> For the complete documentation index, see [llms.txt](https://xnet-mobile.gitbook.io/xnet-mobile-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://xnet-mobile.gitbook.io/xnet-mobile-docs/deploy-connect-earn/how-xnet-works/network-security.md).

# Network Security

## How secure is the XNET Mobile Network?

**The XNET neutral-host network is significantly more secure than any publicly accessible WiFi network—and here’s why:**

*XNET runs on its own independent network, totally separate from any internal systems at deployment locations.*

* **Same Security Trusted by AT\&T, T-Mobile, and Verizon**\
  XNET uses the same security standards as mobile networks (MNOs and MVNOs). Users connect automatically via their carrier using WPA2/WPA3 encryption—no manual logins or setup required.
* **No Shared Passwords = Safer Network**\
  There are no passwords to give out, and no sketchy captive portals collecting user data. Every connection is verified seamlessly through SIM-based credentials or a secure carrier-issued certificate.
* **Devices Can’t Spy on Each Other**\
  XNET uses **client isolation** to ensure devices on the same access point can’t see, access, or interfere with one another—preventing malware spread, snooping, or hacks.
* **Nobody Can Touch Your Internal Systems**\
  XNET runs completely separate from your business internet. Guests using the XNET network cannot access your internal WiFi, POS systems, employee devices, or any backend infrastructure.
* **Malicious Behavior Is Traceable**\
  Because users authenticate through their carrier, **every session** is tied to a verified identity. If a bad actor attempts anything, their actions can be logged, traced, and addressed.

#### **Your networks stay secure. Patrons stay connected. Everyone wins.**<br>

## Passpoint 2.0 with Carrier Integration

XNET uses Passpoint 2.0 technology and standards allowing devices to connect securely and automatically using carrier-issued SIM credentials or digital certificates. It’s the same technology used in roaming agreements between mobile operators.

* **Encryption:** Enterprise-grade WPA2/WPA3 encryption ensures all data between the device and access point is protected.
* **Authentication:**
  * XNET employs the **IEEE 802.1X** authentication framework.
    * **EAP-SIM/AKA:** SIM-based authentication for mobile devices.
    * **EAP-TLS/TTLS:** Certificate-based authentication for high-assurance, mutual trust connections.

## Network Isolation by Design

XNET Access Points are logically and physically siloed from any internal onsite networks.

* VLANs and SSID Separation: XNET operates in a dedicated VLAN and SSID, isolated from private or operational LANs.
* No Cross-Network Access: Devices on the XNET SSID cannot see or interact with internal business systems, such as POS terminals, employee devices, inventory databases or any private LAN resources.
* No Lateral Movement: Client isolation ensures that users on the same XNET network cannot communicate or interfere with each other.

## Traceable and Accountable Connections

* All user sessions are logged and tied to verified mobile identities via SIM, MAC address, or payment method.
* In the event of malicious behavior, activity can be traced and addressed in partnership with the carrier.

### Bottom Line

*XNET is not public WiFi. It’s an enterprise-grade network layer built for carrier offload with real-world performance and complete separation from any internal business infrastructures.*

<br>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://xnet-mobile.gitbook.io/xnet-mobile-docs/deploy-connect-earn/how-xnet-works/network-security.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.