By Ryan Squires Posted August 17, 2018
Many people take WiFi for granted due to its ubiquity, but that doesn’t change the fact that it is one of the most wide reaching innovations of the modern era. The convenience of connecting wirelessly to a network has had an incredible effect on users, IT admins, and cost. But, in order to access the network, users must authenticate. So, what is the definition of WiFi authentication?
How WiFi Enables Freedom
Untethering from a desk and wirelessly authenticating to the network allows users a boost in collaboration, flexibility, and convenience. With freedom from wires, laptops now allow for users to take their work into the conference room with them for a meeting. IT admins no longer have to hire contractors to pull ethernet cords throughout an entire building and into a server room. WiFi even allowed users to work remotely from anywhere with a signal. Clearly, WiFi has made networking a much more convenient affair for both users and admins. But, convenience often leads to risk.
Before WiFi networks, users connected to the Internet in their offices via wired connections that were managed by a domain controller within Microsoft® Active Directory® (MAD or AD). The domain controller would authenticate users and allows access to specific computer resources, including the network. This setup allowed for proximity-based security. If you could plug in an ethernet cord to your system, you could gain access to the network by leveraging your unique credentials. Credentials were not shared, which leads us to the biggest issue with conventional WiFi authentication.
Shared WiFi Credentials Results in Risk
Wireless networks are often authenticated to via a single shared SSID and password. These credentials usually get passed around via sticky note, email, or word of mouth. Any of these means of communication pose the risk of interception by bad actors. Now, should the IT admin even find out a breach occurred, they have to undergo the annoying and security-deficient task of changing the password and disseminating that information company wide—more passed sticky notes?
Further, WiFi signals broadcast throughout the entire office but spill out into the parking lot, street, and offices above, below, and to the sides. This means that any so-so hacker with an open source program and malicious intent could sit in the parking lot and crack the WEP or WPA security mechanism. These security protocols are considered out of date and do not provide the security of a physical connection to the network. Even WPA2 fell to KRACK and continues to face new security concerns. So, all a hacker needs to do is get within range of the wireless access point (WAP), fire up their laptop, and leverage an open source program to exploit these weaknesses. If you think of your networking security as a castle, WiFi has effectively drained the moat.
IT admins have a tough choice to make: risk security with flimsy WiFi security measures or spend limited IT resources on setting up systems to ensure security. Too often, IT organizations are forced to take the route of decreased security due to time constraints, budget issues, and lack of tooling.
One option for WiFi authentication is to back-end the WiFi infrastructure with LDAP and create a hotel-like experience where users authenticate via a splash page and remain connected to the network for a set amount of time. This option is great for hotels, airports, cafes, and more, but often not as enticing to IT admins with offices of people.
The second option is to stand up a RADIUS server on-prem, connect it to the directory service (an LDAP server or Microsoft Active Directory implementation) and point it at the WAPs. The WAPs talk with the RADIUS server, which then verifies the user’s identity against the directory service. This solution allows users to connect to the network using their own unique credentials. Plus, they’ll be able to remain connected and not have to reauthenticate. No more shared usernames and passwords; hackers would now have to steal individual user credentials. Should these credentials become discovered though, an IT admin would have a much easier time expelling the intruder.
With the rise in security comes a hit to convenience for IT admins, though. IT admins, in this scenario, would now be forced to set up additional infrastructure and devote time to its ongoing maintenance. All of this is neither cheap or easy.
The Third Option for WiFi Authentication, Security
It is clear that shoring up WiFi authentication is crucial to the security of an organization’s network security. And, fortunately, there is a solution that provides security and convenience to both users and IT admins.
The third option is JumpCloud® Directory-as-a-Service®. Cloud-based directory services from JumpCloud leverage both LDAP and RADIUS from the cloud so there is no additional hardware to set up on-prem. All admins have to do is point their WiFi infrastructure to the cloud-based LDAP-as-a-Service or RADIUS-as-a-Service infrastructure and their users will be able to access the network with a single, unique set of credentials. No more juggling passwords for systems, cloud and on-prem file servers, web applications, and SSID/password combinations—JumpCloud DaaS allows for the integration of all these resources into one centralized platform.
Learn More About JumpCloud
Defining WiFi authentication poses many solutions, but only one from the cloud. Give JumpCloud Directory-as-a-Service a try for free today and authenticate up to 10 WiFi users in your office for free, forever. If you’re in need of managing more than 10 users, we offer special pricing on both the LDAP-as-a-Service and RADIUS-as-a-Service protocols. Check out our RADIUS-as-a-Service video below to learn more today, or drop us a note. We’d love to talk to you more about the definition of WiFi authentication.