How to create a secure public/guest wifi?

N

Nameless

Level 1
Thread author
Sep 20, 2014
6
Hey folks, sorry if this is the wrong section of the forums for this post but i was unsure where to ask this.

Here is the situation, im no good with networks or security but i am being asked a dozen questions about securing a public/guest network. Also im a little out of touch with some terms you may use these days and yes im not the brightest crayon in the box at times haha.

Right here is what i know, the network is using an AP made by Unifi, basically anyone can walk into the business and log onto "businessname wifi" so im guessing this means that it is unencrypted?

What im wondering is if a login page or password was required then would this stop/make it harder for someone to use hacking apps on the network and spy on customers? I would name the app i believe they are using on their mobile but im unsure if that would be against the rules etc but it seems to be able to wardive, MITM attacks and a few other things. Also would this help with apps such as wireshark? (they sometimes have their laptop)

Any help, guidence or links to posts about how to prevent this would be appreciated. I do not mind doing homework in my spare time.
 
  • Like
Reactions: vemn, Andytay70 and Solarlynx
Neno

Neno

Level 6
Verified
Well-known
Jan 4, 2012
280
Well that is a broad theme.
There are lots of ways to secure your WiFi networks or networks in general.
To answer your question would take a lot of time and a lot of info from your side. To encrypt the traffic via VPN as suggest above is just a small part of it all.
But the first station would be your WiFi router settings (WPA2/Enterprise/AES... etc), than possible subnetting, do you use servers and which ones (Windows ... etc)... network location/profile settings ... myriads of things.
Starting point - router (and subnet's).
(If you talk about Wireshark or Microsoft Message Analyzer than you might know a thing or two about networking :) ).
 
  • Like
Reactions: vemn
W

Wave

Neno said:
To encrypt the traffic via VPN as suggest above is just a small part of it all.
Click to expand...
I wasn't referring to securing the network like you are talking about, I quoted a specific part regarding Wireshark prior to commenting about encrypting the network traffic and using HTTPS websites for logging in. If you check above you'll see this.

HTTPS encryption will stop people who are sniffing the network from obtaining the unencrypted credentials being entered into websites, and VPN encryption is another layer of encryption prior to the HTTPS encryption to prevent people from seeing what websites you are accessing, etc.
 
  • Like
Reactions: WinXPert and vemn
L

LukeNukesEm

Level 5
Verified
Sep 14, 2016
204
Use a paid VPN that uses strong encryption (AES 256, RSA 4096 handsake). I recommend NordVPN. Also be sure to use HTTPS as much as you can, there are extensions for this such as https everywhere. Hope I helped!
 
N

Nameless

Level 1
Thread author
Sep 20, 2014
6
First off thanks for the responses i will read though everything again a little later im rushing about this weekend because i have a lot to do and not enough time to do it in.

As for VPN i personally use one myself at home, though getting it to work on my mobile is proving to be a pain even with their own app and i have not had time to sort it out. (random passwords are a pain sometimes) but anyway back on topic...

The network im talking about is a public network that has already been setup for customers to use via a unifi access point, the best way for me to describle it is like a starbucks one. You walk in and "ooh free wifi!" but like i said no password or login page is displayed this is to make it easier for the customer to connect because not everyone is techminded but like i said i also think its less secure for them as their may not be any encryption running making it easier for someone to gather personal information (ive not seen the access points security options etc).

I already know that using https is a must and like i said i use a VPN at home daily, but if i got a VPN working on my mobile that is only protecting myself and not others from a bad users activity which i would like to try and do even though i know this user will continue to try and spy on other peoples activity.

I will look into the network isolation suggested by Rolo and see if the router or access point can do this.

As for subnetting, i have no idea what that really is Neno i need to read up about it when i can, all i know is that the router is set upto give two networks Private one for business use and a Guest one for customers which is shared to them via this Unifi accesspoint.

The whole network has been setup by someone else im more of a plug and play type of guy and only mess with settings when i need to. The network in question at the moment is a friends they want to make it more secure for customers as they feel someone is using applications they should not be.
 
You must log in or register to reply here.

Similar threads

Xeno1234
    • Like
  • Locked
Battle Best Cheap Security Combo for a Gamer
Replies
24
Views
1,406
Software Comparison
Jengo
Jengo
Victor M
    • Thanks
    • Applause
Serious Discussion Stop WiFi Direct attacks ( aka WiFi Peer to Peer mode ). (HP consumer laptops)
Replies
1
Views
827
General Security Discussions
Bot
Bot
Tiamati
    • Like
Question Seeking Free Cloudflare WARP Alternatives
Replies
12
Views
1,008
VPN and DNS
Cleo
Cleo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top