Captive Portals – CompTIA Security+ SY0-401: 1.5

One method of controlling network access is through the use of a captive portal. In this video, you’ll learn how administrators use captive portals to increase the security of the network.

<< Previous Video: Wireless Power and Antenna PlacementNext: Antenna Types >>

Although you may not have heard the term captive portal before, I suspect you’ve experienced one if you’ve ever stayed in a hotel or you’ve used the wireless network at a coffee shop or in a restaurant. A captive portal provides a way to authenticate to a network or at least have you agree to certain terms and conditions. You almost always see this on wireless networks where people are constantly moving in and out of the wireless area, and you want to be assured that the people that are signing on to the wireless network have either agreed to certain terms and conditions, or they provided a certain set of authentication to gain access to that network. This captive portal capability is commonly provided by a wireless management device. It may be provided by a firewall or some other device that’s constantly watching the communication on the wireless network, and if it recognizes someone new, it prevents access to other parts of the network. It effectively hold you captive and provides a portal for you to be able to authenticate.

This captive portal capability usually provides you with a message inside of your browser and prompts you to agree to terms with service or provide username and password information similar to this picture that we have on this slide. It’s commonly asking for a username and password. It may just be asking you to hit the OK button to agree to certain terms. There may also be other authentication factors you can implement. If you’re connecting to this network from the outside, you may be required to put in a pseudo random number from a random number generator, or there may be a certificate, or other types of code you would have to implement as additional factors to provide during the authentication process. Once you provide this authentication information or you click the submit button to agree to certain terms and conditions, you’re allowed access to the network. This access may be determined based on who you are. If you authenticate with and administrators log in, you may have access to a large part of the network. If you’re authenticating as a guest, you may for instance, only have access to the internet. This access may be for a certain duration of time or there may be just constant access based on how long the system sees you active on the network. Eventually, the captive portal has a timeout value that removes that access and if you want to continue on the network, you have to proceed through the captive portal process again.