We have a WiFi network that we want to be public and free.
Does having a password that is known to everyone provide any additional security advantage to the people using this network as opposed to just leaving it without a password? i.e. Can a hacker do more damage on a WiFi network that has no password than he can on a network that does have a password that the hacker knows?
After some discussion with @epeleg in chat, I think I may have a more thorough and (hopefully) clear answer.
TL;DR: The protection afforded to a Wi-Fi network by encryption with a PSK is directly proportional to the complexity of the PSK, and the effort taken to safeguard that PSK. For any environment, this requires striking a careful balance between security and usability.
Lowest Security/Easiest Usability: No encryption.
Highest Security/Hardest Usability: WPA2-AES, high-complexity PSK, MAC address filtering, Wireless Intrusion Detection/Prevention System. Require user & device registration for access to PSK and addition to the MAC filter.
If you intend to provide free WiFi as a service to the community, the balance is probably somewhere in between these - and likely leans toward the former solution. However, even the latter of the above options is very doable if you are willing to put in the effort.
Still, protecting a "free WiFi" network by any means doesn't so much prevent attacks outright as it does make them more difficult.
Encrypting network traffic on the WiFi connection is always more secure than sending the traffic in the clear. While not impossible, it is very difficult and time-consuming for an outsider to translate WPA2-encrypted traffic into cleartext. However, most encrypted SOHO and "Free WiFi" networks must rely on a passcode, or Pre-Shared Key (PSK) to protect the encryption mechanism.
The amount of protection offered by implementing a password in any system will always vary in direct proportion to the password complexity, and the effort taken to protect that password. Wireless networks are no exception.
To try to simply express how this relates to your "Free WiFi" situation, I'll give a few possible configuration scenarios and the benefits/drawbacks of each:
Scenario: Your network is left fully unsecured. Anyone within range of the AP can just hop on and enjoy the free WiFi.
Benefit: This is the easiest for anyone to use and requires practically no administrative overhead.
Drawbacks: This is the most vulnerable network of all. All traffic that does not otherwise use an encryption protocol (such as HTTPS) will be sent in the clear. This network is easy to sniff, spoof, and otherwise manipulate to the benefit of even very inexperienced attackers.
Scenario: Your network is protected with a strong PSK, using WPA2 for authentication and encryption. You have posted the SSID and PSK in a publicly viewable location.
Benefits: The data on your wireless network is encrypted, and nobody can read the data or connect to your wireless network without the PSK. This network is also fairly easy for the end-user to join, and requires little to no administrative overhead.
Drawbacks: Having the PSK publicly accessible in this manner makes it trivial for anyone within range of the network to just grab it and hop on. Attackers will not likely be much deterred by this method.
Scenario: Your network is protected with a strong PSK, using WPA2 for authentication and encryption. You have posted advertisement of the Free WiFi service in a publicly viewable location, which includes contact information for potential users to obtain the password.
Benefits: The data on your wireless network is encrypted, and nobody can read the data or connect to your wireless network without the PSK. With this method, you have personal contact to one degree or another with every user - this helps to somewhat disenchant them of their sense of anonymity on your network. This may help deter some would-be attackers who would rather move on to a less secure network, than go to the trouble of contacting someone for your PSK.
Drawbacks: This requires that someone is available within a reasonable amount of time (include the timeframe in your advertisement) either via phone or e-mail to give users login credentials. Users may also circumvent this measure by simply passing the PSK peer-to-peer.
Scenario: Your network is protected with a strong PSK, using WPA2 for authentication and encryption. You have posted advertisement of the Free WiFi service in a publicly viewable location, which includes contact information for potential users to request access. You have also implemented a user and device registration process which includes an Acceptable Use Policy, contact information for registered users, and MAC addresses for all devices. You have also implemented MAC address filtering on the AP, and monitoring/logging services on the network.
Benefits: The data on your wireless network is encrypted, and nobody can read the data on your wireless network without the PSK. Nobody can connect to the wireless network without both the PSK and a registered MAC address. With this method, you have the ability to see if/when your network is being inappropriately used and by whom. You also now have an agreement in place which informs your users that inappropriate use will not be tolerated, and which may absolve you of some legal responsibility if such use occurs.* Potential attackers would much rather find an easier victim than go through such a thorough process, especially when they read the clause of the AUP that mentions monitoring is in use. Users will not easily be able to circumvent the device registration by simply passing along the PSK. You can also revoke a user's access if necessary, by de-registering their MAC address(es) and/or changing to (and distributing via registered user contact info) a new PSK.
