No, I am not talking about the IT version of a fairy tale but a small networking tool to secure your network: the captive portal
What the hell am I talking about? Captive portals are authentication layers on firewalls. You have to enter your credentials before you can proceed connecting your web. They are mostly used at WLAN hotspots to do the billing.
I am using it here to secure my productive environment against unknown guests from the training network as there are still people in the training network needing access to the productive server.
First of all I start with a basic setup of the pfSense firewall, securing the productive network for blocking access as it is needed by the trainer. To prevent worst things, I do not grant him access to everywhere. You never know… Then I enabled the captive portal at my pfSense box. To use ‘local’ users, they just need to be created. Radius authentication is also avaliable and simple to be configured as you might want to use it in a cooperate environment as your connection to the Active Directory.
If I am now in my training environment and I want to access the productive network, I have to open my browser. As it wants to connect to the internet, I get redirected to the portal page to enter my login credentials. Now if things went right I am authenticated and access is granted from my IP/MAC.