Like the open bar at a wedding, or the Hawaiian pizza set out for your guests in Event Room C, uninvited guests are hungry (and thirsty) for access to your company’s corporate network.
Guest wireless access has become so common, most of us don’t give it another thought. The departure gate at the airport. A hotel lobby. Starbucks. We can connect almost anywhere — including at work — and visitors to our business have come to expect it. On its face, it doesn’t seem particularly complicated. You sit down for a meeting with clients, and someone hands you a slip with a guest ID and password, or maybe it gets passed around the room verbally. The password is typically easy to remember and simple to key in. Best part is, next time you visit, your device will remember the network and connect automatically, because most places don’t bother to change the password. You could even sit in your car in the parking lot after your meeting and check your social media accounts – bonus!
True, it’s not particularly complicated, and that’s the problem. Open guest wifi access presents a number of network security risks to your business, even though it seems easier to manage.
Unfortunately, there are unwelcome users out there who will view guest access as an opportunity, and it’s not a small number. The allure of open networks often leads to questionable internet use, visits to unsecured and/or malicious sites, and downloads of potentially harmful or illegal content. Although the guest network may be logically segregated from your business network, it’s still tied to your business IP address. Improper use on your IP not only has potential legal implications, but an open guest wifi system means you will never be able to pinpoint the identity of the offender(s).
Many businesses simply are not aware that their guest wireless can be so problematic. Recently, our customers have been asking about ways to become more cyber resilient, and we wanted to share our thoughts on some of the most effective tools available. Cisco’s Identity Services Engine (ISE), for example, is a robust network access control solution that offers fully customizable, automated management of your guest network. Here are some of our favourite features.
Guest User Accounts
You always want to have accountability with anyone who connects to the network, so their activity is tracked and constrained according to some set of criteria (time-limited access, for example). This applies to employees as well as guests. Cisco ISE gives you three different ways to create accounts for visitors and authenticate them for audit purposes. The process is seamless, easy to manage, and if there is any unauthorized activity, it can be identified and validated.
Administrator Controlled Access
With Cisco ISE Guest Types and User Identity Groups, administrators have unlimited configuration options for customization and unique user access profiles. With the use of identity groups, guest access can be as manual or as automated as desired.
Multiple API Integrations
Cisco ISE provides a rich set of APIs to integrate with other systems, such as vendor management systems. ISE also integrates with web filtering, DNS solutions, and other guest onboarding systems like self-check-ins and virtual reception.
The days of unsecured guest wireless are fast becoming a distant memory. Untracked and unmanaged guest access presents business risks that are significant but also unnecessary. Implementing a simple network access solution like Cisco ISE helps mitigate those risks.
Next time you are sipping a martini in celebration of your flight delay or checking in at the coffee shop down the street just to get out of your home office, you might notice a few extra steps when you login to the guest network. Embrace it. Because, nobody likes those jerks from across the hall coming over to crash the party.
How secure is your network? Find out how you score in our free threat-ready checklist. Download it here.