As IT organizations continue to look for ways to step up their security efforts, the network is an area of constant scrutiny. Sys admins and IT directors alike recognize that insecure WiFi networks are a common attack vector. No one is looking to go back to wired ethernet. The wireless network has been an incredibly positive change for organizations. But there’s no denying that WiFi can also be a security risk as well. Especially with the recent vulnerability in the WPA2 protocol, many in IT are wondering if there is an Active Directory as a Service solution that does RADIUS authentication.
This discussion has two layers that we need to make sure we understand. The first layer is looking into what is the best way for IT admins to secure WiFi infrastructure. The second layer is how to implement secure WiFi infrastructure as a cloud-hosted service. So let’s begin by taking a look at what IT can do to protect their wireless networks.
Securing WiFi Networks
WiFi networks are typically secured with a single, shared SSID and passphrase. But this approach has proven to be both insecure and inefficient when it comes to providing access to your organization’s wireless network. If your shared SSID or passphrase is complex, there’s a good chance of it regularly being written down or shared on whiteboards. Both of these scenarios present an opportunity for anybody who has access to your building to see the SSID or the passphrase. In some cases, the WiFi signal reaches the building next door, the parking lot, or the sidewalk. So when a person obtains the SSID or passphrase, they don’t even have to be in the office to gain access to the organization’s network. Besides security risks, securing WiFi networks with SSID’s or passphrases is also inefficient. When people join and leave the organization, the passwords and phrases have to be rotated each time, and this adds overhead and frustration both to admins and to the end users just looking to do their jobs.
The solution to this WiFi security problem is to uniquely authenticate user access to the network. This both eliminates the shared passphrase and ensures that IT won’t have to reset the password every time an employee leaves the organization.
Conventionally, establishing unique credentials for network access is achieved by setting up a RADIUS server on-premises. This process has historically been quite painful with the requirement for servers, software installed on endpoints, and integration across multiple servers. Plus, RADIUS servers are known for being difficult to manage even once they are up and running. So we arrive at taking a closer look at the second layer of this discussion: cloud-hosted network infrastructure, including cloud RADIUS.
Is Active Directory as a Service & RADIUS Authentication Possible?
IT admins aren’t excited about purchasing, storing, and maintaining on-prem RADIUS servers. But it’s not just RADIUS servers that IT doesn’t want on-prem anymore. IT infrastructure is moving to the cloud in general. Even Microsoft Active Directory® is less and less desirable for IT organizations because of its substantial on-prem footprint. IT admins are looking for a cloud hosted solution, an identity provider that includes RADIUS authentication. IT organizations think of this approach as an Active Directory as a service implementation with RADIUS authentication included.
Of course, IT admins realize that there isn’t such a thing as Active Directory as a service which makes it a much more difficult problem to solve. There are hosted Active Directory instances, but those aren’t offered as SaaS-based services and the new cloud identity management solution from Microsoft, Azure Active Directory, isn’t a cloud directory service, but rather a complement to AD.
Cloud RADIUS Authentication with Directory-as-a-Service
The good news is that there is Directory-as-a-Service® which is a core identity provider, and it includes cloud RADIUS authentication capabilities built in. With our virtual identity provider, you get to simply enjoy the security benefits that RADIUS offers without having to deal with the hassle. Directory-as-a-Service manages the security, the availability, and the uptime that comes with RADIUS infrastructure. This cloud-based directory doesn’t just stop with networks though. The same credentials used in accessing WiFi can also be used to authenticate to Linux, Mac, and Windows systems, on-prem and remote servers in AWS and GCP, LDAP and SAML based applications, and virtual and physical file storage. IT not only significantly increases their WiFi security, but the security of their overall IT infrastructure.
Learn more about RADIUS-as-a-Service from our Customers
Learn how easy it is to set up RADIUS with JumpCloud by reading Ooyala’s case study and how they were able to set up a an entire new office over a weekend. You might also enjoy the webinar with Kevin Lam of Grab and seeing the blueprint he has come up with for quick RADIUS installation and implementation.
We hope you’ll reach out to us if you would like to learn more about Active Directory as a Service & Radius Authentication. You’re also more than welcome to sign up for a free account and explore all of our feature. Your first ten users are free forever.
This is a Security Bloggers Network syndicated blog post. Read the original at: JumpCloud 2017-11-21.