“Wi” Should I Log?

Guest wireless is a convenience to offer visitors.  What information should be logged for these connections? 

If someone used the network to create a threat or self-harm and it hit a national alert, the  FBI or another agency will pay a visit or call and request who and what device made this request.  Can you provide this information by reviewing DHCP and activity logs?  What should you obtain?

You should gather a minimum of the MAC address and IP address assigned to the device, and when they accessed with duration. 

Optional – Device name as well as an email account or unique identifier

Optional and recommended – logging all activity.

What security measures should be implemented?

Set bandwidth restrictions on your guest wireless.

A splash page with acceptable use agreement is typical for guest access.

Typically, a guest network is tunneled to the outside interface of the firewall and the guest network and is completely isolated from the internal networks.

If you are assigning accounts to students and staff, they should be on their own VLANs and as such logging all activity is a standard practice, and each user should sign an acceptable use agreement.

Firewall or access rules should be in place to prevent access between VLANs and, if traffic is necessary, a rule should be created that allows specific port(s) access to specific device(s).

Update your network equipment firmware to ensure you have the latest patches.

 Here’s a more detailed breakdown of what logs to keep: [1]  

  • Connection Information: [1]
    • Timestamps: Record the date and time when a guest device connects and disconnects from the network. [1]  
    • IP Addresses: Log the IP address assigned to each guest device. [1]  
    • MAC Addresses: Consider logging the MAC address of each device, which can help identify devices even if the IP address changes. [1]  
  • Access Attempts & Security Events: [1, 2]
    • Failed Login Attempts: Log any attempts to access the network that fail, such as incorrect passwords or unauthorized access. [1, 2]  
    • Security Events: Record any security incidents or alerts, such as intrusion attempts or suspicious activity. [2]  
  • Troubleshooting: [1]
    • Network Performance: Log any network performance issues, such as slow speeds or connection drops, to help identify and resolve problems. [1]  
  • Compliance & Legal Requirements: [1]
    • Data Retention: Be aware of any legal or regulatory requirements regarding data retention for guest network logs. [1]  
    • Access Control: Ensure that access to the logs is restricted to authorized personnel only. [1]  

Quiz Time!! – A highly anticipated basketball game is being streamed live from the guest WiFi and the people attending the game consume all the bandwidth.  The device sending the stream out to the streaming server is unable to maintain their connection. Therefore, nobody is receiving the live stream.  What happened and how do you avoid this?  If you need assistance solving this, call MOREnet!!

Thanks to David Kessler in our LAN department for providing information for this blog!

Resources:

Guest Wi-Fi Security:  How Does It Work?

Six Best Practices for Guest WiFi Security