Re: Free Wi-Fi Hotspot?

gordon@xxxxxxxxxx (Gordon Henderson) wrote in
news:462875a6$0$10737$db0fefd9@xxxxxxxxxxxxxx:

In article <Xns9917E6C6CD324frz@xxxxxxxxxxx>,
Frazer Jolly Goodfellow <no-spam@xxxxxxxxxxx> wrote:
"dennis@home" <dennis@xxxxxxxxxxxxxxxxxxxxxx> wrote in
news:f087mv $kk9$1@xxxxxxxxxxxxxxx:


"alexd" <troffasky@xxxxxxxxxxx> wrote in message
news:1351805.7zljSQaN3Q@xxxxxxxxx
Frazer Jolly Goodfellow wrote:

Thanks Gordon, much appreciated.
The Solwise device supports encryption but appears to
require a username/password logon for authentication. Would
a customer
have
to enter an encryption key as well?

Only if encryption was turned on.

That may not be true if using 802.1 authentication.
They key would be provided as part of the logon phase.

I think turning on encryption is essential, but the solution is
becoming more complex.

Quite. The unit I used (and I've forgotten it's name, sorry and
it's currently 110 miles away), did support encryption, and it
prints out the key (wep or wpa) on the bit of paper, if it was
enabled. (I tested it enabled, then decided the muppets who were
going to be using it would find that hard, so removed it, so in
that respect it's the same as BT openwallet which is also
unencrypted - try going online in an airport and snooping what
you see - it's scary knowing that 99.99% of people still use
plain-text paswords in POP/IMAP/SMPT-AUTH, etc. and as I've just
had one of my servers hijacked by spammers who used smtp-auth
with valid username & password to relay email, it's a bit
frightening )-: I suspect it's only a matter of time before the
spammers latch onto this - they're not intersted in your email,
just a spam-launch vector, and even if they don't do it fromthe
WiFi AP, then they have a list of username/passwords they can
use from elsewhere.

So on your PC, you'd have to find the access point, try to
associate with it, enter the wep/wpa key, then access a web
site, whereupon it would hijack your connection, take you to
it's own login/password screen where you'd enter the code on the
ticket, then you'd have access for the time-limit specified by
the ticket.

Presumably a server would also be needed to capture logging
information?

What are you going to log?


But yes, there's a syslog facility, so you could log the clients
MAC address (no point logging the IP address they get as it's
dynamic and could be re-used after rsome time - a wiley hacker
would spoof their MAC address anyway) And unless you ask them
for their name, address, phone number, then there's not much
point. It would also be hard to log all the sites they visited
too - not impossible, but hard as you'd run out of disk space...

BT open wallet (and other instant access, open ones) works
because you need to use a credit card to buy time on it, so they
have that as a way of identifying you to the system, should the
fuzz come knocking. For a simple high street cafe, it's probably
not worth it - and if I were doing that, I'd maybe try to
arrange seating such that it might be hard to fully conceal a
screen from a casual passer-by. (Not that that would stop me
doing something I shouldn't be doing, but it's a start)

And you turn of firewalling too, so they can only do simple web
browsing and hopefully not much else...


RE What are you going to log?
Errm, not sure, hence my question about the legal requirement
aspects. Assuming the Wi-Fi hotspot provider is classed as an ISP:
- what are ISPs required by law to log, and how long to retain
records?

The earlier suggestion of also using video surveillance recordings
seems a good idea.

Presumably with a packaged service the service provider (e.g. BT
Openzone) does the logging for you from a remote net management
centre?

Your input is much appreciated BTW. I suspected it wouldn't be simple
or easy but wasn't aware just how complex it can get.

It's not looking a viable proposition at the moment for the scale of
the business. The up-front equipment costs (£500 for gateway
box/ticket printer + server £???). The cafe manager and staff
wouldn't be able to support and administer the service themselves so
there'd be an ongoing IT service contract cost in addition to the ISP
costs.

.

Relevant Pages

  • Re: Free Wi-Fi Hotspot?
    ... username/password logon for authentication. ... Only if encryption was turned on. ... That may not be true if using 802.1 authentication. ...
    (uk.telecom.broadband)
  • Re: Free Wi-Fi Hotspot?
    ... require a username/password logon for authentication. ... Only if encryption was turned on. ... That may not be true if using 802.1 authentication. ... The advantage is that WiFi customers do not have access to the ...
    (uk.telecom.broadband)
  • Re: Free Wi-Fi Hotspot?
    ... username/password logon for authentication. ... Would a customer ... Only if encryption was turned on. ... That may not be true if using 802.1 authentication. ...
    (uk.telecom.broadband)
  • Re: WS Security issues
    ... UsernameToken is used for authentication and authorization. ... >> We are sending the Username/password in the userName token, ... >> If you plan to implement the X.509 for encryption my guess is that it will ... >>> being sent to all customers, so it is not possible to modify anything ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Free Wi-Fi Hotspot?
    ... username/password logon for authentication. ... to enter an encryption key as well? ... That may not be true if using 802.1 authentication. ...
    (uk.telecom.broadband)
Loading