Upcoming Public Wifi Changes
Another change, which is going to take place after all the units are deployed, is that I will be eliminating the registration scheme on our public wifi. While signing up for a wifidog account is free and the system has worked, it has not been perfect. The biggest problem is that the validation e-mails don't always go through, requiring them to contact the office to validate the account or simply to register under something else.
The other problem is that we use SSL to prevent anyone from intercepting user names and passwords. While SSL is terrific, the site certificate we use is not from a Certificate Authority. So, people get to our login page get a warning and either don't proceed or continue
Finally, every six months, I have to go into the Database, identify users that aren't validated, and remove them, along with the statistical data collected. Which is:
1. Location of Hot Spot used
2. User's name and MAC address (the hardware address of the network adapter used)
3. Time Connected
4. Time Spent Connected
5. Amount of data downloaded and uploaded
Therefore, our current solution is not elegant. Why use it then?
The most important reason is security. The wireless access points (which allow people with laptops to connect to the Internet) are plugged into the same physical network that our computers are on. Therefore, having an open unrestricted access point would be akin to leaving the front door to your house unlocked, with a sign that says "come in" to anyone who can see it. By requiring users to register, if there's an intrusion into our computers, it could give us a potential lead on the perpetrator.
The other reason is that we wanted to know how much use each access point gets. It helps us figure out what resources and improvements in service we need to make.
Since the boxes have a third physical network port that'll allow a direct link to the Internet, the security risk of someone being on the same network as the rest of our equipment is eliminated. So, we're going to do away with user registration and SSL (since there'll be no accounts to hijack) and switch to splash-only mode. Splash-only mode simply redirects you to our WifiDog portal page, shows you our acceptable use policy, and then redirects you to Internet. We'll still collect statistical information, and likely the same as above, less the username.
Since I still have to get the software loaded and configured, as well as deploy the boxes, the change to Splash-only mode will likely take place between July 31 and August 30 of 2010. The plan is to deploy all the boxes to all our branches, then do the settings switch.