A web content filter for guest WiFi is a mechanism through which organizations can protect their WiFi routers and their guests´ devices from online threats. The WiFi filter can also be configured to create a safer browsing environment for guests by blocking access to inappropriate content, which allows businesses to apply to use the ‘Friendly WiFi’ symbol to confirm that they are committed to supporting the need for protecting customers from unsafe and undesirable web content. A guest WiFi filer can also be configured to limit excessive bandwidth use by individuals to ensure every guest can access the Internet.
Although the abilities of a web content filter for guest WiFi might lead you to believe that a high level of expertise is required to install and manage the filtering mechanism, nothing could be further from the truth. Implementation takes just a couple of minutes and requires no technical know-how. Thereafter, the web content filter has a very low maintenance overhead. Furthermore, a web content filter for guest WiFi has no upfront costs and is remarkably inexpensive to operate.
The Benefits and Risks of Providing WiFi Access
Everybody wants WiFi access. Customers want to stay connected in shops, bars, and restaurants, and while traveling or staying in hotels. Visitors to shopping malls, hospitals, and businesses also want to be able to access the Internet, while children demand it in schools, libraries, and educational institutions. Any business or organization that does not offer WiFi access is likely to lose customers to competitors who do.
However, providing unfiltered WiFi access has its risks. There are risks from cybercriminals who want to steal data and identities, risks from Internet users that will browse inappropriate material they would not be able to at home, and the risk that one guest will use up all your bandwidth in order to watch a live-streamed sports event – denying Internet access to all your other guests. These risks could undermine any benefit your company or organization would get from providing WiFi access.
The Commercial Advantage of WiFi Content Filtering
Because of the risks that your customers could fall victim to an online scam, be exposed to inappropriate material, or not be able to get on the Internet at all, it can be better to provide no guest WiFi access! News spreads fast about bad service and, if your company or business is supplying an unfiltered WiFi service in which customers´ identities are stolen and children are exposed to pornography, you are likely to lose any commercial advantage of providing a WiFi service for guests.
However, with a web content filter for guest WiFi, these potential scenarios can be avoided. A WiFi filter puts you in control of what your guests can access from their personal mobile devices – protecting guests and their mobile devices from online threats, preventing Internet users and non-Internet users from being exposed to inappropriate content, and ensuring that there is enough bandwidth for every guest to access the Internet at all times.
With WiFi content filtering, not only will you be providing your guests with a higher level of service, you will likely generate additional custom from businesses that continue to provide their customers with an unsafe browsing environment. We expand on each of the main “guest” reasons for implementing WiFi content filtering below; but, while discussing the commercial advantages of WiFi content filtering, this would be a good time to discuss your own online protection.
Protecting Your Router from Malware
It is well chronicled that many routers have security vulnerabilities. These security vulnerabilities can be exploited by hackers, who can change the router´s DNS settings to point at a malicious DNS server. Once the DNS settings have been altered, whenever you type in a URL or click on a link, the malicious DNS server redirects your request to visit a website to wherever the hacker wants you to go. For example, you may end up at a website full of revenue-generating ads or a phishing site that looks exactly the same as the site you were intending to visit.
In addition to messing with your router´s DNS settings, a hacker can perform drive-by malware downloads onto your router, use a cross-site request forgery attack to take control of your router administration or launch a worm that will seek out other WiFi routers within range of yours and add them to botnets that hackers can control remotely. If your WiFi router is within range of somebody else´s already-compromised WiFi router, your wireless network could already be being controlled by a hacker.
A web content filter for guest WiFi can prevent these scenarios from happening. When you subscribe to a filtering service, the connection to the service is made through a voluntary change of your router´s DNS settings. Safeguards are in place to prevent any security vulnerabilities from being exploited or the router´s DNS settings from being involuntarily changed (by a hacker). A guest web filter for WiFi will also help to prevent your WiFi router from being taken over by hackers.
Protecting Guests´ Devices from Online Threats
A web content filter for guest WiFi protects your guests´ mobile devices from malware and ransomware by preventing Internet users from accessing websites known to harbor viruses, trojans, adware, and other forms of malicious software (“malware”). It can also prevent Internet users from visiting websites that have been constructed with the sole purpose of executing a phishing attack. WiFi content filters do this by inspecting every request to visit a website against a series of pre-configured filters and only granting access if all conditions are met.
The primary protection against malware and ransomware is called a “blacklist”. This is a list of websites known to harbor malware and ransomware or illegal web content. If the requested website appears on the blacklist, the request is denied and the Internet user is shown a message explaining why they cannot visit the site. For the best protection of guests´ devices from online threats, implement a WiFi filter with “real-time” software updates rather than daily or periodic software updates.
