[OPLINTECH] Secure wifi with password in the SSID

Phil Shirley via OPLINTECH oplintech at lists.oplin.org
Thu Jul 20 16:35:39 EDT 2017 

Thanks for your answer. Our users' traffic is isolated from each other 
(and from the rest of our network) once it's on the wire; the thing I'm 
concerned about is the wireless (radio) leg of the journey.

Phil

On 7/20/2017 4:25 PM, Joe Knueven via OPLINTECH wrote:
> We are currently using open-mesh APs with client isolation enabled.  To 
> be honest, I’m not sure that setting a password protected SSID would 
> protect users from each other unless you do some manner of work beyond 
> that point to isolate their traffic from one another.  After all, if my 
> patrons know how to connect, can’t the person with a packet sniffer 
> connect as well?
> 
> That said, I tend to view networking as akin to “the dark arts”.  Do any 
> genuine “defense against the dark arts instructors” have thoughts about 
> this?
> 
> Have a good day.
> 
> Joe
> 
> Joseph Knueven, Director
> 
> Germantown Public Library
> 
> 51 North Plum Street
> 
> Germantown, OH 45327
> 
> 937-855-4001
> 
> *From:*OPLINTECH [mailto:oplintech-bounces at lists.oplin.org] *On Behalf 
> Of *Ken Butler via OPLINTECH
> *Sent:* Thursday, July 20, 2017 4:02 PM
> *To:* Phil Shirley <pshirley at cuyahogafallslibrary.org>
> *Cc:* OPLINTECH <OPLINTECH at lists.oplin.org>
> *Subject:* Re: [OPLINTECH] Secure wifi with password in the SSID
> 
> We use NAT Mode on our Meraki wireless APs. They're essentially their 
> own networks with their own private DHCP scope. They also provide 
> wireless client isolation - wireless clients can't talk to one another. 
> No password is needed to connect, but connected devices must pass 
> through our captive portal and agree to our wireless terms of use before 
> they are granted access to the internet.
> 
> On Thu, Jul 20, 2017 at 3:41 PM, Phil Shirley via OPLINTECH 
> <oplintech at lists.oplin.org <mailto:oplintech at lists.oplin.org>> wrote:
> 
>     Our wireless internet access for the public is not secure (it
>     doesn't require a password, so it's not encrypted). I would like to
>     add a more secure option and give people the password by putting it
>     the SSID name (something like "CFL secure - password is
>     fallslibrary"), so that the traffic on their radio transmissions
>     will be encrypted.
> 
>     I would be interested to know if any other libraries are doing that,
>     and, if so, if you also offer an option without a password. I'm
>     inclined to offer both at first and then try taking away the
>     non-encrypted option, but I worry that a few devices won't work with
>     the encrypted option. Any thoughts on this?
> 
>     Phil
>     -- 
>     Phil Shirley
>     Technology Services Coordinator
>     Cuyahoga Falls Library
>     Cuyahoga Falls, Ohio
>     330-928-2117, ext. 109 <tel:330-928-2117%2C%20ext.%20109>
>     pshirley at CuyahogaFallsLibrary.org
>     <mailto:pshirley at CuyahogaFallsLibrary.org>
>     _______________________________________________
>     OPLINTECH mailing list
>     OPLINTECH at lists.oplin.org <mailto:OPLINTECH at lists.oplin.org>
>     http://lists.oplin.org/mailman/listinfo/oplintech
> 
> 
> 
> -- 
> 
> Ken Butler
> hcotech at holmeslib.org <mailto:hcotech at holmeslib.org>
> Head of Information Technology
> 
> Holmes County District Public Library
> 3102 Glen Drive
> Millersburg, OH 44654
> PH: 330-674-5972 ext 224
> 
> 
> 
> _______________________________________________
> OPLINTECH mailing list
> OPLINTECH at lists.oplin.org
> http://lists.oplin.org/mailman/listinfo/oplintech
> 

-- 
Phil Shirley
Technology Services Coordinator
Cuyahoga Falls Library
Cuyahoga Falls, Ohio
330-928-2117, ext. 109
pshirley at CuyahogaFallsLibrary.org

More information about the OPLINTECH mailing list