By Rajat Bhargava Posted April 14, 2015
Your network is unique… just like every other network
Chances are, your network’s security is a major priority too. Your network is what provides access to all the resources that are critical to your organization’s success. Some of those assets are confidential — maybe even top secret.
That means that any connections to your network should be well controlled and monitored. But even in this era of cloud infrastructure, where we have access to advanced security, your on-premises network is still the gateway to your cloud-based infrastructure.
Before the advent of the WiFi 802.11 standard, nearly all networks were hard-wired. So physical security was significant protection: if an attacker couldn’t get into your office, he couldn’t access your network. But with WiFi, an attacker can be sitting in a parked car across the street. That means the network has to protect itself.
The technology exists for organizations to make their wireless network secure. But the most common security measures that businesses implement today are lackluster at best.
The Three Primary Ways that Most People Protect their Network:
- Leaving the WiFi access open, but requiring a VPN connection to access anything important
- Protecting the WiFi network with a single password or passphrase
- Protecting the WiFi network on a per user basis
Option #1: Open WiFi Access with Additional VPN
This approach can work. It is actually possible to provide per-user controls on access through the VPN.
But unless you intend to allow the public to access the unprotected part of your network (perhaps for free Internet access), there’s no sense in giving up your bandwidth needlessly and creating the chance for someone to be inside of your network.
Option #2: WiFi Network with Single Passphrase
#2 is the method that most home networks and small businesses use for network access controls. It works well in situations where the list of people accessing the network is fairly stable and there’s little to no reason to share a network password with others. It has the benefit of being resistant to attackers, while not being overly cumbersome to manage with a small user population.
Unfortunately, all it takes is one person giving out your WiFi password for your network security to be totally compromised. So the number of people who can be supported using this method is small.
Option #3: Wifi Access on a Per User Basis
Per user controls are by far the most secure. Unlike with options #1 and #2, adding per-user controls allows you to remove access for a specific user. This can be integral to your network’s security in the event of an employee termination, especially in sensitive situations.
Without this capacity, terminating an employee will force you to change your pass key. That means you must then require all your users to reset their WiFi password, which can be incredibly disruptive.
Isn’t There a Better Way to Secure Wireless Networks?
IT Admins know that the three approaches to securing WiFi networks above are insecure and potentially disruptive to efficient workflow. Still, organizations go years without making an improvement.
The reason? Setting up a directory with RADIUS authentication and configuring everything required to make it work is a difficult undertaking. It simply isn’t worth the effort and maintenance for most businesses.
Fortunately this is the era of Directory-as-a-Service, so the integration process is streamlined by outsourcing to a separate company that specializes in directory services. Organizations that implement a DaaS solution can trust in the security of the information on their networks and are granted centralized control over user access.
JumpCloud is one of these DaaS providers leading the charge. We understand that each network is unique and that there’s nothing more important than security. If you would like to learn more about how Directory-as-a-Service can help lock down your unique network, drop us a line. Or, check out our cloud-based directory platform for yourself. Your first 10 users are free forever.