Use of company Wi-FI (A simple solution)

The simplest ideas are sometimes the best

The nasty problem of Wi-Fi use raised its head this week at work, the problem being that the “guests” were given the company Wi-Fi password to use their own computers on. So what? Coffee shops, bars and shops dish it out Wi-Fi all the time, so what’s the problem in that?.

The problem is. That the company WiFi is an extension of the company network on the same IP address to allow company laptops the same access as wired machines, Unfortunately “the happy to help” attitude basically left non employees with direct access to the Cloud servers, and internal servers the company has available. Although the guest’s weren’t very likely to deliberately cause damage, the devices they we’re using had not been assessed, it was not known if they had run AV, or for that matter what the user intentions were. Possibility of malware or virus infection was there, which could have crippled the business.

So basically we’d given strangers a front door key to our home and left a sort of “help yourself attitude”. And so, after several sirens and klaxons had been sounded, and the users hastily ushered from the connection. We need some rules putting in place, to prevent this problem occurring again.

The IT Genghis Khan

ITIL practice, and ISO regulations would basically use the boot heal and say NO to such actions, that company Wi-Fi should not be opened up to external guests, nor to staff not doing company business, stamping out any possibility of free Wi-Fi use over the existing setup. And thereby another network would have to be used, incurring costs and setup time.

But the reality of the matter, is a small firm with very busy employees should look at Wi-Fi as a perk for staff, a little bit of feel good never does any harm, and can be a positive to staff morale. Allowing people to read personal email/use social media during breaks & lunch, brings a level of trust between a company and its employees. Granted nor do you want to open a Pandora’s box of everyone one online shopping, watching full films or episodes via streaming either.

Common sense, and a few simple rules can be used along with a few minor restrictions to make secondary Wi-Fi available to guest an staff alike without creating grey hair on IT, or the “No you can’t” type speech your parents gave you when you were little.

Solutions

Okay a quick google on the subject, was the equivalent of swimming in mud, lots of rules of best practice to start with, followed by you’ll need extra routers, you need to set up VLANS. The vision of a Wi-Fi utopia was fast disappearing replaced by grey images of grumbling IT installing and maintaining equipment that the finance manager had cried over the purchase receipts for !

No nonsense

A colleague came to the rescue the next day with an idea so simple it seemed daft at first, and didn’t instantly look like the best solution. But, after two days trial appears to be a corker of a solution, with little or no costs, or over excessive maintenance required.

Instead of dedicated hardware access points, use Wi-Fi hotspots, but done via the use of old company phones sat in draw gathering dust. Yes I know you can set the physical PC to be a hotspot too, but the use of the old phones turned out to have better results with less fiddling that you can believe, added to that this option is mobile, signal strength improvements are are difficult as plugging the phone into a nearer PC to the WiFi user requirement

Tethering & Internet pass thro’

Firstly when you use your phone as a Wi-Fi hotspot you use your data allowance over the mobile network. There’s no way this was going to happen with the old SIM-less phone. So the old android phones were set up for internet pass through basically allowing the phone to use the internet connection of the PC it was connected to via USB, with mobile data turned off, to prove no additional magic was in use. Okay we have internet extension now for the entry point, first hurdle over.

WiFI Hotspots – solid little solution

Having used my own phone occasionally as a hotspot for my own needs made me over look some obvious advantages to this method, which has to be considered for other multiple users. Which is security, security and security.

Firstly security: You can name and password the SSID of the hotspot, so you can make things look professional with CompanyName Guest WiFi and put a password block to halt the immediate access to all and sundry. Also the phone hotspot enables number of users restrictions limiting physical connections and not risking being swamped by a hoard of WiFI hunters/users

Secondly security: WEP WPA2 are all options you can allow, ensuring that the WiFi connection you use is secure. After all if you’re doing a little on line banking the risk of being nosey’ed on is something you want to consider and enjoy safe browsing and use.

Finally security: The hotspot uses its own IP range, this gave a massive advantage in trialling this method. The company 192.168.xxx.xxx was not easily obtainable as the hotspot belched out a different 192.168.xxx.xxx addresses. Meaning that Wi Fi internet access didn’t allow nor clash with the range used for the precious company cloud network we rely on.

Suck it and see

So two defunct android mobiles were setup and trialled as WiFI hotspots one for staff, and one for visitors. We tested the staff one immediately and all seemed okay. The androids work fine without a SIM card (unlike a certain other brand of mobile) just to prove and ensure that we’re not using mobile data.

The following day we actually had visitors and presto a request was made for them to use WiFI, so the second hotspot was enabled with the first still running and both got a baptism of fire and appeared to hold their own.

Things can only get better..

So I doff my cap at James Mottram @mottyjm, for not only coming up with the concept, but for putting to use some defunct tech that was laying around and scheduled for the bin.

It’s very early days, and more testing needs to be done, will the connection hold if the PC it’s linked to connects to another network by using a virtual PC. Putting a proxy/firewall on the phone generating the hotspots to prevent un savoury sites being visited via  free software via the android store.

Signs look promising, so much so a draft WiFI policy has been created. Its looking a cheap and practical solution to a complex issue, that was basically sorted in a couple of hours work locating old tech and configuring the devices.

So depending on your needs you may want to give the idea a go, be interested to hear from anyone whose done similar, so as to avoid any pitfalls in the idea (if any) or better suggestions to improve the solution further.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s