Drawbacks: Of all these scenarios, this requires the most administrative work. This will require that someone is available within a reasonable timeframe to perform the complete user registration process - gathering personal information, gathering device information (helping users who don't know how - and most probably won't), archiving the paperwork, and registering new devices with the network. To be fully effective, it will also require that the logs be checked on a regular basis for suspicious activity and/or having some form of IDS/IPS in place. Attackers who obtain the PSK will easily be able to spoof the MAC addresses of other registered devices to either bypass the device filter, or pose as that device's user on the network.
In all scenarios, there are a few things that should be kept in mind:
By providing unconditional Free WiFi, there is always the possibility that you may be allowing a malicious user onto your network regardless of what registration or PSK distribution process you put in place.
For all PSK-secured WiFi systems currently existing (WEP, WPA, WPA2) there are known attack vectors that allow an authenticated user to sniff the traffic of other users on the network as if it were in the clear. (Provided, of course, that the traffic is not encrypted by other means such as HTTPS.)
Make sure the administration interfaces of all your network equipment are protected by strong, non-default passwords which are not similar to any PSKs you distribute.
Depending on your local jurisdiction, you may be held liable for the actions of those who use your WiFi network.*
Your contract with your ISP may not allow promiscuous sharing of your Internet connection.
Lastly, to address your final query:
Can a hacker do more damage on a wifi network that has no password then he can on a network that does have a password that the hacker knows ?
When it comes to unconditionally Free WiFi networks, it's not so much a matter of how much damage the attacker can do as it is how easily he can do it. I hope I've clearly addressed the latter, above.
*I am not a lawyer, and this is not legal advice.
If you will be having regular contact with all the potential users of your WiFi network, having a password is not a bad idea. It's not so much a matter of the amount of damage a hacker can do to the unprotected network vs. the protected network in this case, as it is a matter of how easily he can do it.
Although anyone may be able to get the password via whatever free mechanism you set up, it still acts as another barrier and deterrent to drive-by attacks. By applying WPA2 encryption as well, it also means that your clients' traffic will not be easily sniff-able even by those who do have the key. (There are known attack vectors for this, but it's much easier to sniff traffic in the clear.)
As a side-note, do make sure that your WiFi router's administration interface is also protected by a strong password which is different from the one you're handing out. And, if possible, try to segment your environment so that any systems with valuable information are separated from the network that is hosting free WiFi.
I disagree with Iszi.
Each point is only valid in the context where there is a separation between those permitted to use the network and those who are not permitted to do so. In the absence of that predicate, Iszi provides no justification for using a password.
If you want to provide free WiFi - great - but do think about what is the worst thing which can happen.
Note that these problems exists regardless of whether you restrict access to a small group of identified individuals using a shared password, or if you provide open access - so of itself is no reason to use a password.
On dd-wrt, there is an option to prevent wireless nodes from talking to one another. Traffic can only go from the TabletPC to the router to the internet. So not even two authorized wireless nodes can share files directly. This makes the WLAN more "switch like" than "hub like." Have no idea if this WLAN isolation is subject to flooding to make the switch into a HUB by overflowing ARP tables or other methods to defeat the ethernet isolation that a switch provides.
Another poster on this site for another question said that WPA2-PSK with AES can add randomization such that even though all users use the same PSK, it should not be possible to unencrypt another's traffic. i would like to get confirmation because http://wiki.wireshark.org/HowToDecrypt802.11 clearly indicates WPA2-PSK is easily sniffed when the packet capturer knows the PSK.
Doesn't setting up dd-wrt with hotspot and radius give each user their own passphrase on the LAN.
this helps to somewhat disenchant them of their sense of anonymity on your network
They may not feel anonymous, but they are anonymous (inside the set of people that asked you the passphrase - if the set consists of 1 person, the anonymity is limited).
Additionally, if you decided to implement some form of user/device accountability, it makes it harder for an attacker to work anonymously
How do you do such a thing on a PSK VPN?
Short answer: you can't. That is the whole is of a P*S*K: it's shared, so you cannot tell who is doing what.
Also, any of these people can now set-up a rogue AP to easily spy on others or even add hostile payload to any http: site they visit. They could download software on some "official" site and get a virus. They could believe they got that virus from your wireless.
