Free Wi-Fi Hotspot?

Simply setting up an open wireless router or access point sounds dead
easy but appears to be fraught with risks - abuse, traffic hogging,
inter-user security etc.

1) If you wanted to set up a free Wi-Fi hotspot as a way of
attracting more customers to a business - a cafe for example - what
sort of equipment is required?

2) AIUI ISPs are subject to various laws e.g. logging user traffice
etc. Is the provider of a Wi-Fi hotspot effectively an ISP, therefore
subject to the same legal requirements?

3) A small business would need a low-maintenance solution i.e. very
light demand on non-technical staff to administer and support the
service - is that achievable?


Frazer Jolly Goodfellow

In article <Xns9917592CDA7A9frz@80.5.182.99>,
Frazer Jolly Goodfellow <no-(E-Mail Removed)> wrote:
>Simply setting up an open wireless router or access point sounds dead
>easy but appears to be fraught with risks - abuse, traffic hogging,
>inter-user security etc.
>
>1) If you wanted to set up a free Wi-Fi hotspot as a way of
>attracting more customers to a business - a cafe for example - what
>sort of equipment is required?

One of these...

http://www.solwise.co.uk/wireless-hotspot-was-102r.htm

Or similar.

>2) AIUI ISPs are subject to various laws e.g. logging user traffice
>etc. Is the provider of a Wi-Fi hotspot effectively an ISP, therefore
>subject to the same legal requirements?
>
>3) A small business would need a low-maintenance solution i.e. very
>light demand on non-technical staff to administer and support the
>service - is that achievable?

Push a button, give out a ticket .. yes. Looks achievable to me.

I've deployed something very similar to the above in a small business
setting to allow guest internet access without connecting them to the
main corp-rat LAN.

Gordon

In article <Xns9917592CDA7A9frz@80.5.182.99>,
Frazer Jolly Goodfellow <no-(E-Mail Removed)> wrote:
>Simply setting up an open wireless router or access point sounds dead
>easy but appears to be fraught with risks - abuse, traffic hogging,
>inter-user security etc.
>
>1) If you wanted to set up a free Wi-Fi hotspot as a way of
>attracting more customers to a business - a cafe for example - what
>sort of equipment is required?

http://www.solwise.co.uk/wireless-hotspot-was-102r.htm

Or similar.

>2) AIUI ISPs are subject to various laws e.g. logging user traffice
>etc. Is the provider of a Wi-Fi hotspot effectively an ISP, therefore
>subject to the same legal requirements?
>
>3) A small business would need a low-maintenance solution i.e. very
>light demand on non-technical staff to administer and support the
>service - is that achievable?

Yes. Stick a CCTV camera at the right place & you have a video of you
giving the punter a ticket and the time, then if there's any come back
just give plod the video... Well - maybe, but it's a start.

I've deployed one of these (no that unit, but something similar)
for a business to use to allow visitors internet access, (connected
to their DMZ and not the corp-rat LAN) and you can program the unit to
allow various forms of access - from taking a credit card, to printing
a ticket - the ticket printer has 3 buttons which are programmable, so
eg. give a 15-minute token free with a coffee, or let them purchase
an hour or more... The one I used also has a set of "free" sites that
punters can visit without authentication, so that's an additional
draw-in. They can sit down & view (eg) bbc news, etc. but if they want
more then they pay some money & get a time-limited ticket.

Gordon

(E-Mail Removed) (Gordon Henderson) wrote in
news:462735b4$0$6952$(E-Mail Removed):

