2

My apartment building is changing internet providers, and the new provider plans to install a network that will have a single SSID for the entire building. Each tenant will be given a unique password that is supposed to make it so each unit is separated on the network from every other unit. For comparison purposes, our old internet provider gave each unit a unique SSID.

One of the "benefits" of the change is that we should be able to access Wi-Fi anywhere in the building without switch from our "home" network to a guest network. However, it seems to me that putting everyone under the same SSID could be a security and privacy issue.

My question is therefore: is it possible to have a single SSID + multiple password network setup where each user is securely isolated from other users, and are there any extra precautions recommended for such a setup?

bigreddmachine
  • 121
  • 2
  • 2
    While it is possible for it to be secured, trusting that it is secured is a different question. I'm not sure you would easily be able to test it legally without getting permission from the provider to play around with it. If you could, attempting something like a port scan to see what other devices are exposed could be a good idea. – KHobbits May 29 '20 at 00:23

2 Answers2

3

Yes, it is possible if you are using 802.1x for authentication. The RADIUS server can specify a VLAN for the user/port. If it is different for each user then the router can have ACLs that prevent inter-VLAN traffic or simply not route between them.

Mark Wagner
  • 18,019
  • 2
  • 32
  • 47
  • 2
    While not concrete method of identification, there is a good chance, that in these situations you would be given different subnet ranges for each VLAN. If I was put in the same situation, I'd likely try connecting two devices on the same credentials, and seeing what IP addresses I was assigned. I would then compare with a different set of credentials. Ideally I would then see if I could ping or communicate with other IP addresses belonging to different credentials. – KHobbits May 29 '20 at 00:26
0

I work at the apartment complex, and they recently upgrade the Wi-Fi infrastructure, it is totally possible for what you are saying, but I think you had to use RADIUS Authentication and did not use the same password for each resident (user) and get into a different VLAN profile for each password that you had to create. And use the firewall rules, how secure? Depends on how the configuration is done though, we never can see the back side of it. At least they're not can communicate with each other, also in my work apartment setup they have a really huge subnet taking forever to scan all the IPs for one user, so sometimes I will see other people's printers...that is when I help in the Resident setup. so you can find out on your own see you can ping other people's IPs and it's really important for you to talk with your property manager to find out. Also, the password must be more secure, otherwise, it's much easier for people to crack the password because it's more users and it will be easy to get one of them.

CRK
  • 1
  • 1