The free Hotspot is what most people associate with when they hear the word Hotspot. Many companies provide this service to their customers, but without fully understanding the ramifications of their actions. Often times small companies grab a wireless router at the electronics store take it to their place of business; plug it in thinking this is great my customers will love it. And their right, customers do love the convenience and have come to expect the service.
Hopefully, you will find this guide helpful and educational in your endeavor to service your customers. If you’re a business owner looking to provide your customers with free internet; I applaud you. Listed below are a few things to help you with this project; something’s to take into consideration and some best practices. Although, this document is far from a complete list of security measures, the tips contained below will help limit your exposure.
1. Change the default password on the router. To many this may seem overly obvious and simple, but you would be amazed at how many times this step is overlooked. I can’t even begin to count the number of times that I have gone into a company to do consulting work and found the default user name and password on their router. If you don’t change it, you may find that one of your guests did and locked you out of your own router.
2. Isolate your business network from your guests. Ultimately you would want two separate routers and internet connections, but in today’s economy and for the small business owner this may not be practical. The next best thing is to pick a router that can have multiple DHCP scopes. This would give you one IP range for your internal network and one for your guest network. With some basic rules you can then segregate the network so that it acts as if it were two. This would in effect block your guests from being able to access your internal network.
3. Setup some basic firewall rules. There is no need for guest to have access to port 25. Port 25 is used for sending email. Most companies now have webmail, along with most service providers. Leave this port open and you may find that spammers love you. This would give spammers free access to do their dirty work, while you foot the bill. You may also find that your IP address is now blocked by spam blockers and you can no longer send email. This port is also used by mail worms and viruses to propagate. If one of your guests is infected and uses your hotspot, guess what? The worm or virus sends itself out to everyone in their address book using your internet connection. That’s definitely not good for your business.
4. Block all point to point traffic. This is where most copyright infringements occur. The sharing of music, movies and programs happens here in the world of point to point traffic. So unless you want your connection shut off or the FBI showing up block point to point traffic. You may be thinking your customers wouldn’t do that and you may be right, but remember that the wireless signals can travel beyond your walls.
5. Never configure you router from the guest side of your network. Unencrypted wireless traffic can be easily sniffed. Hackers do not always behave themselves, so only do your configuration from the wired side of your network.
Besides the security issues here are a few other things to keep in mind.
1. If you are using cable or DSL make sure that you can share your connection. Read the Acceptable Use Agreement from your service provider. Some providers do not care while others are adamantly against connection sharing.
2. With wireless location is everything, select a central location for you Access Point. The more central the location the better the coverage area. Try to keep your access point away from florescent lights. Florescent lights can create a harmonic noise that can impair the coverage of your access point.
3. Don’t use more power than you need. The power settings of your Access Point can be somewhat of a balancing act. The goal is to get the coverage you want without bleeding your signal into the surrounding neighborhood. Too much power and your bandwidth could quickly disappear because of freeloaders in the surrounding area. Too little power and you won’t get the coverage that you need for your customers. Remember for every three db of gain you are doubling your signal strength. If I have an Access Point that puts out 17db that’s equivalent to 50 milliwatts (mw) of power. By adding a three db antenna to the Access Point, I am now at 100mw of power. That’s enough power to cover most High School football stadiums.
I hope you find this guide informative and useful. The main thing to remember is that you can’t fully control who gets on your hotspot, but you can control what access they have when attached to your access point. By taking the time to read this guide tells me that you’re on the right track. Your customers will appreciate the service and your efforts.
Senior Wireless Engineer
Community ISP, Inc.