S 4.293 Secure operation of hotspots

Initiation responsibility: Head of IT, Top Management

Implementation responsibility: IT Security Officer, Head of IT, Administrator

The purpose of a hotspot is generally to permit (unknown) users easy access to the internet. In order to be able to operate a hotspot securely over the long term, successful authentication of all users is necessary on the hotspot. Commonly used and (for the most part) secure methods include, for example:

• Web authentication
  
  In this case, the user enters his/her access data (IP address, username, password, etc.) using a web interface. The data should naturally be transmitted in encrypted form using SSL/TLS. After successful login, access is enabled for the client.
• PPTP (Point to Point Tunnel Protocol)
  
  PPTP is a typical tunnelling protocol for VPNs, i.e. a protocol used to encrypt the data for transmission, to send the data through the tunnel, and to administer the connection. RC4 with 40 or 128bits is available as a cryptographic procedure for PPTP for encryption, and PAP or CHAP are available for selection for authentication purposes. Security gaps were discovered in common implementations of this tunnel method, especially in connection with weak passwords. For this reason, PPTP should not be used without additional security mechanisms.
• IPSec
  
  IPSec offers strong cryptographic procedures and mutual authentication of the communication partners. Authentication should be performed, of course, using certificates. However, certificates cannot be used in all IPSec implementations on the one hand, and the certificates must be suitably generated and distributed first (typical PKI problem) on the other hand.
• WLAN-specific security mechanisms such as WEP, IEEE 802.1X, WPA, WPA2, TKIP, IEEE 802.11i
  
  All WLAN-specific security mechanisms are intended to secure the transmission route. The mechanisms must be suitably combined for this purpose. Due to the rapid development in this area, these methods are not suitable for use in hotspots due to the widespread use of these methods and their security deficiencies.

Hotspot operators should offer suitable authentication procedures.

The following security safeguards should also be implemented when operating hotspots:

• Access points intended to be operated as hotspots must not be connected directly to a LAN and must be connected over a security gateway instead.
• Communication between the WLAN clients, referred to as inter-client communication, should be prevented completely.
• The wireless interface should be monitored by wireless analysis systems to detect unknown access points and hotspots.
• The authentication data should always be transmitted in encrypted form over the transmission route, i.e. between the WLAN client and access point. For the further transmission of the data from a hotspot access point to the authentication system (for example a RADIUS server), suitable encryption procedures such as SSL or IPSec must be used, especially when using public networks.
• If certificates are used for authentication, the certificates should be signed by a suitable certification instance. In addition, the fingerprint of the server certificate should be published so that users can check the authenticity.
• Every operator of a hotspot should offer at least one suitable procedure for encrypting of the data sent over the transmission route so that the users can protect their data from unauthorised reading. Not all users, though, are very interested in protecting their data and systems. Furthermore, the technical requirements for the use of the encryption procedures offered may not be met. For this reason, their use should remain optional. The users absolutely must be informed, though, of the capabilities and the advantages of encrypting their transmitted data.
• Many users want to access their own organisation's network remotely over a hotspot, for example using a VPN. To accomplish this, the users must be able to implement the organisation's security policies. For this reason, the technical design of the hotspot should permit the use of typical security safeguards such as IPsec.

In addition, hotspot operators should check their logs regularly to see if any irregular activities were recorded, for example if the number of users is higher than the number of guests logged in.

Providers of public hotspots must also follow the corresponding legal and regulatory specifications.

The users must be notified in advance and in a suitable manner of the terms of use. The terms of use should inform the users as to whether using the hotspot is free of charge or subject to a charge (including specification of corresponding prices), but also which services, and especially which security mechanisms, are offered when using the hotspot. The users must confirm that they have read the terms of use and accept them. When web authentication is used, the terms of use could be displayed on a website, for example, and the users could then accept the terms of use via this web page.

The security policies to be observed by the hotspot users are described in S 2.389 Secure use of hotspots.

Review questions:

• Is it ensured that the client is only enabled upon successful login procedure?
• Use of certificates for authentication: Have the certificates used been signed by a public certification instance?
• Does the hotspot operator offer a method for encrypting the WLAN communication?
• Is using a VPN within the WLAN supported?
• Does the hotspot operator conduct regular evaluations of the logged data in order to detect irregular activities in a timely manner, for example?
• Are public hotspots operated in accordance with the statutory and regulatory provisions?
• Are the users appropriately informed regarding the terms of use for the hotspot in advance (e.g. costs, services, security mechanisms) and are they required to acknowledge and accept these?
• Are the terms of use of the hotspot transparent and comprehensible for every user?
• Is there a regulation for protecting the tethered LAN?
• Is inter-client communication prevented?
• Is the wireless interface monitored to detect external access points and hotspots?
• Are the communication protocols and interfaces used for the purpose of authentication in accordance with the current state of the art?