By Ryan Squires Posted February 15, 2019
Why secure WiFi? Resulting from the IT network’s move from wired ethernet connections to WiFi, many IT admins and MSPs have been uneasy about security. The tradeoff between security and convenience has been no more apparent than in this shift from wired to WiFi network connections. WiFi presents IT admins with a great deal of convenience, but it does come with some baggage. Consistent, practical fears over WiFi security still exist within the minds of IT admins, tainting the convenience factor. Because of those concerns, this article will discuss answers to the question of “why secure WiFi” while also providing workable advice on how to do it.
Security via Proximity
An inherent benefit of wired networks is physical security. Generally speaking, users on a given network had to be both inside the building and have the equipment required to connect to a wired network drop. Of course, physical security wasn’t fail safe, but it did make the need to have port-level security far less important. At most organizations, an attacker could connect to a wired port and gain the ability to see the network, though they couldn’t necessarily authenticate to any services. For some hackers, that was good enough, and they were able to compromise an organization. But unless attackers were physically located within proximity of a wired access point, the perception was that the network was relatively secure.
Challenges Presented by WiFi
As a result of the move from wired to wireless connections, it is easy to see that the concept of physical security went away. Now, a hacker didn’t need to connect to a network drop, s/he could simply sit on the other side of a wall and easily pick up the WiFi signal. Couple this security dilemma with the fact that the security mechanisms employed to protect networks are largely based on shared SSID and passphrases, a hacker could just as easily stroll into an office, sit in the lobby, and learn the WiFi passcode.
Once on the WiFi network, similar to a wired network, an attacker could see all the resources connected to the network and start to attack weaknesses potentially compromising the organization. A scenario as such is particularly troubling when you consider that some organizations simply treat their WiFi network as an internet cafe, not caring about who can access it and what they can do. With an approach to WiFi security like that, the risk of compromise is incredibly high. And if this sort of methodology to WiFi security is being employed, organizations in this position are banking on the rest of their security infrastructure being flawless, which may very well be true, but that’s a significant assumption.
How Orgs are Working to Secure WiFi
A lot of organizations are not comfortable with assumptions over WiFi security, so they’re implementing tools like RADIUS that require each user to uniquely authenticate to the network. While conceptually a simple step, it ensures that only those with rightful access are on the network. Some organizations will take this one step further by segmenting their network so that personnel without a need to access critical resources are on a seperate part of the network from those that do need access to it. Network segmentation ensures that a compromised system from a sales person, for example, will not get mixed in with the production infrastructure that maintains credit card data. The WiFi network is the conduit to an organization’s most critical data, so securing it is critical.
One way that organizations are doing so is with a solution called JumpCloud® Directory-as-a-Service®. JumpCloud utilizes cloud-based RADIUS servers so that each user inputs their own unique set of credentials to gain access to the WiFi network. If you’re aiming to go one step further, JumpCloud also empowers IT admins to segment the network on a granular level with per-user VLAN tagging. Or, if you want to segment entire departments, IT admins can segment the network into groups so that only those assigned to a particular network segment can in fact access it.
Secure WiFi with JumpCloud
Ready to answer, “Why secure WiFi” with “It is secured!” sign up for a JumpCloud account today. JumpCloud enables IT admins to manage up to 10 users for free, simply by signing up. Once you’ve signed up, check out our Knowledge Base to help you get the most of your account. Questions? Be sure to contact one of our product experts or schedule a demo.