We are setting up an open-access wi-fi system in our public areas - to allow internet access only.
Bearing in mind the risks arising from misuse (i.e. legal issues, and use of bandwidth), what minimum safeguards should be adopted?
I'm guessing Andy that you have systems in place to restrict what your staff can and can't access on the internet.
If you are planning on opening up a wi-fi hotspot for general public use, then as a minimum you should put the same restrictions in place for your wi-fi hotspot that you have in place for your staff. You may want to make the wi-fi hotspot more restrictive as to what websites the general public can access.
All internet traffic operates on specific port numbers. For example, normal web traffic operates on port 80 and secure web traffic operates on port 443. Only opening up the common ports (HTTP, HTTPS, SMTP, POP, IMAP, PPTP, IPSEC etc) will help minimise what your wi-fi hotspot can be used for.
Limiting the available network bandwidth allocated to your wi-fi hotspot will also help. Granting the wi-fi hotspot a maximum of 1mb of bandwidth will allow any users to carry out most things.
My comments above are only the tip of the iceburg on this as there are many other things you might want to consider before opening up the wi-fi hotspot.