By Zach DeMeyer Posted February 24, 2019
With the shift to WiFi from wired networks, many IT admins have still been struggling with how to execute on network-based security. In this post, we’ll discuss some approaches to network security, and specifically, why WiFi security matters.
Network Security Through the Years
Historically, the wired network has been secured by a number of security elements. With so many critical components on the LAN, from applications to file servers, strong network security was at the top of many an admin’s to-do list. So, IT admins made sure that there were multiple layers of security, from the network to systems and beyond. This perimeter approach to security was much like a castle, surrounded by walls and a moat to keep bad actors away.
As more IT resources started to shift to the cloud and WiFi replaced wired networks, the belief emerged that perhaps the traditional network security layers aren’t as effective anymore. While it is true that many critical IT resources such as servers, applications, and file servers have shifted away from the internal network, that doesn’t mean that the on-prem network is less important and doesn’t need as much security focus.
Additionally, as the modern era has progressed, organizations have found that not all bad actors exist outside of the network. Users with nefarious intent can wheedle their way into the network via backdoors and stolen credentials or can even be a part of the organization already. Even an organization with the strongest perimeter security can fall prey to these breaches. This source of weakness has spurred the concept of zero trust security, where everyone is considered untrustworthy, moving the base of security to the endpoint.
The truth is that the endpoints on the network are a conduit to all of the IT resources on the network and in the cloud, and need to be protected. Ensuring that your WiFi network is secure from hackers is critical because of the potential to access those endpoints. Ideally, endpoints are protected and, if possible, segmented into defined sections on the network. This can be accomplished via VLAN tagging. These types of security approaches ensure that the network helps prevent breaches and control infections.
A compromised endpoint can lead to compromised servers, applications, files, and more. In fact, the right compromised endpoint can lead to an attacker gaining access to the critical digital assets for an organization. Protecting endpoints is not just critical for endpoint security, but WiFi security as well, and IT admins know that a shared SSID and passphrase is not enough.
WiFi Security Through RADIUS-as-a-Service
The good news is that WiFi security doesn’t need to be hard or difficult to implement. Traditionally, networks have been protected by physical access, as well as tools such as firewalls and intrusion detection/prevention systems. With WiFi networks, unfortunately, there is no physical security because the signal can permeate out to parking lots, surrounding offices, and floors above and below. The result is that shared access is not good enough because you cannot count on physical network security.
The best IT organizations and MSPs are implementing WiFi security with RADIUS, specifically with RADIUS-as-a-Service. Each user must login uniquely with their core credentials. This approach ensures that only the right users are on the network and that even if the shared credentials have been compromised, they aren’t enough to join the network. With RADIUS-as-a-Service, IT organizations and MSPs can segment the network through VLANs to control what IT resources users have access to. These critical steps are game changing for WiFi security and can help ensure a secure network.
If you are still unsure why WiFi security matters, please contact us to learn more. If you’ve already been convinced and would like to try RADIUS-as-a-Service today, you can, absolutely free, as a part of JumpCloud® Directory-as-a-Service®. By signing up for Directory-as-a-Service, you can explore the entire JumpCloud platform, with ten free users forever to get you started.