Further protection against malware, ransomware, and phishing attacks is provided by URIBL and SURBL filters. These filtering mechanisms prevent Internet users from visiting websites that hide their true identity behind a proxy server or behind the whois privacy feature, and websites known to be used for phishing attacks. If an Internet user specifically wants to visit a blocked website, this can be arranged by contacting the administrator and getting the content added to a whitelist or using the cloud key features (see “Key Elements” below).
Guest WiFi Protection via Category and Keyword Filters
Other filters – typically category filters and keyword filters – enhance guest WiFi protection by preventing access to certain categories of websites or preventing Internet users from downloading files types most commonly associated with malware. Being one of the most common categories of websites visited outside the home environment, unauthorized pharmaceutical websites are often hijacked by cybercriminals, while .exe, .bat, .js, .zip, and .scr files are often used to deliver or mask malicious code.
Category filters are easy to apply. More than 3 million websites are sorted into categories by the WiFi filtering service provider, and all system administrators have to do to block access to each category is check a box in a web-based management portal. Similarly, a simple procedure enables organizations to block Internet users visiting websites containing specific keywords (or file types) – a process that can be used to block access to price comparison websites or competitors´ websites in addition to malware and phishing threats.
The category and keyword filters can be applied to individual users, user groups, or universally. For example, if you run a restaurant, you may not want to allow your employees to access social media websites, but it would be a bad idea to block access to Facebook, Twitter, and Instagram for your diners. The filters can also be applied by time. So, if you are a venue in which there is a demand from users to access adult-rated online material, you could configure the category filters so they were relaxed after a watershed.
Preventing Exposure to Inappropriate Content
Some Internet users take advantage of a public WiFi service to view content they would not be able to in their homes. This may be because they prefer the anonymity of a public WiFi service where their IP address cannot be traced, or – often in the case of minors – because parental control filters have been implemented on their home computer.
If you have customers in your premises openly viewing pornography, extreme images of violence and death, child abuse, and other obscene, illegal, or highly inappropriate content, it is likely to deter other customers who object to being exposed to that nature of the material. It also speaks volumes about the nature of the customers who frequent your business. By blocking this content, you protect your business and your customers and can attract new business by advertising that you provide a family-friendly WiFi service.
A web content filter for guest WiFi enables business owners to block access to inappropriate content to create a safe browsing environment for every guest. Furthermore, if you have a corporate WiFi service for your employees, blocking access to non-work-related activities can eliminate “cyberslacking”, improve productivity, create a better working environment, and avoid potential HR issues.
Using a WiFi Filter to Conserve Bandwidth
Providing customers with access to a filtered WiFi network can help to attract more business, but users must also be able to benefit from reasonable Internet speeds. Many hotspot providers find bandwidth is squeezed during busy periods and Internet speeds become unacceptably slow.
A web content filter for guest WiFi can be used to monitor bandwidth, and restrict access to certain bandwidth-crushing Internet services at times when networks are strained. Blocking video streaming websites during peak hours, for example, can ensure all customers benefit from reasonable Internet speeds.
Bandwidth issues can also be due to malware already present on users´ devices. If you identify an uncharacteristically high use of bandwidth for the activities your customers are engaged in, advising them that their devices might possibly be infected (through no fault of your own) would increase customer confidence in your business and their appreciation of your service.
Where to Use a Web Content Filter for Guest WiFi
Any provider of WiFi for guests can benefit from using a web filter to control the content that can be accessed over the wireless network. Some of the main advantages of implementing a web content filter for guest WiFi are detailed below for specific use cases:
WiFi Filter for Bars, Restaurants, Coffee Shops, and Hotels
Any location offering public WiFi access should ideally implement controls to prevent illegal activity and the accessing of obscene or potentially harmful website content. Content should be restricted to family-friendly websites that are suitable for all users. A web content filter for guest WiFi can also be used to conserve bandwidth and monitor Internet activity. By monitoring the activity of users of your WiFi network, you can gain valuable insights into your customers that can be used to develop future marketing strategies and promotions.
WiFi Filter for Airports, Trains, and Transport Networks
Business travelers require fast Internet access and transport decisions are often made based on Internet availability. It is important to ensure sufficient bandwidth is available for all users. It is therefore advisable to use a web content filter for guest WiFi in order to restrict certain online activities to conserve bandwidth. Content controls should also be applied to protect minors. If you offer a free and paid service, controls can be set differently for each.
