Solve Wifi Authentication: RADIUS-as-a-Service

By Rajat Bhargava Posted September 8, 2015

Solve your Wifi Authentication Problems with RADIUS-as-a-Service

JumpCloud recently announced Radius-as-a-Service functionality for its Directory-as-a-Service platform. Now, IT admins will be able to authenticate WiFi networks easily.

Why does Radius-as-a-Service matter so much? Before WiFi networks existed, security was a lot easier. Wired LANs had multiple layers of access control and security. There was the “non-technical” layer of securitywhether or not you had physical access to the network. If you did not, then it was unlikely you could authenticate into the network without hacking in. If you did have physical access, you still had to authenticate to the network to gain entry. While savvy technical people could theoretically utilize a port that was on, they would generally have difficulty gaining access to any resources. A networking standard called 802.1x closed this security hole by ensuring that all wired ports looked disabled to all devices until the user and device were authenticated. Only at that point was the network port turned on.

As wireless networks started to appear, they initially were used as an adjunct to the wired network. The wireless access point was connected to an Ethernet port, and the SSID was broadcasted to the office. A passphrase was passed around so that employees could leverage the WiFi network whenever they wanted. From a productivity standpoint, this was all positive progress. Users could be more mobile within the office, and it was cheaper to run a wireless network than a wired one.

Can you identify the trouble with this WiFi approach? Security. An SSID and passphrase could be easily compromised. The combination that gains entry into the network would have to be changed with each employee change. And hackers, even the less than average ones, could break into the wireless network just by sitting in the company parking lot with a piece of open source software. To recap, this makes WiFi beneficial for productivity, but scary from a security perspective.

In response to this concern, IT admins often insist that their users authenticate when they access the WiFi network with their corporate credentials. Those credentials could be passed via LDAP or RADIUS, two common protocols for this task. The trouble for IT admins is that both approaches require a great deal of hassle and configuration on their part. There is also some work that needs to be done on the client side as well.

How are we helping IT admins solve this issue? Effectively, JumpCloud built functionality to host a RADIUS server and deal with all of the setup, configuration, and maintenance for IT. Thus, IT organizations can now easily turn on this capability with a much higher level of security, without having to do a lot of heavy lifting. So, that’s what JumpCloud now offers: a RADIUS-as-a-Service solution that effectively allows organizations to point their wireless access points to JumpCloud so that each user is granted access only after his or her credentials have been authenticated. Users only need to enter their credentials once, and the operating system’s supplicant passes the credentials’ security to JumpCloud’s RADIUS server each time network access is requested.

If you’re concerned about how to increase your wireless security by authenticating WiFi access, drop us a note. We’d be happy to chat with you about it. Better yet, try JumpCloud’s RADIUS-as-a-Service functionality for free.

Rajat Bhargava

Rajat Bhargava is co-founder and CEO of JumpCloud, the first Directory-as-a-Service (DaaS). JumpCloud securely connects and manages employees, their devices and IT applications. An MIT graduate with two decades of experience in industries including cloud, security, networking and IT, Rajat is an eight-time entrepreneur with five exits including two IPOs, three trade sales and three companies still private.

Recent Posts