Wayru Hotspots (WayruOS) are capable of deploying three distinct networks—each designed for different use cases and secured with tailored features. In this article, we explain the differences among these networks and detail the security measures that protect your data.
Types of Networks
Wayru WiFi
Use Case: Public WiFi similar to those in coffee shops or airports.
User Connection: Clients connect via a captive portal.
Security Note: Since it’s an open network, clients must agree to the Terms of Service. This agreement limits the liability of the host network should any illegal activity occur.
Wayru Mobile
Use Case: A secure mobile network designed for seamless connectivity.
User Connection: Clients connect by configuring Passpoint profile via the Wayru WiFi app (Passpoint 2.0).
Security Note: Authentication is certificate-based—each authorized device presents a certificate rather than using a password.
Wayru Operators
Use Case: A private network reserved for operators and administrators.
User Connection: Access is restricted with a password, ensuring that only authorized personnel can connect.
Security Note: This network uses strict password protection alongside other network isolation features to safeguard administrative communications.
Key Security Measures
Encryption Protocols:
Wayru leverages robust encryption standards such as WPA2/WPA3 to protect Wi-Fi traffic and uses TLS to encrypt the authentication exchange between the client and the server. Together, these protocols keep all credentials and authentication processes confidential and tamper-resistant.
VLAN Segmentation:
Virtual LANs (VLANs) are used to effectively segment and isolate network traffic. This prevents unauthorized access to sensitive data and reduces the potential impact of any security breaches.
Regular Firmware Updates:
The underlying firmware (powered by OpenWrt) is regularly updated. This proactive approach ensures that vulnerabilities are quickly addressed, and security patches are applied promptly.
Transparency and Vulnerability Management:
OpenWrt’s open-source nature provides transparency, allowing for swift detection and remediation of potential vulnerabilities.
Comprehensive Monitoring:
A robust monitoring system is in place to detect and respond to any unusual network behavior. This helps safeguard user data and maintain the integrity of the network.
Passpoint Authentication:
Specifically for the Wayru Mobile network, Passpoint 2.0 is used for authentication. Instead of relying on passwords, each device must present a certificate—making it virtually immune to brute-force attacks.
Comparative Overview
Feature | Wayru Mobile | Wayru WiFi | Wayru Operators |
Protocol | WPA2/WPA3 (with Passpoint) | Open Network (Captive Portal) | WPA2 |
Mode | Access Point (AP) | Access Point (AP) | Access Point (AP) |
Authentication | Certificate (Passpoint) | Captive Portal (Terms of Service) | Password |
Client Isolation | ✔️ | ✔️ | ✔️ |
Reject WAN Traffic | ✔️ | ✔️ | ✔️ |
LAN Block | ✔️ | ✔️ | ✔️ |
Note: Although the public Wayru WiFi network is open, additional measures (such as client isolation and traffic filtering) have been deployed to protect both users and network builders.
Wayru Hotspots are designed with multiple layers of security to cater to different use cases. Whether you’re connecting via the public Wayru WiFi, the secure Wayru Mobile network, or managing a Wayru Operators network, you can trust that strong encryption, robust authentication methods, regular updates, and comprehensive monitoring are all in place to protect your data. By leveraging industry-leading platforms like OpenWisp, OpenRoaming, and Passpoint, Wayru maintains a high standard of security while providing flexible connectivity options.