WiFi Filter for Shops and Shopping Malls
A web content filter for guest WiFi can be used to track the websites used by customers while shopping, or to restrict access to price comparison websites and those of competitors. Site access reports generated by a guest WiFi web content filter can allow valuable insights to be gained into customer behavior, which can be used when developing future services or marketing campaigns. Providing a filtered WiFi service will also help you to attract more business.
WiFi Filter for Hospitals
While content control is important to prevent unsuitable content from being accessed in hospitals, one of the main problems is malware and phishing. Cybercriminals are targeting healthcare providers for the data they hold on patients. The U.S Health Insurance Portability and Accountability Act (HIPAA) requires hospitals to implement controls to keep all patient data safeguarded. A web content filter for guest WiFi should be applied to reduce the risk of malicious software downloads which could compromise hospital networks.
WiFi Filter for Businesses
Businesses and enterprise web filtering solutions are less of an option and more of a requirement these days. Many man-hours are lost to personal Internet use. By restricting access to sites such as social media networks, shopping portals, and video streaming sites, businesses can prevent employees from wasting time and benefit from improved productivity. Filtering the Internet also helps to prevent the creation of a hostile work environment and associated HR issues.
WiFi Filter for Schools, Libraries, and Educational Institutions
The primary reason for applying a WiFi filter for schools, libraries, and other educational institutions is to prevent adult and other potentially harmful content from being accessed by minors. In the United States, a web content filter is a requirement in schools and libraries in many jurisdictions under the Children’s Internet Protection Act (CIPA). It is surprisingly common for individuals to visit libraries specifically to use the Internet to access illegal content and benefit from the anonymity the WiFi service gives them.
Key Elements of a Web Content Filtering Solution
Regardless of where you implement a WiFi filter, there are some key elements every web content filtering solution should have. Naturally, you want your web content filtering solution to be effective, but you also want to run your business rather than have to police your guests´ online activities. Consequently, ease-of-use should be high on your list when considering a web content filtering solution.
Other considerations to take into account include SSL inspection and whitelisting. SSL certificates – the small padlocks that appear on an address bar before a website starting with an HTTPS:// prefix – indicate that the content of a website is encrypted and is supposedly safe to use. Unfortunately, encrypted websites have their vulnerabilities, and many have been exploited to launch “man-in-the-middle” or phishing attacks, often resulting in identity theft and financial loss for the individual. Many malicious sites have the HTTPS:// prefix.
With SSL inspection, the content of each encrypted website is inspected for malware and other malicious content and any breaches of the organization´s acceptable use policy. This can take time and slow Internet speeds for users. Consequently whitelisting the most commonly visited encrypted websites (Google, Yahoo. Facebook, etc.) is also a key element of a web content filtering solution in order to avoid any latency in Internet speeds. Whitelisting can also be used to allow guests access to blocked websites on request.
Implementing Guest WiFi Management
It was mentioned above about policing guests´ online activities, and there is one very important reason why this needs to be done – illegal activity. Some illegal activities are not as bad as others. For example, foreign nationals working remotely on a travel visa and twelve-year-old girls accessing Facebook are technically breaking the law. However, knowingly allowing illegal downloads via your WiFi service could get you in more than a spot of bother.
Copyright infringement is big business for “copyright trolls” – businesses who identify illegal downloaders and then threaten them with court action before allowing them to settle with a fine. If copyrighted material is being illegally downloaded via your WiFi service, it is plausible that a copyright troll would attempt to charge the business owner facilitating the copyright infringement rather than the individual.
Guest WiFi management avoids this scenario. You can use category filters and keywords to block access to illegal download sites and restrict the bandwidth available to the device in order to make any downloads so slow, the illegal downloader does not bother (you can relax this restriction for other users). You should also block access to proxy servers and anonymizer sites to prevent guests from circumnavigating your WiFi filter parameters.
Recap: The Ideal Guest WiFi Solution
There have been a lot of topics discussed in this article, so we thought it would be a good idea to provide a recap of what makes an ideal guest WiFi solution. Primarily you want a guest WiFi solution to provide a safe browsing environment for guests, customers, travelers, employees, and children.
You want it to provide online protection for both your business and the customers that use your guest WiFi solution – not only when browsing the Internet, but also when reading emails, using Instant Messenger services and social media networks.
The solution should be flexible – with easy guest WiFi management – and preferably be scalable, so that if the size of your business or organization expands, your WiFi filter will be able to cope with the increased demand without slowing down the Internet speed. This is easiest with cloud-based services that can be easily scaled and allow you to only pay for the capacity that you need.
