Wireless Security Through RADIUS And LDAP

By Greg Keller Posted March 26, 2015

Wireless Security through RADIUS and LDAP

Most networks these days are wireless – it’s easier to manage, offers employees greater mobility, and is cheaper too. But wireless networks are also especially vulnerable to attack. Since you cannot physically control the range of the network to your offices, anybody on the street or the parking lot could be sniffing for network access. If they hack in, it’s likely you would never even know that they were there.

The Shortcomings of Wireless Network Security

Wireless Network Security

Very few wireless networks are actually secure. IT admins in charge of security generally drop an SSID and a reasonably hard WEP or WPA key into the access point and call it a day. Those wireless credentials are sometimes passed around the office and even given to visitors. Anybody with those wireless credentials can get onto the wireless network. Once on the network, they will likely have access to a number of other IT resources depending upon what is housed on-premises and what is hosted in the cloud.

Your embedded wireless security isn’t going to be strong enough this way. There is a better way to protect your network. 

The security standards for WPA and WEP are widely viewed as being weak overall. Another common mistake is neglecting to segment your network, which makes it so that your wireless network isn’t directly connected to your critical infrastructure.

Better Security with RADIUS

Wireless Security

The most significant step that you can take to protect your network is to authenticate your users individually on to the wireless network. You can do that by back-ending your wireless infrastructure with your directory. The easiest way to connect the two is through RADIUS, the common standard to help proxy authentication and authorization requests for network infrastructure. 

Your users will login via a supplicant that sits on their laptop or desktop. Once those credentials have been passed over to the RADIUS server and then on to the directory, the user can be granted or denied access.

This level of security is great, but making it happen is highly complex. Not only are you connecting your wireless network to your directory services, but you are also managing a RADIUS infrastructure.

RADIUS Minus the Hassle

Many modern organizations are getting the best of two worlds. They are significantly stepping up their security with wireless access being controlled through RADIUS and LDAP.

Even better, they aren’t managing any of the infrastructure. These organizations are leveraging SaaS-based services for RADIUS and LDAP. This solution is called Directory-as-a-Service. It is the authentication and authorization infrastructure for organizations that want to step-up their wireless security. 

Because the solution is offered as a managed service, there is very little additional work required from IT admins. They simply configure their wireless access points to communicate with the cloud-based RADIUS server which in turn automatically talks to the cloud-based directory. Easy – and a massive level up in security.

If you are interested in learning more about how you can offload RADIUS and LDAP while increasing your network security, drop us a line. We’d be happy to chat about it with you. You can also try it out for yourself, your first 10 users are free forever.

Greg Keller

Greg is JumpCloud's Chief Product Officer, overseeing the product management team, product vision and go-to-market execution for the company's Directory-as-a-Service offering. The SaaS-based platform re-imagines Active Directory and LDAP for the cloud era, securely connecting and managing employees, their devices and IT applications.

Recent Posts