Home > General > Using a La Fonera as a sandbox SSID to provide safer access for visitors in the office

Using a La Fonera as a sandbox SSID to provide safer access for visitors in the office

May 2, 2008

I was chatting with Ali Ebrahim over IM and mentioned to him that the La Fonera was quite useful as a quick mechanism to provide a sandbox SSID for visitors to his office who wanted to connect to the Internet. I’d like to elaborate on the exact mechanism

Offering access via the office WLAN or even via a wired connection opens up the risk of having an external entity access to an office’s internal network. I’ll leave it to your imagination as to what could possibly go wrong here (virus infection, internal file shares visible etc).

Whilst it is always possible to deny any form of Internet access to a visitor, it is possible via a La Fonera not only to provide access but at the same time be secure.

You may rightfully ask

Won’t it require the visitor/guest to be a fonero , that is run La Fonera/Fonera+ at his/her home/office so that he could connect to our office’s FON Access Point ? This may preclude the majority of visitors to an office

The answer is

  • Use the Friends and Family mechanism available by logging in on the FON User Zone.

The Friends and Family mechanism in the FON User Zone enables a fonero to setup local users on his FON Access Point with an associated password. This username and password is specific to that FON Access Point. You just need to setup one username/password. Multiple users can connect to that FON Hotspot via that username/password. I recommend modify the captive portal page to inform people about the username/password. The La Fonera defaults to having the bandwidth limited to 512 Kbit/sec to the Internet for connections made via its FON_whatever SSID. Connections made to the public SSID FON_whatever are on a separate VLAN and users cannot see any open shares on the office network.

Thus with this mechanism, one could allow access to the Internet to visitors/guests in an office environment by having them connect to the open FON_whatever SSID and still have them separate from the office internal network. You should keep your private SSID secure using WPA2 and use a difficult to guess password. It’s best to change the default password which is the serial number of the La Fonera as well as the default private SSID which is MyPlace

BTW, If you are using FON, I really recommend the Devicescape Connection Manager. It makes connecting to FON Hotspots pretty much a no-brainer. I really wish providers like Y5Zone and PCCW in Hong Kong would work with Devicescape and get their hotspots supported in the system. I’ve seen a number of their customers asking in the forums how to get Devicescape working with such hotspots. I’m also looking forward to a proper iPhone Devicescape app when Apple officially allows it

Technorati tags: , , , ,
Categories: General
%d bloggers like this: