@boneyard wrote:
technically there is a lot possible, but im wonder what people here are doing to protect their guest access users? do you just throw them an username and password (or just a checkbox) and then they are on their own? or do you / can you do more? i have seen deployments where a WPA2 key was used against listening in, but this is just a small step to take when you have to publish that key for your guests, do you or don't you? looking at aruba i have seen the documentation of WIP, but nothing can protect against just monitoring right?
It all depends on what your objectives are. Most guest access portals like the Starbucks of the world have an acceptable use policy that says that anything you don't want observed, you need to use https or VPN. They also forward all the traffic out of a connection that is separate from their own corporate traffic. On the other hand, the Amigopod (Clearpass) guest portal can automatically and easily download TLS certificates to guest devices and automatically configure their handhelds for WPA2-AES, which is the strongest encryption imaginable.
Again, it is all about what you want to accomplish.