With the KRACK WPA2 vulnerability making headlines in October 2017, many IT admins are asking if there is a WPA2 alternative that is safer. The short answer is not really. WPA2 is a critical component of WiFi authentication. However, the longer answer is that while WPA2 may be unavoidable, you can dramatically step-up your WiFi security so that WPA2 security becomes less of an issue.
WiFi Security and WPA2
First we should point out that the KRACK vulnerability is a particularly insidious one given how many different devices it affects. Despite that, it is relatively straight forward to remediate quickly. To address this issue, you need to ensure that every device gets patched with the latest code to close the KRACK security hole. Of course, the patching process is never easy and it is time consuming, but at least it is a method to address this issue immediately.
The second point is much more significant, and that’s because it’s on how you can really take your WiFi infrastructure security up a notch. That issue is less about replacing WPA2 since that is a widely used standard, and more about how you can get away from the shared SSID and passphrase approach that is popular with WPA2.
Securing the Network through RADIUS
The most significant step that IT admins can take with their WiFi security is to uniquely authenticate users to the network. Similar to how wired networks have worked in the past, it is possible to have every user login to the WiFi network uniquely rather than through a shared SSID and passphrase.
This approach is possible leveraging the authentication protocol RADIUS. By connecting your wireless access points to your directory service via RADIUS, you will be able to ensure that every user logs in with their core credentials. No more shared credentials, and no more risk of those credentials getting out to unauthorized users.
The benefit is that unless the user has an account in the core identity provider, they won’t have access to the network. Even the shared WPA2 credentials won’t give them access. This approach to the WiFi network is a significant step-up in security and ensures that hackers snooping on your WiFi signal will never make it on your network.
Secure Your WiFi for Future Threats
While KRACK is exploiting the client side of the WPA2 handshake, resolving that security vulnerability doesn’t magically make WiFi secure. Take the next step by leveraging a SaaS-based RADIUS platform that does the heavy lifting of securing your WiFi infrastructure.
While there may not really be a WPA2 alternative, it doesn’t mean you can’t be more secure with your network. If you would like to learn more about RADIUS, and how it can improve the security of your WiFi network, drop us a note. We would be happy to answer any questions about RADIUS, and how it can be run as-a-Service through the cloud. Alternatively, you can check it out for yourself by signing up for a free account of our Directory-as-a-Service® platform. Your first 10 users are free forever, so there’s no reason not to give it a shot.
This is a Security Bloggers Network syndicated blog post authored by Jon Griffin. Read the original post at: JumpCloud