The decision to deploy a Network Access Control (NAC) or Network Management system may seem simple at first, but many questions remain beyond realizing that initial need. There are a number of factors you should consider when determining what type of NAC is right for you and how it might be deployed, as some tradeoffs exist that will affect your business model depending on what you are trying to accomplish. The following tips, although technical in nature, break down the trade-offs with easy-to-understand explanations.
1) Identifying your users as fixed or mobile – With fixed users, apartment buildings and offices can usually rely on what is called a MAC address to identify which users have access to the network. The MAC address is the unique address that comes with every networking card and wireless card on a computer.
However, the downside of using MAC address authentication is that many users like to be able to change computers or allow guests to login from their own machines. The only practical way for an ISP to deploy a MAC authentication system is when the ISP is able to install customer premise equipment such as a cable modem. The modem and its MAC address act as a gateway to the apartment or office and can be authenticated or shut off if a customer does not pay their bill.
Another issue to consider is that many installations need to be more dynamic, since people like to take their laptops out of their office or apartment and into a common area. The same is true for hotels and similar environments. Although every user on your network has an IP address, they are not unique to that user and can easily be spoofed. So, this essentially leaves you with only one option: Login-based authentication.
2) Login-based authentication – Login-based authentication lasts for the duration of the session when a user is logged in. It is controlled by username and password and the user is given a temporary IP address for their session, making it unlikely, but not impossible, that a hacker can steal the session.
Yet, there are some things that must be considered with a login based user session. Here are a few other key considerations when using a login-based authentication:
3) Automatic log out? – You can’t expect users to always log out or tell you when they are finished accessing the network, so you must log them out after a period of inactivity. This is especially true when users are paying for a limited amount of access time, or when a user may be utilizing multiple computers. The easiest way to do this is to program the NAC to log users out after a set amount of time of inactivity.
4) How to bill – You must decide if a user account gets billed by the calendar regardless of whether they use it, or simply by login time. If you’re likely to have a steady stream of multiple users who will want to log on for short amounts of time – like in an airport or coffee shop – it may make more sense to charge by the hour rather than by the month.
5) Do you want to offer different levels of service? – Many providers offer users a few different options with varying speeds. So, for example, you may want to tier your service with bronze, gold, and platinum levels, with users paying more in order to get faster speeds. This allows users who may just want to check their e-mail to do so at a lower cost than the users who are looking to stream videos or update their podcasts.
6) Can an account have more than one simultaneous login? – For example, you could sell access under a single account to a group of people for a sales meeting or convention, which would allow multiple users to access the Internet at the same time from their individual computers. Supply and demand really come into play here, so you need to make sure to allocate enough bandwidth for the multiple users, but also not run the risk of impacting others on your network.
7) Making the most of your space – You may also want to sell marketing space on your login page, which you are able to customize. Say, if you’re a hotel, I’m sure the local pizza place would love to place an ad – especially if they take orders online. This gives you the option of supplementing your existing income from network subscribers with a steady stream of advertising revenue.
8) How much support do you provide? – Do you have a support center available to give refunds for people who miss a charge or can’t get service after purchasing? The ease with which this can be done often depends on the setup that you’re running. For example, in a hotel, support can simply be provided at the front desk. This is a decision that will obviously also be based on your past experience with your network access controller. If problems don’t usually come up, then having around-the-clock support most likely won’t be necessary.
9) Easy instant billing? – Again, this will likely depend on your individual setup and what your customers will want. If you wish to use credit card processing on the fly for a login, you’ll need a merchant account with a bank that supports online authentication. The vendor who you purchase your system from will also need to know how to work with this account. But, if you’re just providing access to groups that have planned access with you ahead of time, the instant online billing probably isn’t needed.
While you’re likely to come across additional questions once you’ve got your network access controller in place, these considerations simply illustrate a sampling of what issues you may want to take into account. As mentioned throughout, in most cases, a final decision will ultimately depend on how and why your NAC is being used. Of course, for many, this may change on a regular basis. Therefore, you don’t necessarily need to have exact plans set in stone before implementing your NAC, but rather simply choose an option that will allow some flexibility. What’s important is that you remain in control.
Are Hotels Jamming 3G Access?November 28, 2010 — netequalizer
By Art Reisman
About 10 years ago, hotel operators were able to squeeze a nice chunk of change out of guests by charging high toll rates for phone service. However, most of that revenue went by the wayside in the early 2000s when every man, woman, and child on earth started carrying a cell phone. While this loss of revenue was in some cases offset by fees for Internet usage, thanks to 3G access cards most business travelers don’t even bother with hotel Internet service anymore — especially if they have to pay for it.
Yet, these access cards, and even your cell phone, aren’t always reliable in certain hotel settings, such as in interior conference rooms. But, are these simply examples of the random “dead spots” we encounter within the wireless world, or is there more to it? From off-the-record conversations with IT managers, we have learned that many of these rooms are designed with materials that deliberately block 3G signals — or at best make no attempt to allow the signals in. This is especially troubling in hotels that are still hanging on to the pay-for-Internet revenue stream, which will exist as long as customers (or their companies) will support it.
However, reliable complimentary Internet access is quickly becoming an increasingly common selling point for many hotels and is already a difference maker for some chains. We expect this will soon become a selling point even for the large conference centers that are currently implementing the pay-for-access plan.
While meeting the needs and expectations of every hotel guest can be challenging, the ability to provide reliable and affordable Internet service should be a relatively painless way for hotels and conference centers to keep customers happy. Reliable Internet service can be a differentiating factor and an incentive, or deterrent, for future business.
The challenge is finding a balance between the customer-satisfaction benefits of providing such a service and your bottom line. When it comes to Internet service, many hotels and conference centers are achieving this balance with the help of the NetEqualizer system. In the end, the NetEqualizer is allowing hotels and conference centers to provide better and more affordable service while keeping their own costs down. While the number of 3G and 4G users will certainly continue to grow, the option of good old wireless broadband is hard to overlook. And if it’s available to guests at a minimal fee or no extra charge, hotels and conference centers will not longer have to worry about keeping competing means of Internet access out.
Note: I could not find any specific references to hotels’ shrinking phone toll rate revenue, but as anecdotal evidence, most of the articles complaining about high phone toll charges were at least 7 years old, meaning not much new has been written on the subject in the last few years.
It seems that my suspicions have been confirmed officially. You can read the entire article here Marriott fined for jamming wifi