By Rajat Bhargava Posted February 23, 2016
WiFi networks are the new norm in practically every industry, large and small. The days of users connecting their devices to wired networks are in the past. Most new laptops aren’t even being manufactured with Ethernet adaptors anymore. While the benefit of WiFi networks are clear– greater agility, productivity, and flexibility– there are significant drawbacks to security on a WiFi network. Solving these WiFi security issues is a core task of any IT department. The current challenge for admins is to find a solution that is not time-consuming and tedious. New SaaS WiFi authentication solutions are solving the problem and assisting IT in streamlining all necessary security processes.
WiFi’s Fragile Security
As WiFi networks have been emerging, the only security that was available was an SSID and a passphrase. Each user would have to know the combination so they could safely log on to the WiFi network. The user’s computer would send the SSID and passphrase to the wireless access point in order to authenticate via an encryption standard called WEP or WPA. Both of these protocols have largely been considered insecure and outdated by current security standards. In fact, a hacker sitting in the parking lot can use open source tools to crack most WiFi networks. While WiFi networks change the productivity dynamic for organizations, they also introduced a major, new security flaw.
WiFi Security Fixes with Shortcomings
Companies have options with which to solve this problem in one of two ways. The first approach is to back-end the WiFi infrastructure with LDAP. In this case, users are presented with a “hotel-like” WiFi experience where a splash page is presented to them for login. The user then enters their credentials and they are logged in for a specified period of time. Once the time period expires, the user is required to login again. The second method is to leverage an intermediate RADIUS server to connect to the core user directory service within the organization. The WAPs communicate to RADIUS servers which, in turn, connect them to the directory service. The benefit of this second approach is that it is often more secure and the user isn’t presented with the necessity of re-signing in after their session has expired. Users enter their credentials once and they aren’t re-prompted, making the user experience much more smooth and efficient for the end user. The challenge with both of these approaches is that they require additional infrastructure, time to configure, and on-going maintenance.
A Different Approach
JumpCloud’s Directory-as-a-Service platform has incorporated both LDAP-as-a-Service and RADIUS-as-a-Service functionality for IT organizations. IT admins simply point their WiFi infrastructure to the cloud- based LDAP service or cloud-based RADIUS infrastructure. There are no servers to maintain, no software to install and upgrade, and no on-going support of the architecture. The SaaS-based WiFi authentication provider handles all of the tedium for them. Users have a seamless login experience and the organization ensures that users accessing the network must have their credentials in order. Simply hacking the SSID and passphrase won’t work for any would-be intruders attempting to access the network. This is a major step-up in upgrading security for the organization. And, an SaaS-based WiFi authorization solution leaves the the hard work to the provider and not the IT organizations.
If you would like to learn more about how you can step-up your WiFi security through JumpCloud’s SaaS-based WiFi authentication solution, drop us a note. We’d be happy to discuss it with you. Or, feel free to give JumpCloud’s Directory-as-a-Service (with full LDAP and RADIUS support) a try. Your first ten users are free forever..