WiFi is so essential in our everyday lives that it has become a requirement to get work done, whether it’s at the enterprise level with a large amount of users and endpoints or at the home level with just a few endpoints and users. These markets have been addressed by many different companies, but one of the main faces of WiFi services is Cisco. Cisco made it’s name with large routers for government and service providers, but with the purchase of Meraki they are making a strong play for smaller markets like personal to mid-sized business routers.
Good WiFi security for endpoints is not as common as you might think. One frequently seen approach is a shared passphrase that grants access to your network. While this may be easy to implement, it is difficult to maintain. When employees are offboarded this passphrase should be updated each time to ensure that no one has access that shouldn’t. This is a hassle for both IT and the end users. Even worse, it isn’t highly secure.
Better Wireless Network Security with RADIUS
The most common way to significantly step up your WiFi network security is with a RADIUS server. This is a popular approach (see this forum post) and there are the many benefits to implementing a RADIUS server:
- Improving the reporting and tracking based on client usernames.
- Allowing the ability to direct groups to a specific user profile with different restrictions.
- Having sessions with the Internet be uniquely encrypted between the user and WAP. This prevents users on the same SSID from spying on the connection due to their unique encryption key.
- Easy de-authorization of users by allowing the ability to revoke a person’s access without needing all other users to re-join with a different access key.
- Assigning permissions like firewall policies, VLAN, QoS settings, etc.
- Having user profiles dynamically be assigned to users from their identity.
The Hosted FreeRADIUS Solution
Connecting to a RADIUS server is not a new idea. This has traditionally been done through the FreeRADIUS tool, which has become one of the most popular RADIUS servers.
With FreeRADIUS, encryption keys get provisioned uniquely for each user each session. Users just need to authenticate with their credentials, and they are given a key to communicate with. Then they must authenticate the network before providing these credentials to ensure that the network is real.
This process increases network security significantly. However, it does still come with difficulties for IT admins, in the form of integrating and maintaining the servers in your system. Additionally, it is another location of user identities that needs to be managed.
This is where JumpCloud’s RADIUS-as-a-Service can help. With our cloud-based directory’s managed IT services, you can have all of the benefits of a FreeRADIUS server without all of technical hassles. Essentially, it amounts to hosted FreeRADIUS.
Cisco Meraki and RADIUS-as-a-Service
JumpCloud’s RADIUS-as-a-Service is able to make the security benefits from FreeRADIUS easy to acquire. When combined with Cisco Meraki’s WAPs that are optimized to integrate with RADIUS, you can have quick access to strong network security. Plus, when the RADIUS server is connected to the cloud directory service, all of the user credentials can be checked by the directory server centralizing the process.
RADIUS-as-a-Service has FreeRADIUS embedded into its infrastructure, allowing IT admins to only need to direct their WiFi access points (WAPs) to the FreeRADIUS server in the cloud. An added bonus is that the unified cloud directory houses all of the user identities, so end users can employ their already established credentials to connect to the network.
Employing JumpCloud’s RADIUS management server simplifies the whole process by having us do all of the heavy lifting. If you would like to learn more about how Cisco Meraki can function with our cloud-based directory, drop us a note. Alternatively, you can sign up for a free account of our Directory-as-a-Service platform and try it out for yourself. Your first 10 users are free forever.