Implementing internet access for your visitors.
Business are faced with an increasing demand for guest and visitor internet connectivity service on their premises. Offering secure internet access enables guests to access online internet resources and hosted services or VPN back to their company network to access resources such as email, documents or internal applications.
Separation of internal and guest networks
Isolating guests from the rest of the enterprise network should be the first priority for any company looking to offer Guest Wi-Fi access. Virtual segmentation through a virtual LAN (VLAN) can offer a cost-effective solution by using the existing infrastructure and thus reducing the need to purchase additional equipment. However, the additional traffic can impact the overall network performance. The alternative is a complete logical and physical isolation by purchasing (or dedicating existing equipment) to solely deliver the guest wireless service. Separation ensures that guest Wi-Fi cannot impact the performance or the security of the company’s internal network. The solution must provide a simple way to give guests internet access without compromising the integrity of your network.
Acceptable Use Policy (AUP) and enforcement
Guest Wi-Fi can have severe consequences for your business when used for unauthorised purposes or illegal activities such as pornography and gambling which can tarnish the corporate brand or even lead to legal action. A guest Wi-Fi solution must be able to enforce the acceptance of the usage policy whilst balancing its requirements for accountability, and the goal of making guest connections simple and quick. Acceptance of Usage Policy (AUP) should be mandatory before access is granted. Guests could still attempt to violate the usage policy and therefore a combination of a content filtering solution and firewall to block connections on well-known ports that serve prohibited applications (e.g. BitTorrent) should be in place.
A successful implementation of a Guest Wi-Fi should meet the following criteria;
- Provide self-registration or a simple system for provisioning guest access credentials
- Permit only authorised guests to use the Guest Wireless network
- Maintains accountability and auditing of who is using the network, when it is being used and how it is being used
- Prevents guest users from accessing the internal network and inappropriate online content and applications
- Protect your bandwidth to ensure that guests do not consume all of the available bandwidth or impede business related traffic.