[OPLINTECH] Secure wifi with password in the SSID

Joe Knueven via OPLINTECH oplintech at lists.oplin.org
Thu Jul 20 16:25:26 EDT 2017 

We are currently using open-mesh APs with client isolation enabled.  To be honest, I’m not sure that setting a password protected SSID would protect users from each other unless you do some manner of work beyond that point to isolate their traffic from one another.  After all, if my patrons know how to connect, can’t the person with a packet sniffer connect as well?

That said, I tend to view networking as akin to “the dark arts”.  Do any genuine “defense against the dark arts instructors” have thoughts about this?


Have a good day.

Joe


Joseph Knueven, Director
Germantown Public Library
51 North Plum Street
Germantown, OH 45327
937-855-4001

From: OPLINTECH [mailto:oplintech-bounces at lists.oplin.org] On Behalf Of Ken Butler via OPLINTECH
Sent: Thursday, July 20, 2017 4:02 PM
To: Phil Shirley <pshirley at cuyahogafallslibrary.org>
Cc: OPLINTECH <OPLINTECH at lists.oplin.org>
Subject: Re: [OPLINTECH] Secure wifi with password in the SSID

We use NAT Mode on our Meraki wireless APs. They're essentially their own networks with their own private DHCP scope. They also provide wireless client isolation - wireless clients can't talk to one another. No password is needed to connect, but connected devices must pass through our captive portal and agree to our wireless terms of use before they are granted access to the internet.

On Thu, Jul 20, 2017 at 3:41 PM, Phil Shirley via OPLINTECH <oplintech at lists.oplin.org<mailto:oplintech at lists.oplin.org>> wrote:
Our wireless internet access for the public is not secure (it doesn't require a password, so it's not encrypted). I would like to add a more secure option and give people the password by putting it the SSID name (something like "CFL secure - password is fallslibrary"), so that the traffic on their radio transmissions will be encrypted.

I would be interested to know if any other libraries are doing that, and, if so, if you also offer an option without a password. I'm inclined to offer both at first and then try taking away the non-encrypted option, but I worry that a few devices won't work with the encrypted option. Any thoughts on this?

Phil
--
Phil Shirley
Technology Services Coordinator
Cuyahoga Falls Library
Cuyahoga Falls, Ohio
330-928-2117, ext. 109<tel:330-928-2117%2C%20ext.%20109>
pshirley at CuyahogaFallsLibrary.org<mailto:pshirley at CuyahogaFallsLibrary.org>
_______________________________________________
OPLINTECH mailing list
OPLINTECH at lists.oplin.org<mailto:OPLINTECH at lists.oplin.org>
http://lists.oplin.org/mailman/listinfo/oplintech



--
Ken Butler
hcotech at holmeslib.org<mailto:hcotech at holmeslib.org>
Head of Information Technology
Holmes County District Public Library
3102 Glen Drive
Millersburg, OH 44654
PH: 330-674-5972 ext 224
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20170720/9586120c/attachment-0001.html>

More information about the OPLINTECH mailing list