As Reeves points out, some services, including those that distribute illegal content, are now quite adept at hiding behind commonly used ports such as port 80, so firewalls that can look inside the packets themselves. "Canny security people set up firewalls so they can look inside the packets, and figure out what the traffic is," he says.
But simply segregating traffic, or scanning it at the technical level, is not enough to protect a company from possible legal action, nor to protect its bandwidth. According to Quocirca's Longbottom, at the very least companies need to have acceptable usage policies for guest access, wired or wireless.
"For legality's sake, it is always best to give out some T&Cs, on-line, so that you can verify that at least they were put in front of the user," he says.
"Also, if a user were to get a virus from your network, then they may have a case against you, if you gave them express permission to use the network. So, make clear in the T&Cs that it is buyer beware."
