The 3 wifi options
- Open wifi - Just click and connect
- WPA2-PSK - single key on AP's and shared by all users
- WPA2-Enterprise(802.1x) - AP forwards encrypted traffic to radius server, server Auth to client with Certificate, Client auth either of User+PWD, Certificate, OTP, etc.
Landing page / Portal
- Re-directs initial client traffic to registration servers and only allows access once authenticated.
What is the goals/clients of guest wifi ?
- Actual Corporate guests, doing presentations etc, needing internet access
- Corporate users - keeping private devices e.g. Phones, of the corporate network, but still able to sync o365 email, and get teams alerts
- Testing as if connected at home.
- Fake AP (Open , and psk) - wpa2-enterprise(802.1x) uses certificate to auth AP
- Sniff traffic for info/passwords (Open and psk if key known), true for any other open AP,
- all client traffic should be SSL
- Attack on user from other users, on same wifi. (Probes, sniffing etc.)