= Guest Wifi =

== The 3 wifi options ==
 1. Open wifi - Just click and connect
 2. WPA2-PSK - single key on AP's and shared by all users
 3. WPA2-Enterprise(802.1x) - AP forwards encrypted traffic to radius server, server Auth to client with Certificate, Client auth  either of User+PWD, Certificate, OTP, etc.

== Landing page / Portal ==
 * Re-directs initial client traffic to registration servers and only allows access once authenticated.


=== What is the goals/clients of guest wifi ? ===
 * Actual Corporate guests, doing presentations etc, needing internet access
 * Corporate users - keeping private devices e.g. Phones, of the corporate network, but still able to sync o365 email, and get teams alerts
 * Testing as if connected at home.

=== Risks: ===
 * Fake AP  (Open , and psk)     -  wpa2-enterprise(802.1x) uses certificate to auth AP
 * Sniff traffic for info/passwords (Open and psk if key known),  true for any other open AP,
   * all client traffic should be SSL
 * Attack on user from other users, on same wifi.  (Probes, sniffing etc.)