Providing WiFi Access To Your Clients
If you are in the wedding business you almost certainly see brides coming in for consultations with their laptops or tablets and wanting to connect to Pinterest, Instagram, etc. Providing access to your wireless network in these situations is beneficial if not absolutely essential.
They key is doing it safely. The easy ways to do it, like running an open network or simply giving away the password to the primary network, are simply not safe. In fact they are incredibly dangerous.
The first problem is that by leaving your wireless network open, or giving someone else the password, you have lost control of your network. Anyone within range of an open network can connect, and if you give someone the password to a secure network they can then distribute it to as many other people as they like and give them access as well.
What can people do once they have that access? Probably more than you realize. The intention is to just get them internet access but by putting them on the primary network you are giving them access to network resources like shared folders and other network resources. They could easily access, copy or delete any shared files or folders.
Think about the complimentary wifi in the lobby of a hotel. That gets you internet access, but it doesn't get you onto the hotel's primary network . If it did you could potentially view reports, delete HR files, etc. It would be disastrous!
The solution is to create a separate “sandboxed” guest account allows guests to use your internet connection without granting access to other network resources. It’s not very complicated, and it shouldn’t cost you anything.
Most wireless routers will allow you to set up this kind of guest account. It is done using the router admin/configuration tools, most commonly accessed by visiting 192.168.1.1 from a device currently on that wireless network. This is the same place where you change the network password, etc.
The first step involves enabling the guest account feature. This usually just means checking a box. The next step is to give it a name. There are times it is worth considering a name that obscures the location/nature of the network but this isn’t one of them. Remember – people connected to the guest account only get internet access, and the whole point of this is to make getting access easy. Don’t choose a name that will complicate things. Something like my "shop name - guest" is perfect.
You may also have the option of disabling SSID broadcast (or enabling “stealth mode”). This means that the router won’t broadcast the name of the network and it generally won’t appear in the list of options that you can choose when trying to connect to the network. This means that guests have to enter the name of the network manually. Since the point is to make connecting easy just leave SSID broadcast enabled. Hiding the network provides only the illusion of security.
The next step is to determine what type of encryption to use. It’s tempting to just leave the guest network wide open (no password required) but that means anyone within range can connect. It also makes your guests vulnerable because their data is not encrypted. Instead stick with the best combination of security and compatibility – WPA2 Personal.
That means having a password. Again – the access provided by this account is limited so you can keep it simple. The password is less about blocking access to the network than it is about the password being an essential part of encrypting the wireless traffic and protecting your guests that use the network.
Leaving it open to anyone within range means that people could sit in their car nearby and use your connection for free. It might not seem like a big deal but this is popular with those who want to use somebody else’s connection for questionable activities – things like transferring pirated content (software, music, movies) or illegal material (child pornography, etc.). Any such activity would be traced back to you because they would be using your IP address and internet connection to enable their activity.
It’s better to use a simple password you make available only to clients (and possibly employees & contractors, more on that another day). It is also easy to change the password once a month or so.