PDA

View Full Version : Is Guest Network a Risk?



2macs
12-03-2017, 10:17 PM
I am curious as to ways you handle guest networks, in a home environment.

I have used Airport Extreme (both the most recent , silo shaped device, and the previous flat shape),
to control my home network. I enforce physical security rigorously, and
I do not allow anyone to know the main WIFI pass word.

But I also provide a guest network for visitors, with the password provided to any visitor.
I have 10 to 15 users of the guest network on a weekly basis.
(14 year old girl's friends, as well as a gamer son running a 12-15 participant D & D)

None of the visitors appear to be terrorists,
but I am interested in how large an opening a guest network provides to a plotter?

Changing that password is a bit of a PITA for all concerned. I would rather leave it asis.

I am interested in other steps I might take to further secure my main network,
without shutting down the guest net. Gamers in the basement using WIFI calling are
less obtrusive than a constant stream of them coming up to "get bars".

Am I opening up my network too much? I really am NOT paranoid.

John

MacInWin
12-04-2017, 02:37 AM
I don't thinks so, personally. I don't have teens at home anymore, but I do have a guest network and all my children and grands have the code for it. Christmas is chaos with all of them on at once!

michelangelo
12-15-2017, 06:32 PM
2macs, a guest network, created by an airport base station configured as a router, IS a separate network. The router is indeed split as being two separate routers, each one creating and running its own separate network, hence the base station has three interfaces, WAN, LAN1 and LAN2 (guest). Technically, these two LANs are virtual local area networks (VLANS) on the same grid of cables or wifi waves, in which the packets are separated by tagging (VLAN tag 1003, I believe, is for the guest network). Ther is no way a client on the guest network may access: any client on your main network; the admin interface of your router or of the airport base stations you may use as wifi access points. It is as secure as an oyster. I use a guest network myself and have replaced, in my basement where internet arrives, the AirPort Extreme with 3 interfaces by a PfSense firewall-router. It works the same but helped me understand what is going on there. Apple does not tell. HTH.

pm-r
12-15-2017, 08:49 PM
Am I opening up my network too much? I really am NOT paranoid.


Yeah right… that's what they all say, especially the paranoid… :Mischievous: ;)

Rather than reinvent the wheel here, why not use and ask google??? i.e.:
Is using Guest Network a security Risk which I think it is you're asking…
https://www.google.ca/search?client=safari&rls=en&q=Is+using+Guest+Network+a+security+Risk&ie=UTF-8&oe=UTF-8&gfe_rd=cr&dcr=0&ei=p2s0WoW-PLDj8Ae_gKPACw

And then check your settings, equipment and situation.

And PS: you can always just turn off the plotter but I'm not sure why it would need any or extra protection anyway.




- Patrick
======

2macs
12-16-2017, 02:39 PM
Patrick,
Are you a senior-member, or a senior that happens to be a member?
(just trying to gauge whether you are trying to tweak the old guy.)

Thanks for the search suggestion. That gave a lot of info. Probably far more than I can digest.

The "plotter" reference was for two legged version, not the cutesy, moving pen thingy.

The discussions found with search seem to indicate that The way Apple handles guest nets is OK.
My Extreme is still operating acceptably, I am not looking forward to figuring out a replacement.

John

pm-r
12-16-2017, 07:31 PM
Patrick,
Are you a senior-member, or a senior that happens to be a member?
(just trying to gauge whether you are trying to tweak the old guy.)

Well John, the "senior member" came from the admins/mods I assume and besides that, I'm a mid-70s retired pensioner who's worked with Macs and their associated stuff for about 28 years.


The "plotter" reference was for two legged version, not the cutesy, moving pen thingy.
LOL!!! You sure got me on that one.

Anyway, I hope you got all sorted out and all your questions answered.




- Patrick
======