I am recently in charge of a network of 100 people. The department was a little bit abandon, so i am trying to bring it back up.<\/p>\n
Advertisement
My question is when it comes to access to the Wi-Fi what are your politics about it for personal computer/IPad/Phone?<\/p>\n
WiFi network for employe as access to everything.<\/p>\n
-Does every device need to have an anti-virus? if yes, are you accepting free anti-virus?<\/p>\n
-Do you make the password public for employe or IT as to enter it on every device?<\/p>\n
-Any other suggestion i might be missing?<\/p>\n
Thank for your anwser.<\/p>","upvoteCount":42,"answerCount":27,"datePublished":"2020-11-23T14:49:45.000Z","author":{"@type":"Person","name":"alexandretheberge72","url":"https://community.spiceworks.com/u/alexandretheberge72"},"acceptedAnswer":{"@type":"Answer","text":"
Multiple SSIDs work great. \nWe have our “official” company WiFi, which is restricted to approved devices only. This is the trusted WiFi network that has access to all company resources. \nWe also provide a second Guest WiFi network for customers, employee personal devices, vendors, etc. That one is isolated. It has no routes to any company resources and only has access to the Internet. \nFor guest devices on the guest network, I don’t care about A/V or how secure they are. May the odds be ever in your favor.<\/p>\n
For employee-owned devices that want to access the corporate network, the employee must bring the device to IT for approval before it is able to connect (MAC whitelist and MDM provisioning). The employee must sign a BYOD agreement. IT wipes the device, asserts admin rights, and properly provisions and secures it for official use, joins domain, etc. User acknowledges that if the device is lost or stolen, or the employee leaves the company, IT will wipe and factory reset the device remotely without warning. If employee disagrees with the BYOD policy, employee uses company provided equipment.<\/p>","upvoteCount":44,"datePublished":"2020-11-23T15:05:19.000Z","url":"https://community.spiceworks.com/t/wifi-what-are-the-best-practice/782722/2","author":{"@type":"Person","name":"spiceuser-g6fj2","url":"https://community.spiceworks.com/u/spiceuser-g6fj2"}},"suggestedAnswer":[{"@type":"Answer","text":"
Hi everyone,<\/p>\n
I am recently in charge of a network of 100 people. The department was a little bit abandon, so i am trying to bring it back up.<\/p>\n
My question is when it comes to access to the Wi-Fi what are your politics about it for personal computer/IPad/Phone?<\/p>\n
WiFi network for employe as access to everything.<\/p>\n
-Does every device need to have an anti-virus? if yes, are you accepting free anti-virus?<\/p>\n
-Do you make the password public for employe or IT as to enter it on every device?<\/p>\n
-Any other suggestion i might be missing?<\/p>\n
Thank for your anwser.<\/p>","upvoteCount":42,"datePublished":"2020-11-23T14:49:45.000Z","url":"https://community.spiceworks.com/t/wifi-what-are-the-best-practice/782722/1","author":{"@type":"Person","name":"alexandretheberge72","url":"https://community.spiceworks.com/u/alexandretheberge72"}},{"@type":"Answer","text":"
We have a guest network, which is open to anyone within our org, we just have a monthly password on it which is receivable by email.<\/p>\n
For corporate devices, they are supposed to be connected to the corp wifi, not the quest. we use a preshared key for the hardware and the user is required to use Google sign in.<\/p>\n
We have a simple rule, no personal devices are allowed on the corp wifi.<\/p>","upvoteCount":3,"datePublished":"2020-11-23T15:29:28.000Z","url":"https://community.spiceworks.com/t/wifi-what-are-the-best-practice/782722/3","author":{"@type":"Person","name":"mhunt","url":"https://community.spiceworks.com/u/mhunt"}},{"@type":"Answer","text":"
Personal devices on a corporate network - he!! no. If it happens, my goal is to ensure the end-user works for someone else.<\/p>\n
Now, a dedicated guest network is a different animal entirely and every company should have one to help mitigate someone connecting to a business lan.<\/p>","upvoteCount":5,"datePublished":"2020-11-23T16:43:20.000Z","url":"https://community.spiceworks.com/t/wifi-what-are-the-best-practice/782722/4","author":{"@type":"Person","name":"jcLAMBERT","url":"https://community.spiceworks.com/u/jcLAMBERT"}},{"@type":"Answer","text":"
A Guest WiFi should be enabled and isolate it and have bandwidth reduced as to limit with speeds of normal business network. Maybe put it on the back-up internet too.<\/p>\n
AV should not be required if it’s not on the corporate network. \nIf your business has HIPAA or SOX requirements then you have more restrictions.<\/p>\n
