Outsourcing 802.1X Authentication ServicesBy CWNP On 12/07/2009 - 12 Comments
I recently announced a new business, NoWiresSecurity. We provide a hosted service called AuthenticateMyWiFi™. This service makes it much easier for businesses to use the Enterprise mode of WPA or WPA2 (802.11i) encryption for their wireless networks.
In this post, we'll discuss why outsourced RADIUS/802.1X services are needed.Most small businesses setting up a Wi-Fi network will settle with the Personal or Pre-shared Key (PSK) mode of Wi-Fi Protected Access (WPA/WPA2). This is because it's so easy to setup; just create a password and input it onto all the computers. Using the Enterprise mode, however, is a must when employees are using the network.
When using the Enterprise mode, the encryption keys are derived securely in the background after a user logs in with a username and password (or other credential, like a digital certificate), and are unique for each user and session. When using the Personal mode, every client uses the same passphrase, and it’s visible to the end-user. Thus, the Personal mode isn't feasible for business networks. Employees could still access the network after leaving the company and thieves would have access if a laptop is stolen. If using the Enterprise mode, user accounts can easily be changed or revoked.
The special ingredient of the Enterprise mode is a RADIUS or AAA server. It understands the 802.1X/EAP authentication protocols and consults the user database. The problem is that setting up and configuring a RADIUS server can take hundreds or thousands of dollars and a great deal of time and expertise. In addition to the core server, the small business may have to maintain a Public Key Infrastructure (PKI) and user database. These monetary and technical requirements would stop most small businesses from getting the Wi-Fi security they need.
Fortunately, there are hosted RADIUS services out there, such as our AuthenticateMyWiFi™ service. This enables small businesses and organizations to easily implement WPA/WPA2-Enterprise. They sign-up for a monthly or yearly subscription and receive access to the AuthenticateMyWiFi™ Control Panel. There they can enter their access point (AP) details and create user accounts. Once they configure their APs and computers, they can start connecting.
To further control access, they can configure the optional settings. They can impose day and time restrictions, such as only allowing access during office hours. They can also specify an expiration date of when to stop allowing access. Additionally, they can restrict users to connect through certain APs and/or connect from specific computers or devices.
Right now we're offering a Free Trial of our AuthenticateMyWiFi™ service.