Outsourcing 802.1X Authentication Services

Outsourcing 802.1X Authentication Services

By CWNP On 12/07/2009 - 12 Comments

I recently announced a new business, NoWiresSecurity. We provide a hosted service called AuthenticateMyWiFi. This service makes it much easier for businesses to use the Enterprise mode of WPA or WPA2 (802.11i) encryption for their wireless networks.

In this post, we'll discuss why outsourced RADIUS/802.1X services are needed.

Most small businesses setting up a Wi-Fi network will settle with the Personal or Pre-shared Key (PSK) mode of Wi-Fi Protected Access (WPA/WPA2). This is because it's so easy to setup; just create a password and input it onto all the computers. Using the Enterprise mode, however, is a must when employees are using the network.

When using the Enterprise mode, the encryption keys are derived securely in the background after a user logs in with a username and password (or other credential, like a digital certificate), and are unique for each user and session. When using the Personal mode, every client uses the same passphrase, and it’s visible to the end-user. Thus, the Personal mode isn't feasible for business networks. Employees could still access the network after leaving the company and thieves would have access if a laptop is stolen. If using the Enterprise mode, user accounts can easily be changed or revoked.

The special ingredient of the Enterprise mode is a RADIUS or AAA server. It understands the 802.1X/EAP authentication protocols and consults the user database. The problem is that setting up and configuring a RADIUS server can take hundreds or thousands of dollars and a great deal of time and expertise. In addition to the core server, the small business may have to maintain a Public Key Infrastructure (PKI) and user database. These monetary and technical requirements would stop most small businesses from getting the Wi-Fi security they need.

Fortunately, there are hosted RADIUS services out there, such as our AuthenticateMyWiFi service. This enables small businesses and organizations to easily implement WPA/WPA2-Enterprise. They sign-up for a monthly or yearly subscription and receive access to the AuthenticateMyWiFi Control Panel. There they can enter their access point (AP) details and create user accounts. Once they configure their APs and computers, they can start connecting.

To further control access, they can configure the optional settings. They can impose day and time restrictions, such as only allowing access during office hours. They can also specify an expiration date of when to stop allowing access. Additionally, they can restrict users to connect through certain APs and/or connect from specific computers or devices.

Right now we're offering a Free Trial of our AuthenticateMyWiFi service.

Blog Disclaimer: The opinions expressed within these blog posts are solely the author’s and do not reflect the opinions and beliefs of the Certitrek, CWNP or its affiliates.

0 Responses to Outsourcing 802.1X Authentication Services

Subscribe by Email
There are no comments yet.
<< prev - comments page 1 of 1 - next >>

Leave a Reply

Please login or sign-up to add your comment.
Success Stories

I literally just came out of the testing centre having taken the CWDP exam. The certification process opened my mind to different techniques and solutions. This knowledge can only broaden your perspective. Great job, CWNP, you have a great thing going on here.

Read More

Working through the CWNP coursework and certifications helped not only to deepen my technical knowledge and understanding, but also it boosted my confidence. The hard work it took to earn my CWNE has been rewarding in so many ways.

Read More

I want to commend you and all at CWNP for having a great organization. You really 'raise the bar' on knowing Wi-Fi well. I have learned a ton of information that is helping my job experience and personal career goals, because of my CWAP/CWDP/CWSP studies. Kudos to all at CWNP.

Read More