Page 799 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 799
connected wireless web client to a portal access control page. The
portal page may require the user to input payment information,
provide logon credentials, or input an access code. A captive portal is
also used to display an acceptable use policy, privacy policy, and
tracking policy to the user, who must consent to the policies before
being able to communicate across the network. Captive portals are
most often located on wireless networks implemented for public use,
such as at hotels, restaurants, bars, airports, libraries, and so on.
However, they can be used on cabled Ethernet connections as well.
General Wi-Fi Security Procedure
Based on the details of wireless security and configuration options,
here is a general guide or procedure to follow when deploying a Wi-Fi
network. These steps are in order of consideration and
application/installation. Additionally, this order does not imply which
step offers more security. For example, using WPA2 is a real security
feature as opposed to SSID broadcast disabling. Here are the steps:
1. Change the default administrator password.
2. Decide whether to disable the SSID broadcast based on your
deployment requirements.
3. Change the SSID to something unique.
4. Enable MAC filtering if the pool of wireless clients is relatively
small (usually less than 20) and static.
5. Consider using static IP addresses, or configure DHCP with
reservations (applicable only for small deployments).
6. Turn on the highest form of authentication and encryption
supported, which is currently WPA2 and may soon be WPA3 (a
new security mode in development as of the start of 2018:
https://www.networkworld.com/article/3247658/wi-fi/wi-fi-
alliance-announces-wpa3-to-secure-modern-networks.html). If
WPA2 or a newer/stronger solution is not available on your device,
then you need to obtain new wireless equipment.
7. Treat wireless as remote access, and manage access using 802.1X.
