By Jon Griffin Posted November 30, 2017
As IT admins look to lock down their WiFi infrastructure, many have wondered if it is possible to have virtual WiFi authentication or WiFi authentication from the cloud that is delivered as a service. This has been a solution that many have desired, but for a while there was no offering that could provide it. However, through a new innovative cloud-based directory, virtual WiFi authentication is now available. By leveraging Directory-as-a-Service®, IT organizations get a cloud hosted RADIUS platform that can securely and uniquely authenticate user access to the WiFi network.
WiFi Authentication and Security
WiFi continues to be one of the greatest attack vectors for an IT organization. Historically, WiFi encryption has been known to be weak, creating a possibility for the signal to be hijacked and cracked. In fact, fairly recently there was a major vulnerability discovered in the WPA2 protocol. This KRACK vulnerability required updates for many systems, and reminded many how weak WiFi encryption can be. As a result, it’s important to ensure you are keeping your WiFi authentication as secure as possible.
But there’s another major security vulnerability with WiFi: access has been driven by shared credentials – a single SSID and passphrase for all users. Security-conscious organizations have long moved away from a shared set of WiFi credentials. The best practices approach for WiFi authentication is to authenticate each user with unique credentials. Every individual is given their own unique username and password to authenticate to the network. This greatly reduces the risks that common practices like having shared credentials present. However, this unique authentication practice is not used as commonly as you might think. This is because the process often involves a great deal of work and hardware. IT organizations need to stand up a FreeRADIUS server, connect users to the RADIUS server leveraging a supplicant on the device, and then integrate the identity provider (often Microsoft Active Directory®) to the RADIUS infrastructure.
Once this is all set up, users can authenticate using their unique credentials and the authentication process would traverse the system, requiring IT admins to integrate everything together. While a significant improvement in security, most organizations wouldn’t take this step because of the hassle involved.
Virtual WiFi Authentication Makes it Easy
The good news is that there is a virtual WiFi authentication platform that solves this hassle for IT admins using a cloud hosted RADIUS and directory service. Directory-as-a-Service is an integrated identity provider that includes RADIUS-as-a-Service, so IT admins don’t need to set up and integrate the WiFi authentication process into their infrastructure. They can simply utilize JumpCloud’s cloud RADIUS infrastructure instead. Simply point your WAP to the cloud RADIUS, assign users to the network through JumpCloud’s DaaS platform, and you’re done. Users have unique access to the network, and IT has a easy and hassle free RADIUS server that requires no setup or maintenance.
This is just the tip of the iceberg. Not only does JumpCloud enable virtual WiFi authentication, but it also centralizes identity management for the rest of their IT resources as well. JumpCloud enables admins to manage systems (Windows, Mac, Linux), cloud and on-prem servers (AWS, GCP), web and on-prem applications (LDAP, SAML), physical and virtual storage (Samba and NAS file servers), and more – all through one identity for the end user. The result is ease of access for employees and ease of management for IT.
Learn More About Virtual WiFi Authentication
If you would like to learn more about JumpCloud’s virtual WiFi authentication capabilities, drop us a note. We would be happy to answer any questions that you might have. Alternatively, if you would like to test out the platform for yourself, you can sign up for a free account of the cloud-based directory. Then, you will be able to see the functionality work in your own environment, and make sure that it will work the way you need it to. Your first 10 users are free forever, with no payment or credit card information required. Sign up today!