By George Lattimore Posted December 22, 2018
One way to dramatically step up your network security is to start leveraging per user WiFi VLAN assignments. Essentially, VLAN assignment means to dynamically place users or groups of users into different VLANs (virtual local area networks) or network segments. The challenge with dynamic VLAN assignment has historically stemmed from the level of difficulty it presents when it comes time to implement. But, now a new identity and access management platform (IAM) is simplifying the process and making it much easier for organizations to increase their network security.
Why WiFi VLAN Assignment?
The first step in the journey to leveling up your network security is to understand the rationale behind VLAN tagging or VLAN steering as it is also known. By segmenting the network and placing users into specific VLANs that match their roles and needs, IT admins can limit the exposure of data, servers, and applications to only those that need it. With an unsegmented network, anybody can access any resource should they have the requisite skills. So, from a network security and compliance perspective, WiFi VLAN assignment can provide great benefits.
Challenges with Implementing VLAN Assignment
Returning back to the original challenge, implementing dynamic VLAN assignments can present quite the arduous task. Implementation starts with creating a segmented network through your wireless access points (WAPs) and switches/routers. It then cascades to assigning those VLANs to users and groups of users within the RADIUS server. And, then you need to tie all of these components, from endpoints (Windows®, Mac®, Linux®), WAPs, RADIUS servers, and the identity provider (IdP) together which can can be time consuming and difficult.
Shift Components to the Cloud
Luckily, a new generation of cloud identity and access management solution is simplifying the approach to WiFi VLAN assignment by shifting many of the components required for WiFi VLAN assignment to the cloud. IT admins just need to point their WAPs to a cloud RADIUS server and load their user assignments into the cloud directory service. No time consuming physical servers to stand up and configure. The cloud directory simply takes care of the rest.
When users authenticate, the RADIUS-as-a-Service platform responds with the authentication and authorization information along with RADIUS reply attributes that assign each user to the proper VLAN. Now, you can rest easy knowing that your users only have access to the resources they have explicitly been granted access to. So, even if an employee were to do the unthinkable and sell their credentials for a quick buck, your entire network is not in harm’s way.
Security is King
Security is perhaps the most important aspect of your overall environment, so know that it is baked into everything JumpCloud® does. From leveraging RADIUS and VLAN steering for your network to securely managing SSH keys for access to remote cloud servers (AWS®, Digital Ocean) and enabling full disk encryption (FDE) remotely, JumpCloud wants your IT environment to be as secure as possible. That’s why we believe the endpoint itself is the conduit to all a user’s IT resources, not just a web portal. When you have secure endpoints, you have secure launching points into any resource a user may need. Be sure to check out our top 5 security and identity access management areas to consider for more information as well.
Learn More About JumpCloud®
Utilizing WiFi VLAN assignment for your network adds a significant boost to your network security. Utilizing it in conjunction with Directory-as-a-Service® ups your overall security game even more. If you’re ready to learn more about JumpCloud, visit our blog or YouTube channel for more information. Eager to test out WiFi VLAN assignment for yourself? Sign up for a free account today. Make sure to check out our Knowledge Base for additional tips and tricks to help you get the most of your account.