> In article <Xns9917592CDA7A9frz@80.5.182.99>,
> Frazer Jolly Goodfellow <no-(E-Mail Removed)> wrote:
>>Simply setting up an open wireless router or access point sounds
>>dead easy but appears to be fraught with risks - abuse, traffic
>>hogging, inter-user security etc.
>>
>>1) If you wanted to set up a free Wi-Fi hotspot as a way of
>>attracting more customers to a business - a cafe for example -
>>what sort of equipment is required?
>
> http://www.solwise.co.uk/wireless-hotspot-was-102r.htm
>
> Or similar.
>
>>2) AIUI ISPs are subject to various laws e.g. logging user
>>traffice etc. Is the provider of a Wi-Fi hotspot effectively an
>>ISP, therefore subject to the same legal requirements?
>>
>>3) A small business would need a low-maintenance solution i.e.
>>very light demand on non-technical staff to administer and
>>support the service - is that achievable?
>
> Yes. Stick a CCTV camera at the right place & you have a video
> of you giving the punter a ticket and the time, then if there's
> any come back just give plod the video... Well - maybe, but it's
> a start.
>
> I've deployed one of these (no that unit, but something similar)
> for a business to use to allow visitors internet access,
> (connected to their DMZ and not the corp-rat LAN) and you can
> program the unit to allow various forms of access - from taking
> a credit card, to printing a ticket - the ticket printer has 3
> buttons which are programmable, so eg. give a 15-minute token
> free with a coffee, or let them purchase an hour or more... The
> one I used also has a set of "free" sites that punters can visit
> without authentication, so that's an additional draw-in. They
> can sit down & view (eg) bbc news, etc. but if they want more
> then they pay some money & get a time-limited ticket.
>
Thanks Gordon, much appreciated.
The Solwise device supports encryption but appears to require a
username/password logon for authentication. Would a customer have
to enter an encryption key as well?

Frazer Jolly Goodfellow wrote:

> Thanks Gordon, much appreciated.
> The Solwise device supports encryption but appears to require a
> username/password logon for authentication. Would a customer have
> to enter an encryption key as well?

Only if encryption was turned on.

--
<http://ale.cx/> (AIM:troffasky) ((E-Mail Removed))
17:07:29 up 5 days, 21:26, 3 users, load average: 0.11, 0.34, 0.33
Yes. I'm just guessing.

"alexd" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Frazer Jolly Goodfellow wrote:
>
>> Thanks Gordon, much appreciated.
>> The Solwise device supports encryption but appears to require a
>> username/password logon for authentication. Would a customer have
>> to enter an encryption key as well?
>
> Only if encryption was turned on.

That may not be true if using 802.1 authentication.
They key would be provided as part of the logon phase.

"dennis@home" <(E-Mail Removed)> wrote in news:f087mv
$kk9$(E-Mail Removed):

>
> "alexd" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Frazer Jolly Goodfellow wrote:
>>
>>> Thanks Gordon, much appreciated.
>>> The Solwise device supports encryption but appears to require a
>>> username/password logon for authentication. Would a customer
have
>>> to enter an encryption key as well?
>>
>> Only if encryption was turned on.
>
> That may not be true if using 802.1 authentication.
> They key would be provided as part of the logon phase.
>
I think turning on encryption is essential, but the solution is
becoming more complex.

Presumably a server would also be needed to capture logging
information?

In article <Xns9917E6C6CD324frz@80.5.182.99>,
Frazer Jolly Goodfellow <no-(E-Mail Removed)> wrote:
>"dennis@home" <(E-Mail Removed)> wrote in news:f087mv
>$kk9$(E-Mail Removed):
>
>>
>> "alexd" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Frazer Jolly Goodfellow wrote:
>>>
>>>> Thanks Gordon, much appreciated.
>>>> The Solwise device supports encryption but appears to require a
>>>> username/password logon for authentication. Would a customer
>have
>>>> to enter an encryption key as well?
>>>
>>> Only if encryption was turned on.
>>
>> That may not be true if using 802.1 authentication.
>> They key would be provided as part of the logon phase.
>>
>I think turning on encryption is essential, but the solution is
>becoming more complex.

