the computers hard wired to your network, but not each other.

Great,
I will only have a DSL modem on the wan side, and authentication server running apache, radius and chillispot.

Do I still need wireless encryption?

Is there a better/more secure way to setup this hotspot?

Thanks!

Mark Oney · #4 (**permalink**) 06-17-2008, 05:50 PM

Sveasoft Talisman Hotspot

Sveasoft

ZoneCD

PUBLICip - Free WiFi Solutions for Free WiFi Access

jingmobile · #5 (**permalink**) 07-11-2008, 12:00 AM

You can try the AeONsafe AP. It has been well deployed in silicon valley for hotspot networks. The AP has per-sta WPA feature, which allows every user to setup his/her own WPA security, instead of a shared key.
It also comes with a wireless firewall feature, which doesn't allow Wi-Fi users to access LAN devices.
It has a redirect web portal too.

AeONsafe - AeONsafe APs are now avaiable!

-Jimmy