By Greg Keller Posted July 27, 2016
By now, just about every organization has moved from wired Ethernet connections to wireless. The benefits are enormous: greater employee productivity, less cost, and considerable agility. WiFi is, frankly, a standard that has virtually 100% market share.
While it is easy to quickly deploy a wireless access point and connect it to the Internet, WiFi has proven difficult to secure. And that’s a major problem, because securing WiFi access is a critical part of building a modern IT infrastructure.
Why Your WiFi Is At Risk
Unlike wired networks where each person’s login is unique, WiFi access has historically been through a shared SSID and passphrase. Since the passphrase is handed out to the employees via email or written on a board, it’s hardly a secret. Because employees and guests come and go, the ability to access the network is shared by a large number of people.
That is a real problem.
While it is possible to regularly update the passphrase, it is a hassle for users and quickly becomes public information too. Even if the key is secret, there are open source tools that can easily hack into a WiFi network. Simply put, your WiFi network is not secure.
Securing WiFi While Ensuring Access
The most cost-effective and straightforward method to secure your WiFi is to authenticate each user to your core directory service.
Similar to the logon process with the wired network, a user must enter their credentials to gain access. However, that’s where the similarities end. In the WiFi path, a user must enter their unique credentials into a supplicant just once. That piece of software stores the credentials for the next time that they login. The credentials are securely passed to a RADIUS server which subsequently passes them to the identity provider. The credentials are verified, and the user is allowed onto the WiFi network.
This process ensures that every user has unique access.
Simply knowing the SSID and passphrase will no longer allow a user to gain network access. Further, the credentials that the user enters are the same core credentials used to access their systems and applications.
Can You Really Set It And Forget It?
There are many benefits to this path. Only your authorized users have access to a network regardless of the presence of sensitive data. You don’t need to worry about a hacker gaining access and having visibility to the other machines on the network. In addition, your machines are a layer deeper and harder to compromise. From an employee productivity perspective, you eliminate the need to constantly email the team with changes to the WiFi passphrase. As an IT admin, your WiFi network becomes a little more “set it and forget it” with excellent security. That’s a nice position to be in.
What’s the challenge with this approach? It’s putting all of the components together – RADIUS server, configured RADIUS protocol, identity provider, and arranged supplicants to name a few. While this is a better and more secure path, many IT organizations shy away from this approach due to its overhead. JumpCloud® has developed an all-inclusive Directory-as-a-Service platform featuring a RADIUS-as-a-Service. Simply point your WAP to JumpCloud’s virtual RADIUS server in the cloud, and enter your users in the core, unified cloud directory. Because JumpCloud supports the PEAP protocol, you won’t need to reconfigure laptops and desktops. All of the heavy lifting is done for you and delivered as a service.
Step It Up With Directory-as-a-Service And Cloud RADIUS
If you would like to learn more about how you can step-up your WiFi security through Directory-as-a-Service and cloud RADIUS, drop us a note. You are invited to give it a try – your first 10 users are free forever. Visit our Knowledge Base for instructions on how to set up our platform, or contact our support team for help.