By Rajat Bhargava Posted February 19, 2016
WiFi networks are known to be vulnerable. They are accessed through a shared SSID and passphrase, and that set of access credentials can be easily distributed and end up in the wrong hands. Once in the wrong hands, access codes can be leveraged to log on to the network in order to compromise an individual’s device or other piece of IT equipment within the network. Even those that leverage WPA security know that it is not a strong enough defense for an organization. So, what can be done? IT admins have been turning to a RADIUS interface for WiFi as a solution to stepping up security.
Would You Care to Unshare Your WiFi?
The answer to shared access to WiFi is to unshare it. How? Make each user’s access to the network unique. Without that unique access, a user is unable to get into the WiFi network. In fact, it makes it much more difficult for a hacker to gain access because not only are the shared credentials required but also the unique ones. The most common method of creating that unique access is to connect your WiFi infrastructure to your user directory. The user directory is the authoritative user store for credentials.
Widening Your WiFi Sphere with RADIUS
To connect the wireless access points (WAPs) to a directory, most IT organizations utilize the RADIUS protocol. RADIUS servers sit as an intermediary between the network infrastructure and the directory. What does this look like? Well, RADIUS servers pass along a user’s credentials to the directory and then return with an answer as to whether they matched. The problem with RADIUS is that it is complex to implement and sustain. There are a number of different possible configurations, along with infrastructure maintenance and management requirements to consider.
Closing the Loop with RADIUS Interface for WiFi
Instead of doing this work themselves, IT admins are turning to SaaS-based RADIUS-as-a-Service platforms. These platforms provide a RADIUS infrastructure and a directory infrastructure. Both of these components simplify the task for IT. The WAPs are pointed to the RADIUS endpoints provided by the RADIUS-as-a-Service platform. Users are entered into the directory services component of the platform. As a result, a user’s central set of credentials is leveraged as their WiFi access as well. This really is a win-win situation. While IT organizations neither have to add a server on-premises nor manage the RADIUS software, access to the network is provided by entering the single set of credentials that the user also leverages for their device and other applications.
The RADIUS-as-a-Service platform is being integrated into the Identity-as-a-Service space. If you would like to learn more about how RADIUS is being utilized as the interface for WiFi and an advanced access control technique, drop us a note. Or, feel free to try JumpCloud’s Directory-as-a-Service platform with integrated cloud-hosted RADIUS functionality.