Internet access in a corporate environment is paramount for direct employees of the company as well as customers and suppliers who visit the organization and need to use the company’s internet. This situation generates the need to organize an environment conducive to the release and management of these accesses, avoiding inconveniences to the business.
It is necessary to establish criteria for allowing these accesses, especially to prevent incidents, whether intentional or not. In cases of access releases for customers and suppliers, use methods/tools that provide ease and security for access, avoiding any kind of discomfort.
Regardless of company’s size, it is important to think of a strategy when offering wireless access, preserving the integrity of both company and users that use the resource. This is because, in the event of an incident, the customer or supplier may associate that problem with your network.
As a result, we have mapped out a few fundamental things to implement or revise before offering access to the internet in your company using a captive portal. This will ensure more transparency and security for your company and user.
By manual or electronic means (on access), it is important the user accepts certain conditions of use, so your business is exempt from some responsibilities, in addition to actually offering better usage guidelines.
The main points to highlight should be the non-use of internet banking or similar systems that involve monetary values, inappropriate content or against law, be it pedophilia, drugs and others. It should be clear that is forbidden, and such access is monitored.
If it is not possible to issue a term before the user accepts the use of the internet, through the captive portal, redirect them to a reception, for the user to sign a printed term. This is a procedure ignored by many companies, but it is extremely important for the awareness of users, making known to the public some aspects about the use of the internet resource.
Segment the access of the captive portal to the visitor network
It is impossible to know the level of compliance and security of the device that will enter the network through the captive portal. Although there are threat prevention technologies that use quarantine networks, this is not the reality of most companies.
Thus the main aspect, above all, is to segment the visitor network, either with a very separate equipment, or with equipment that supports multiple networks, properly isolated through VLANs.
If the access offered is part of the same corporate network, the risk of an intentional or even opportunistic attack (due to a device infected by virus) is very large, and could cause great discomfort to those involved.
So anticipate these issues and create a fully segmented network of visitors from the corporate environment. The chances of success will be potentially greater.
Identify who is accessing the network
It is very important that users of the visitor network be identified. This can be manually, with an address book, or automatically, through an authentication portal.