Advanced Access Control for WiFi

Written by Greg Keller on February 24, 2016

Share This Article

WiFi networks are the new normal. What used to be wired Ethernet connections are now wireless. Most new laptops and devices don’t even have wired connections. The benefit of wired networks, though, was the ability to control access. A user would have to be on-site in order to plug into the network. That’s not the case with wireless networks. They spread their signal across a large area, thus enabling those who shouldn’t have access to see the network. This presents a significant security risk and is being solved by advanced access control for WiFi.

WiFi Connection is a Two-Sided Story

wifi access control

WiFi networks are made up of wireless access points (WAPs) that sit across an organization’s physical infrastructure. WAPs connect wirelessly to endpoint devices on one side, and they have a wired connection to a switch or router to the Internet on the other side. Most WiFi networks only require an SSID and passphrase to connect. That WiFi access combination is conveyed to the user population via word of mouth, emails, or some other form of written communication. WiFi credentials are easy to obtain and not unique. As a result, it is simple for hackers to figure out a way into the network. IT admins recognize this, and they fully understand that it is a top security risk.

Core Directory Services Pens a New Chapter

There is a simple approach to solving the issue: connect the wireless infrastructure to the core directory services. That way, every user would be required to uniquely authenticate into the network. What’s the biggest challenge with this approach? The implementation. It is complex to setup, configure, and maintain. It requires the installation of a RADIUS server as well as the configuration of that server with the WAP, the directory services, and each endpoint. For busy IT folks, that is a painful setup and one that often goes undone.

RADIUS Speaks Volumes on Advanced Access Control for WiFi

What is RADIUS

RADIUS-as-a-Service solutions are taking the heavy lifting out of this task and providing significant security benefits. A RADIUS server that is completely set up, maintained, and readily available is provided in the cloud for organizations. WAPs are simply pointed to the cloud-hosted RADIUS server. The RADIUS server connects with an on-board directory to validate credentials. Endpoints can be easily configured to leverage RADIUS through a policy. IT organizations avoid the work of implementing and managing a RADIUS system. The benefit? Every user uniquely accesses the WiFi network. A simple SSID and passphrase is no longer enough to gain access. Now, a hacker needs to not only gain access to the WiFi network credentials but also the user’s credentials. That’s a major advancement in security.

If you would like to learn more about advanced access control techniques for your WiFi infrastructure, drop us a note. Or feel free to try out the JumpCloud® Directory-as-a-Service® platform, which includes the RADIUS-as-a-Service functionality. Your first 10 users are free forever.

Continue Learning with our Newsletter