Tuesday, August 31, 2021

Are you using Opportunistic Wireless Encryption, also referred to as Enhanced Open for your Guest Networks?

Hi all,

I've been spending some time testing and researching wireless deployments and I came across the topic of Opportunistic Wireless Encryption (OWE). There is a WiFi Alliance Certified standard called " Enhanced Open" that is built on OWE. For anyone unfamiliar, this is a method of encrypting wireless traffic without requiring a PSK, which makes it ideal for Guest networks. You don't have to provide a Pre-Shared key to your clients and yet they still have the benefit of encrypted traffic between the clients and the APs. The purpose is to seamlessly encrypt traffic from the client to the AP. One downside is that there is no access control to the network inherent in Enhanced Open. This can be combined with a captive portal to limit access to the network.

This certification plan for Open Enhanced was announced back in 2018 but, I've only learned about this in the last few months. I wanted to get a sense of where the rest of the industry stands on this feature.

  • Were you familiar with Open Enhanced before reading this post?
  • Do you currently utilize Open Enhanced/OWE to add an additional layer of security to your guest networks?
  • How would you prioritize this feature when considering vendors for a new WiFi deployment?
  • Are there other ways of securing guest networks that should be considered instead of OWE and is that in response to meeting certain security requirements, ease of implementation, or some other reason.

Thanks for taking the time to read and respond to this. If you disagree with my interpretation of OWE/Enhanced open, feel free to light me up in the comments section. I don't want to participate in spreading misinformation!



No comments:

Post a Comment