Hotspot (Wi-Fi)

From Wikipedia, the free encyclopedia

A hotspot is a physical location that offers internet access over a wireless LAN through the use of a shared internet connection and a single router. Hotspots can typically be found in coffee shops and various other public establishments throughout much of North America and Europe.

History

Wi-Fi hotspots were first proposed by Brett Stewart at the NetWorld+Interop conference in The Moscone Center in San Francisco in August 1993. Stewart did not use the term 'hotspot' but referred to publicly accessible wireless LANs. Stewart went on to found the companies PLANCOM in 1994 (for Public LAN Communications, which became MobileStar and then the HotSpot unit of T-Mobile USA) and Wayport in 1996.

The term 'HotSpot' may have first been advanced by Nokia about five years after Stewart first proposed the concept.

During the dot-com boom and subsequent burst in 2000, dozens of companies had the notion that Wi-Fi could become the payphone for broadband. The original notion was that users would pay for broadband access at hotspots.

Both paid and free hotspots continue to grow. Wireless networks that cover entire cities, such as municipal broadband have mushroomed. WiFi hotspots can be found in remote RV / Campground Parks across the US.

Many business models have emerged for hotspots. The final structure of the hotspot marketplace will ultimately have to consider the intellectual property rights of the early movers; portfolios of more than 1,000 allowed and pending patent claims are held by some of these parties.

Uses

The public can use a laptop, WiFi phone, or other suitable portable device to access the wireless connection (usually Wi-Fi) provided. Of the estimated 150 million laptops, 14 million PDAs, and other emerging Wi-Fi devices sold per year for the last few years, most include the Wi-Fi feature.

For venues that have broadband Internet access, offering wireless access is as simple as purchasing one AP, in conjunction with a router and connecting the AP to the Internet connection. A single wireless router combining these functions may suffice.

Locations

Hotspots are often found at restaurants, train stations, airports, military bases, libraries, hotels, hospitals, coffee shops, bookstores, fuel stations, department stores, supermarkets, RV parks and campgrounds and other public places. Many universities and schools have wireless networks in their campus.

Types

Free Wi-Fi hotspots

Free hotspots operate in two ways:

• Using an open public network is the easiest way to create a free HotSpot. All that is needed is a Wi-Fi router. Private users of wireless routers can turn off their authentication requirements, thus opening their connection, intentionally or not, for sharing by anyone in range. The disadvantage is that access to the router cannot be controlled.
• Closed public networks use a HotSpot Management System to control the HotSpot. This software runs on the router itself or an external computer. With this software, operators can authorize only specific users to access the Internet, and they often associate the free access to a menu or to a purchase limit. Operators are also now able to limit each user's available bandwidth - each user is therefore restricted to a certain speed to ensure that everyone gets a good quality service. Often this is done through Service Level Agreements.

Commercial hotspots

A commercial hotspot may feature:

• A captive portal / Login Screen that users are redirected to for authentication and payment
• A payment option using credit card, PayPal, BOZII, iPass, or other payment service
• A walled garden feature that allows free access to certain sites

Many services provide payment services to hotspot providers, for a monthly fee or commission from the end-user income. ZoneCD is a Linux distribution that provides payment services for hotspots who wish to deploy their own service.

Major airports and business hotels are more likely to charge for service. Most hotels provide free service to guests; and increasingly small airports and airline lounges offer free service. Roaming services are expanding among major hotspot service providers. With roaming service the users of a commercial provider can have access to other provider's hotspots with extra fees, in which such a user will be usually charged on the basis of access-per-minuite.

FON is a European company that allows users to share their wireless broadband and sells excess bandwidth to outside users (Aliens). Since this may breach users terms of service, FON has agreements with many broadband providers / ISPs.

One of the companies is TravelNetCon - an international high-speed Internet HotSpot mediator. Boingo is another major provider of hotspots.

Billing

EDCF User-Priority-List

The so called "User-Fairness-Model [3]" is a dynamic billing model, which allows a volume-based billing, with only the payload (data, video, audio) will be charged. Moreover, the tariff is classified by net traffic and user needs (Pommer, p. 116ff).

If the net traffic increases, then the user has to pay the next higher tariff class. By the way the user is asked for if he still wishes the session also by a higher traffic class. Moreover, in time-critical applications (video, audio) a higher class fare is charged, than for non time-critical applications (such as reading Web pages, e-mail).

Tariff classes of the User-Fairness-Model

The "User-fairness model" can be implemented with the help of EDCF (IEEE 802.11e). A EDCF user priority list shares the traffic in 3 access categories (data, video, audio) and user priorities (UP) (Pommer, p. 117):

• Data [UP 0|2]
• Video [UP 5|4]
• Audio [UP 7|6]

If the net traffic increases, then the frames of the particular access category (AC) are assigned a low priority value (e.g. video UP 5 to UP 4). This is also, if the data transfer is not time-critical.

Security concerns

Most hotspots are unsecured, lest passwords and other security measures hamper casual use. User data is shared as clear text for all users accessing the internet via the hotspot. If the same network is used for private information, users may thus sniff the network easily and retrieve potentially sensitive information.

In order to increase security, reserving at least 1 access point completely for public use is recommended.[4] Any personal additional wireless or wired network should be kept separate by specifying a different IP-range. Also, it is advocated by some that all ports except those for e-mail (TCP/25) and browsing (TCP/80) are closed down. Finally, the ESSID should be set to a value that indicates it is indeed a public network, e.g. "Public Hotspot"

Some hotspots authenticate users. This does not secure the data transmission or prevent packet sniffers from allowing people to see traffic on the network.

Some venues offer VPN as an option, sometimes for an additional fee. This solution is expensive to scale. Also, it may still not be secure as only the connection between user and network is shielded, and the network itself is not.

Others such as T-mobile and Boingo provide a download option that deploys WPA support specific to T-mobile. This conflicts with enterprise configurations at Cisco, IBM, HP, Google, and other large enterprises who have solutions specific to their internal WLAN.

A "poisoned/rogue hotspot" refers to a free public hotspot set up by identity thieves or other malicious individuals for the purpose of "sniffing" the data sent by the user. [5] Such identity thieves will have instant access to the MAC-address of the connecting terminal, which individually identifies the hardware. This is the only piece of information that is quickly and instantly obtained by such identity thieves. By examining packets sent, they may attempt to decipher passwords, login names, or other sensitive information. This abuse can be avoided by the use of VPN.

Hotspots provide an ex-filtration route for attackers as well. If you provide a hotspot for your visitors or guests or there is one in your area, you may be providing a route out for attackers. Even if you monitor or log that traffic there are many routes around such monitoring, such as DNS, ICMP, or SSH tunneling and Steganography.