← Patterns / SP-007

Wireless- Public Hotspot Pattern

Wireless public hotspot security pattern to access corporate computing resources

Release: 08.02 Authors: Spinoza Updated: 2025-07-05

Your browser does not support SVG. Download the diagram.

Click on controls in the diagram to view details. Download SVG

When to Use

You should apply this pattern when providing access for remote workers via Wireless Hotspots to your private corporate or organisation network. This pattern does not cover Bluetooth or Infrared.

When NOT to Use

Highly secure environments where risks from external connectivity must be minimised.

Typical Challenges

Strong authentication should be as easy to use as possible, with certificates stored on Smartcards a useful option. Other common approaches involve the use of tokens that generate a time based code that is entered along with a user ID and static PIN.
Clients need to have good configuration management to ensure that OS and application patches, signatures for antivirus and personal firewalls are kept up to date.

Threat Resistance

Spoofing, eavesdropping, impersonation, unauthorised access to computing resources.

Assumptions

Wireless Access Points cannot be trusted therefore the client machines must have personal firewalls installed, ideally with the ability to detect malicious traffic via anomaly detection or signatures. Personal firewalls should be configured to silently drop all inbound connections. Confidentiality and integrity is provided by use of a VPN to connect to private networked resources. Strong authentication ensures only valid users can connect.
Ensure that Network Intrusion Detection and Protection devices are deployed to cover traffic from VPN.

Mapped Controls (17)

AC: 1AT: 3AU: 1CA: 2IA: 1IR: 5RA: 1SC: 3