How to limit what guests have access to on your network with Captive Portal

Discussion in 'Server Security' started by gcawood, Dec 19, 2011.

  1. gcawood

    gcawood Administrator Staff Member

    Oct 28, 2011
    Likes Received:
    Many System Administrators manage networks in which guests are granted web access. The task of allowing users onto your network is fairly straightforward. However, making sure that those users comply with your organizations Terms of Service and don't do any silly is more complicated. One method that organizations employ to help their guests understand that all web traffic is monitored is by running a "Captive Portal" server.

    A Captive Portal server handles both the notification and regulation of guest activity on your network by proxying all web traffic through the Captive Portal server’s network. The network administrator is then able to enforce network usage policies by checking web addresses against white lists and black lists. Also, Captive Portal is commonly configured to display a mandatory default web page to all users, before they are able to access the internet. This default web page will normally contain TOS information, or login information.

    • Enforce your organization's terms of use acceptance
    • Enforce authentication of web users
    • Allow Multiple authentication methods (LDAP, RADIUS Server, and Active Directory Server)
    • Support time/interface based access policies
    • White list/Black list websites

    One of the main benefits of Captive Portal is that anonymous guest activity can be tracked per guest, so identifying and remediating problem activity can be done easily on a per-user level.
    I recommend running Untangle Untangle_company_logo.png for small offices, and Packet Fence PacketFence.jpg for larger deployments.

    Good Luck!

Share This Page