As IT admins look to lock down their WiFi infrastructure, many have wondered if it is possible to have virtual WiFi authentication or WiFi authentication from the cloud that is delivered as a service. This has been a solution that many have desired, but for a while there was no offering that could provide it. However, through a new innovative cloud-based directory, virtual WiFi authentication is now available. By leveraging Directory-as-a-Service®, IT organizations get a cloud hosted RADIUS platform that can securely and uniquely authenticate user access to the WiFi network.
WiFi Authentication and Security
WiFi continues to be one of the greatest attack vectors for an IT organization. Historically, WiFi encryption has been known to be weak, creating a possibility for the signal to be hijacked and cracked. In fact, fairly recently there was a major vulnerability discovered in the WPA2 protocol. This KRACK vulnerability required updates for many systems, and reminded many how weak WiFi encryption can be. As a result, it’s important to ensure you are keeping your WiFi authentication as secure as possible.
But there’s another major security vulnerability with WiFi: access has been driven by shared credentials – a single SSID and passphrase for all users. Security-conscious organizations have long moved away from a shared set of WiFi credentials. The best practices approach for WiFi authentication is to authenticate each user with unique credentials. Every individual is given their own unique username and password to authenticate to the network. This greatly reduces the risks that common practices like having shared credentials present. However, this unique authentication practice is not used as commonly as you might think. This is because the process often involves a great deal of work and hardware. IT organizations need to stand up a FreeRADIUS server, connect users to the RADIUS server leveraging a supplicant on the device, and then integrate the identity provider (often Microsoft Active Directory®) to the RADIUS infrastructure.
Once this is all set up, users can authenticate using their unique credentials and the authentication process would traverse the system, requiring IT admins to integrate everything together. (Read more...)
*** This is a Security Bloggers Network syndicated blog from JumpCloud authored by Jon Griffin. Read the original post at: https://jumpcloud.com/blog/virtual-wifi-authentication/