At the beginning of a new year at a university, an important first task for incoming students is to connect to the secure network they will use for all their on-campus studies. If the process is handled poorly, the already busy schedule is bogged down by large numbers of users experiencing connection issues and filing support tickets. Long lines cause significant slowdowns for IT, who must divert attention and funds to remedying students issues instead of focusing on value-add tasks. And if the network deployed relies on credential-based authentication, the same issues can be expected to surface when passwords expire at regular intervals. To simplify the onboarding process and avoid the costs of credentials, many universities deploy certificate-based networks with onboarding/configuration software that streamlines new user onboarding.
Onboarding software has become a standard among Higher Education in recent years, and it’s easy to see why. Not only does it significantly increase user experience by making secure network connectivity a breeze, but it greatly increases network security. It allows end users to easily configure their own devices, reducing the burden on IT support and providing convenience for users. Paired with Wi-Fi certificates, it can vastly improve the user experience by eliminating password-related disconnects. The average University student has 7 internet connected devices, all of which need to be reconfigured every 60-90 days due to password reset policies. Certificates eliminate this, and typically only need to be configured once during a device’s lifetime.
While Wi-Fi certificates are highly recommended for improving device onboarding, they can be difficult to configure for regular network users. This is why customers love the pairing of our onboarding software with our PKI services. Software makes it incredibly easy to replace credentials with certificates, so Universities can enjoy all the benefits of certificates with none of the drawbacks. Certificates are incredibly versatile as well. They can be used for authentication with web applications, desktops and to enable SSL Inspection. They also make it easy for administrators to apply group-based policies and segment their network because they can hold user attributes. Quite often, customers will use these attributes to assign varying certificate lifetimes, access to network resources, bandwidth, or segment IoT devices.
Onboarding software is also incredibly important for network security. It can configure devices for server certificate validation, which allows the users’ devices to authenticate the identity of the RADIUS server certificate. This prevents the potential for a user to accidentally connect to a spoofed SSID set up to enact a Man-In-The-Middle attack. With all users configured for server certificate validation upon enrollment, diligent monitoring for spoofed SSIDs becomes less vital, as users’ devices prevent them from becoming an issue.
Eduroam is also easily configurable with a onboarding software and greatly expands the connectedness of your organization. Eduroam allows users to travel between campuses without having to re-enroll for network access. However, it’s difficult for end users to configure manually and causes those devices to be prone to credential theft. When setup properly, devices can be recognized and authenticated to allow full network access on all affiliated Eduroam campuses. Some organizations even use Eduroam as their main SSID, eliminating the need to do multiple enrollments and distribute new certificates/credentials.
SecureW2’s certificate solutions are easily configurable and vastly improve upon the usability and security of a university’s network. We offer a full deployment with all necessary components, such as a Cloud RADIUS and PKI. Our solutions integrate directly with all major network infrastructure and mobile device manufacturers and require no forklift upgrades to implement. In addition, if you have existing infrastructure, such as a RADIUS server, our certificate solutions integrate with components from all major vendors and maximizes the potential of your network security. Once a university is equipped with certificate-based solutions, the benefits to security, user experience, and network management cannot be matched.
*** This is a Security Bloggers Network syndicated blog from SecureW2 authored by Jake Ludin. Read the original post at: https://www.securew2.com/blog/efficient-device-onboarding-for-higher-education/