When it comes to the modern enterprise, few things are more important than network security. With bad actors lurking around every corner (even inside of an organization itself), maintaining a strong, secure network is of utmost importance to the IT admin. Several network securing tools and techniques are being employed by IT admins today, but one that has been turning heads is dynamic VLAN assignment. Since IT admins are dramatically stepping up the security of their network infrastructures, some are asking: what is dynamic VLAN assignment and how can it help secure the network?
Network Security with Dynamic VLAN Assignment
The simple answer is that dynamic VLAN assignment (or VLAN steering) is an excellent technique used to build on the underlying core strategy to control network access. VLAN assignments build on the use of RADIUS to control access to the network. Via RADIUS integration, a WiFi access point (WAP) requires not only an SSID and passphrase, but a user’s unique set of credentials to access the network. Once a user has passed credentials through to the WAP and they are subsequently passed to the RADIUS server and directory service, the RADIUS server will reply to the WAP that the user has been authenticated and inform what VLAN they are assigned to.
IT admins configure the system to identity which users and/or groups are assigned to which VLAN. Those VLANs can be setup on the WiFi network for any number of reasons including security and compliance. By segmenting users and authenticating them with their unique credentials, IT admins can increase security significantly.
Challenges with Dynamic VLAN Assignments
The challenge with this approach is the overhead for IT admins. Traditionally, to implement dynamic VLAN assignments would require a great deal of infrastructure, configuration, and administration. For starters, IT organizations would need to set up their own FreeRADIUS server and connect that instance to the wireless access points and the identity provider (IdP), often, Microsoft® Active Directory®. In many networks, the IT group would also need to configure endpoints with supplicants so that they could talk to the RADIUS server (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/dynamic-vlan-assignment/