The amount of major breaches occurring in the enterprise world is astonishing. In 2015, 707 million data records were breached (Softpedia). In 2017, the Equifax breach alone has been estimated to compromise the personal information of 143 million people – nearly half the US population (CNET). This trend has IT admins on high alert.
One major element of security that needs to be taken seriously is network security. Ensuring that your network is not being accessed by the wrong people is critical and it all hinges on the method used for WiFi authentication. The standard procedure is to leverage a shared SSID and passphrase for all users to authenticate on to the WiFi network. But this method has inherent security flaws and makes it difficult for IT to stay on top of access control. The shortcomings of this setup – not to mention the recent KRACK vulnerability – has IT admins searching for a stronger mechanism to lock down their WiFi networks. Fortunately, a new cloud RADIUS approach is providing a managed WiFi authentication platform that can step-up security and improve efficiency for admins.
Why Better WiFi Security is Needed
WiFi networks have historically been viewed as insecure. From the early days of weak encryption, to open source WiFi hacking tools, and now to large scale WPA2 vulnerabilities such as KRACK. IT organizations have been forced to deal with WiFi security challenges for as long as WiFi networks have existed.
As mentioned, modern IT organizations are often still using a single SSID and passphrase to authenticate users to their WiFi network. The problems with this method are many. Employees are always coming and going, guests join the network when in the office, and contractors or temporary employees are more common than ever. It quickly becomes impossible to keep track of exactly who has access. This means admins need to constantly change the passphrase to the network, creating a pain point for both the IT admin and the end user. In this setup, a WiFi network is a high risk proposition for IT admins.
Managing RADIUS On Your Own
The traditional approach to locking down WiFi has been to uniquely authenticate users to the network. This involves standing up a FreeRADIUS server and then integrating that with the core identity provider, which often would be Microsoft Active Directory®. This approach then leverages a user’s core identity to login to the WiFi network. A hacker that can find a shared SSID and passphrase can easily join undetected, but it is much more difficult to find an individual user’s information and enter a network undetected. It’s also much easier for an admin to find the breach, and to get the attacker out as well.
So why doesn’t every organization use this unique authentication method then? Well, the challenge with this approach has largely been the amount of work and effort it takes to implement this process. IT admins have to stand-up multiple servers, integrate a variety of components, and then maintain additional equipment. It’s no easy task, and can take hours a week to keep up with. This is where a managed WiFi authentication platform can come into play.
A managed WiFi authentication platform, namely JumpCloud’s Directory-as-a-Service®, solves these challenges by providing a cloud RADIUS-as-a-Service solution. With this RADIUS-as-a-Service tool, IT admins simply need to point their wireless access points to a cloud RADIUS server. Then, a user’s identity – even their G Suite or Office 365 identity – can be leveraged as their unique access to the WiFi network. The RADIUS server is already integrated with the cloud directory service.
A managed WiFi authentication platform dramatically steps-up security without all of the effort. Plus, because the cloud-based directory supports a variety of other protocols as well, user management becomes much more simplified. With DaaS, IT admins can manage systems (Windows, Mac, Linux), cloud and on-prem servers (AWS, GCP), web and on-prem applications (LDAP, SAML), physical and virtual storage (Samba and NAS file servers), and the wired and WiFi networks via RADIUS as mentioned. It is a cloud-based directory built for the modern IT environment.
Learn More About Managed WiFi Authentication
If you would like to learn more about JumpCloud’s Directory-as-a-Service and it’s managed WiFi authentication capabilities, drop us a note. We would be happy to answer any questions you might have. In addition, you can also sign up for a free account of the centralized directory. That way, you can see for yourself how you can set up a more secure network without all of the added work. Check it out today.
This is a Security Bloggers Network syndicated blog post authored by Jon Griffin. Read the original post at: JumpCloud