A periodic password change is good, maybe 90 days.<\/p>","upvoteCount":0,"datePublished":"2020-11-23T17:36:01.000Z","url":"https://community.spiceworks.com/t/wifi-what-are-the-best-practice/782722/5","author":{"@type":"Person","name":"spiceuser-jb9a5","url":"https://community.spiceworks.com/u/spiceuser-jb9a5"}},{"@type":"Answer","text":"
Depending on the type of clients you work with or if PCI compliance applies I will even get a second service connection that is slower and just for guest devices including your employee guest devices. I try to have clients make it a policy that if a device wants to be on their network it needs to have AV and be monitored. With personal devices you cannot just install agents and monitor them so it’s easy to just not allow them at all. I don’t use xfinity owned modems either since they broadcast an xfinity network any xfinity user can join. There are some APs that can check for AV before allowing a device to join as well as have them agree to the network terms with a portal. UniFi AC Pro APs can do this as well as others but I have had solid results with the UniFi AC Pro AP. In a small business network with lax requirements I just create a vlan for guests and have an AP on that vlan for guest access. A netgate router, smart PoE switch and an UniFi AC Pro will handle almost every situation I have needed for small businesses.<\/p>","upvoteCount":0,"datePublished":"2020-11-23T18:19:20.000Z","url":"https://community.spiceworks.com/t/wifi-what-are-the-best-practice/782722/6","author":{"@type":"Person","name":"rsmedley87","url":"https://community.spiceworks.com/u/rsmedley87"}},{"@type":"Answer","text":"
Whatever you do, for it to have teeth, you have to introduce the tech like medley and plumb just mentioned. You have to vet every device to make sure it meets your guidelines before connecting, or deny them access. Otherwise, it’ll happen anyway, up to the highest Executive levels.<\/p>","upvoteCount":2,"datePublished":"2020-11-23T20:13:43.000Z","url":"https://community.spiceworks.com/t/wifi-what-are-the-best-practice/782722/7","author":{"@type":"Person","name":"tjollimore","url":"https://community.spiceworks.com/u/tjollimore"}},{"@type":"Answer","text":"
We have a Corporate Wifi that has access to all network resources for domain joined laptops/mobile devices & we have a Guest Wifi for personal devices that is on a different VLAN. That way all mobile devices can use wifi but can only access what they need.<\/p>\n
Never give out the password unless it’s the CEO or your supervisor saying that you have to give it out, to avoid personal devices on the Corporate Wifi. Good luck!<\/p>","upvoteCount":3,"datePublished":"2020-11-24T04:04:26.000Z","url":"https://community.spiceworks.com/t/wifi-what-are-the-best-practice/782722/8","author":{"@type":"Person","name":"tb33t","url":"https://community.spiceworks.com/u/tb33t"}},{"@type":"Answer","text":"
-SSID to acces local resouces.<\/p>\n
-Guest network for Smartphones and Smart TV.<\/p>\n
-Voucher Guest SSID for visiteurs : we use printable vouchers with time limitation for authentication.<\/p>\n
NB : Guest SSID : With NAT mode, runs the on-board DHCP server on the access point, which provides local isolated IPs to the guest network clients. All client traffic is routed so that they can only access the internet.<\/p>","upvoteCount":1,"datePublished":"2020-11-24T06:24:36.000Z","url":"https://community.spiceworks.com/t/wifi-what-are-the-best-practice/782722/9","author":{"@type":"Person","name":"nizarima","url":"https://community.spiceworks.com/u/nizarima"}},{"@type":"Answer","text":"
Separate SSIDs for work devices and if you allow personal.<\/p>\n
Of course everything that is on your network needs anti virus. Free anti virus usually has some sort of Draw back and most are not free in a corporate environment.<\/p>\n
For company computers you need to either deploy the Wifi connectivity via GPO or go program it in. If you give it to the employees some will put it into their personal devices defeating the whole purpose of separate SSIDs.<\/p>\n
As for the public SSID if you choose to use it of course you can share that will employees just make sure to not allow devices on that wifi onto your network just allow the traffic out the firewall. Usually done with restrictions of course so employees don’t eat up to much bandwidth on their personal devices slowing down the network for devices actually trying to do work.<\/p>","upvoteCount":0,"datePublished":"2020-11-24T13:23:37.000Z","url":"https://community.spiceworks.com/t/wifi-what-are-the-best-practice/782722/10","author":{"@type":"Person","name":"eric7615","url":"https://community.spiceworks.com/u/eric7615"}},{"@type":"Answer","text":"