The Technology Department provides a wireless network for guests and employees to access the Internet. This service is available at all hours and on all days.
The location you're at will determine the name of the guest Wi-Fi. For example, the Town Hall is called “PlainvilleTHGuest” whereas the Recreation office is named “PlainvilleRECGuest”.
The Town's guest Wi-Fi is available to connect to without a password. This is known as an open “unauthenticated” network.
Wi-Fi Security
The Town provides encryption of the open network through a feature known as Wi-Fi Enhanced Open. Many modern devices and computers are capable of taking advantage of this feature and will do so automatically upon connecting. However, no Apple devices currently support this feature and will fall back to the unencrypted open network with the ominous warning of “Unsecured network”.
In the past, connecting to an open unsecured network posed a serious threat. Today, these concerns have been reduced and, in many cases, eliminated. Listed below are some of the ways connections on the guest Wi-Fi are kept safe.
-
Device Isolation - As an additional layer of protection when connected to the guest Wi-Fi, all connected devices are isolated. This technique prevents communication with other devices on the network preventing snooping and other potential network attacks.
-
Secure Web Browsing - Nearly all major websites you visit are encrypted, protecting your login credentials, banking information, credit card data and more.
-
Firewalls - If your device supports it, you can use the built-in firewall.
-
App Transport Security - Apple devices use a networking feature called App Transport Security that provides secure communication for privacy and data integrity.
-
Town Enterprise Firewall - All Internet traffic that is available to the guest Wi-Fi goes through the Town's enterprise-grade firewall. This helps to protect end-users by scanning the majority of the traffic for malicious content and viruses as well as blocking dangerous and inappropriate sites and services.
- Note: All guest Wi-Fi network traffic is kept separate from the Town's network.
Future Improvements to Wi-Fi Security
The Technology Department recognizes the need for improved security measures. A blanket password protected network would appear to solve the encryption concerns but would end up being a less secure environment than what is currently made available.
When providing a single key to the public it gives someone the ability to break the encryption. Rotating passwords and other such measures would be better but create a management problem that the Town is not able to support at this time.
The goal is to eventually provide self-onboarding capability (captive portals) that would allow users to self-authenticate to the Wi-Fi, have a secured connection and allow employees or vendors to be granted with special access permissions.