WebTitan Cloud for WiFi
WebTitan Cloud for WiFi can be used to protect all WiFi hotspots and control the content that can be accessed by guests. Being 100% cloud-based, it requires no software downloads and no additional hardware. Our web filter is also quick and easy to implement. In most cases, after a simple change is made to your DNS settings, web filtering takes just minutes to apply.
WebTitan Cloud for WiFi is a scalable web filtering solution that can be applied to WiFi networks of all sizes – from single hotspots to nationwide WiFi networks. There are no limits on the number of hotspots that can be protected, and the web content filter for guest WiFi will allow content to be controlled regardless of the device used to connect to the network with imperceptible latency.
WebTitan Cloud for WiFi is simple to use but is a feature-rich solution with application controls, highly granular filtering, transparent and full proxy server options, SSL/HTTPS inspection, and AD/LDAP/NetIQ integration, and a full suite of APIs that allow the solution to be integrated with systems.
MSPs benefit from a range of features such as multiple hosting options, either in the TitanHQ Cloud, as a dedicated private cloud, or within an MSP’s own data center. The solution integrates with other security solutions and billing, auto-provisioning, and monitoring systems through APIs, and accommodates often fluctuating seat numbers, with monthly billing also offered and the solution available as a white-label ready to take an MSP’s branding.
All of these features and benefits come at a very competitive price, which is why so many businesses have switched from expensive WiFi filtering solutions such as Cisco Umbrella and have achieved major cost savings while improving usability and reporting.
Some of the main advantages of WebTitan Cloud for WiFi are detailed below:
- Control website content for all WiFi hotspots via an intuitive central administration panel.
- Our DNS-based web filter has no impact on Internet speed.
- Easy configuration with minimal management overhead.
- Highly granular controls put the hotspot operator in total control of permitted website content.
- Links to Active Directory /LDAP and NetIQ allowing access rights to be set for different user groups.
- Content can be blocked by URL, file type, keywords, website categories, or website score.
- Real-time updates for malicious websites, categories, and keyword filters.
- Malicious URL blocking and phishing protection enhance online security.
- Internet access logs are maintained with a full reporting suite and instant alerts.
- Can be configured to reduce bandwidth waste and abuse.
- Available in white-label format for resellers, and can be hosted within a client’s infrastructure.
Show You Care with a Web Content Filter for Guest WiFi
Contact our sales team today with any questions you may have about filtering your public WiFi service with WebTitan Cloud for WiFi. Our experienced and friendly sales engineers will be able to guide you through the implementation and management of our web content filter for guest WiFi, and even offer you a free trial to test our product for yourself.
If you decide to proceed with our filtering service after your free trial (or your customers demand that you do), several inexpensive subscription options are available for you to choose from. There are no upfront fees to pay. Show your customers you care about their Internet security and safety, and call WebTitan today.
US Sales +1 813 200 9460
UK/EU Sales +44 (0)247 699 3641
IRL +353 91 54 55 00
or email us at info@webtitan.com
FAQs
What can be used to allow visitor mobile devices to connect to a wireless network and restrict access of those devices to only the Internet?
You should create a separate guest WiFi network on your router with a different SSID or network name to keep guests away from your business network. That means they will not be able to access network printers, NAS drives, and shared files, and will only have Internet access. You should also apply WiFi filtering controls to the guest WiFi network.
What web content should I block on my guest WiFi network?
WIFI filtering should be applied to your guest WiFi network to restrict the activities of users. You should block access to illegal material and hacking websites, inappropriate content such as pornography, and should consider placing restrictions on bandwidth usage. You should also monitor guest WiFi usage and the sites that are being visited, but make sure you advise guest users that connections are being monitored.
What happens when a WIFI filter blocks an attempt to visit a malicious URL or blocked website category?
When users try to visit a prohibited URL, they will be directed to a local block page which will inform them why the request to visit that web page has been denied and the attempt to access the prohibited web page will be logged. The local block page can be customized by the WebTitan administrator and notification can be configured to advise the administrator of attempts to access prohibited content.
Should I enable SSL inspection for WIFI filtering?
SSL/TLS inspection or HTTPS interception involves intercepting SSL/TLS encrypted internet communications between the browser and the web server and inspecting the content to determine if it is malicious or otherwise violates web filtering policies. You should enable SSL inspection on your WIFI filtering solution, otherwise you will have no visibility into HTTPS traffic.
What is Friendly WiFi?
Friendly WiFi is a government-initiated safe certification standard for public WiFi. Businesses displaying the Friendly WiFi sign meet minimum standards for filtering the Internet and ensure that users of the WiFi network cannot access pornography and images and videos of explicit content.