Quite. The unit I used (and I've forgotten it's name, sorry and it's
currently 110 miles away), did support encryption, and it prints out the
key (wep or wpa) on the bit of paper, if it was enabled. (I tested it
enabled, then decided the muppets who were going to be using it would
find that hard, so removed it, so in that respect it's the same as BT
openwallet which is also unencrypted - try going online in an airport
and snooping what you see - it's scary knowing that 99.99% of people
still use plain-text paswords in POP/IMAP/SMPT-AUTH, etc. and as I've
just had one of my servers hijacked by spammers who used smtp-auth with
valid username & password to relay email, it's a bit frightening )-: I
suspect it's only a matter of time before the spammers latch onto
this - they're not intersted in your email, just a spam-launch vector,
and even if they don't do it fromthe WiFi AP, then they have a list of
username/passwords they can use from elsewhere.

So on your PC, you'd have to find the access point, try to associate
with it, enter the wep/wpa key, then access a web site, whereupon it
would hijack your connection, take you to it's own login/password screen
where you'd enter the code on the ticket, then you'd have access for
the time-limit specified by the ticket.

>Presumably a server would also be needed to capture logging
>information?

What are you going to log?

But yes, there's a syslog facility, so you could log the clients MAC
address (no point logging the IP address they get as it's dynamic and
could be re-used after rsome time - a wiley hacker would spoof their
MAC address anyway) And unless you ask them for their name, address,
phone number, then there's not much point. It would also be hard to log
all the sites they visited too - not impossible, but hard as you'd run
out of disk space...

BT open wallet (and other instant access, open ones) works because you
need to use a credit card to buy time on it, so they have that as a way
of identifying you to the system, should the fuzz come knocking. For
a simple high street cafe, it's probably not worth it - and if I were
doing that, I'd maybe try to arrange seating such that it might be hard
to fully conceal a screen from a casual passer-by. (Not that that would
stop me doing something I shouldn't be doing, but it's a start)

And you turn of firewalling too, so they can only do simple web browsing
and hopefully not much else...

Gordon

(E-Mail Removed) (Gordon Henderson) wrote in
news:462875a6$0$10737$(E-Mail Removed):

> In article <Xns9917E6C6CD324frz@80.5.182.99>,
> Frazer Jolly Goodfellow <no-(E-Mail Removed)> wrote:
>>"dennis@home" <(E-Mail Removed)> wrote in
>>news:f087mv $kk9$(E-Mail Removed):
>>
>>>
>>> "alexd" <(E-Mail Removed)> wrote in message
>>> news:(E-Mail Removed)...
>>>> Frazer Jolly Goodfellow wrote:
>>>>
>>>>> Thanks Gordon, much appreciated.
>>>>> The Solwise device supports encryption but appears to
>>>>> require a username/password logon for authentication. Would
>>>>> a customer
>>have
>>>>> to enter an encryption key as well?
>>>>
>>>> Only if encryption was turned on.
>>>
>>> That may not be true if using 802.1 authentication.
>>> They key would be provided as part of the logon phase.
>>>
>>I think turning on encryption is essential, but the solution is
>>becoming more complex.
>
> Quite. The unit I used (and I've forgotten it's name, sorry and
> it's currently 110 miles away), did support encryption, and it
> prints out the key (wep or wpa) on the bit of paper, if it was
> enabled. (I tested it enabled, then decided the muppets who were
> going to be using it would find that hard, so removed it, so in
> that respect it's the same as BT openwallet which is also
> unencrypted - try going online in an airport and snooping what
> you see - it's scary knowing that 99.99% of people still use
> plain-text paswords in POP/IMAP/SMPT-AUTH, etc. and as I've just
> had one of my servers hijacked by spammers who used smtp-auth
> with valid username & password to relay email, it's a bit
> frightening )-: I suspect it's only a matter of time before the
> spammers latch onto this - they're not intersted in your email,
> just a spam-launch vector, and even if they don't do it fromthe
> WiFi AP, then they have a list of username/passwords they can
> use from elsewhere.
>
> So on your PC, you'd have to find the access point, try to
> associate with it, enter the wep/wpa key, then access a web
> site, whereupon it would hijack your connection, take you to
> it's own login/password screen where you'd enter the code on the
> ticket, then you'd have access for the time-limit specified by
> the ticket.
>
>>Presumably a server would also be needed to capture logging
>>information?
>
> What are you going to log?


> But yes, there's a syslog facility, so you could log the clients
> MAC address (no point logging the IP address they get as it's
> dynamic and could be re-used after rsome time - a wiley hacker
> would spoof their MAC address anyway) And unless you ask them
> for their name, address, phone number, then there's not much
> point. It would also be hard to log all the sites they visited
> too - not impossible, but hard as you'd run out of disk space...
>
> BT open wallet (and other instant access, open ones) works
> because you need to use a credit card to buy time on it, so they
> have that as a way of identifying you to the system, should the
> fuzz come knocking. For a simple high street cafe, it's probably
> not worth it - and if I were doing that, I'd maybe try to
> arrange seating such that it might be hard to fully conceal a
> screen from a casual passer-by. (Not that that would stop me
> doing something I shouldn't be doing, but it's a start)
>
> And you turn of firewalling too, so they can only do simple web
> browsing and hopefully not much else...
>

RE What are you going to log?
Errm, not sure, hence my question about the legal requirement
aspects. Assuming the Wi-Fi hotspot provider is classed as an ISP:
- what are ISPs required by law to log, and how long to retain
records?

The earlier suggestion of also using video surveillance recordings
seems a good idea.

Presumably with a packaged service the service provider (e.g. BT
Openzone) does the logging for you from a remote net management
centre?

Your input is much appreciated BTW. I suspected it wouldn't be simple
or easy but wasn't aware just how complex it can get.

It's not looking a viable proposition at the moment for the scale of
the business. The up-front equipment costs (£500 for gateway
box/ticket printer + server £???). The cafe manager and staff
wouldn't be able to support and administer the service themselves so
there'd be an ongoing IT service contract cost in addition to the ISP
costs.

In article <Xns991889EF1F14frz@80.5.182.99>,
Frazer Jolly Goodfellow <no-(E-Mail Removed)> wrote:

>RE What are you going to log?
>Errm, not sure, hence my question about the legal requirement
>aspects. Assuming the Wi-Fi hotspot provider is classed as an ISP:
>- what are ISPs required by law to log, and how long to retain
>records?

Would need a legal type to answer this ...

>The earlier suggestion of also using video surveillance recordings
>seems a good idea.

All shops have such systems these days. Just point one at the counter
where the punters pick up their coffee & cakes..

>Presumably with a packaged service the service provider (e.g. BT
>Openzone) does the logging for you from a remote net management
>centre?

Probably - They also have your credit card details which are a pretty
good way to identify you, should the need arise.

>Your input is much appreciated BTW. I suspected it wouldn't be simple
>or easy but wasn't aware just how complex it can get.

I think it can be as complex as you want it to be, but it really doesn't
need to be at all.

>It's not looking a viable proposition at the moment for the scale of
>the business. The up-front equipment costs (£500 for gateway
>box/ticket printer + server £???). The cafe manager and staff
>wouldn't be able to support and administer the service themselves so
>there'd be an ongoing IT service contract cost in addition to the ISP
>costs.

It is an expensive start-up, and you'd probably never break even on
it - unless you see it as a way to get punters into the shop in the
first place...

but you an just wing it - get a half decent ADSL ISP, one of these
boxes and off you go... Once the box is programmed, then all the staff
need to do is push one of the 3 buttons on the printer to give out
(eg) free 10 minutes if they buy a coffee & a cake, or a pound for half
an hour or whatever you want to charge... I'd probably be tempted, if it
were a sit-in cafe to not offer more than half an hour at a time - making
the punters come back for another ticket after half an hour... (would
sir like cake whith his internet access? Only £2.50 and you'll get a
free 10 minutes ;-)

The only initial hassle I'd see is that the ISP might prohibit "resell"
of their services in this way, but who's to know... Just get a decent
one (not one of the bulk buys with outsourced call centres) so if you
do have to call support at least they'll talk to you.

Oh, firewall port 25 and if they complain tell them they ought to be using
a mail submission service with their email provider on port 587.

Although that may cause you more problems that it will solve ;-)

Gordon