Enterprise WiFi Authentication, Explained

Types of WiFi Authentication

There are several different methods for authenticating wireless clients. Some have fallen out of favor due to security weaknesses, ultimately being replaced with newer, more secure authentication methods. These include :

• Open authentication to the access point
• Shared key authentication to the access point
• EAP authentication to the network
• MAC address authentication to the network
• Combining MAC-based, EAP, and open authentication
• Using CCKM for authenticated clients
• Using WPA key management

Watch How it Works

WiFi Authentication Challenges

From its outset, WiFi posed a unique challenge when it came to authenticating identities since users were no longer physically connecting to ethernet ports. Originally, there were several methods used to authenticate users across wireless networks:

1. Separation: One was to separate the WiFi network and enable it to access the Internet. If you needed to access on-prem applications or resources, you would VPN into the network just as if you were remote. In this case the solution for WiFi authentication was the implementation of the SSID and password which was shared across any users of that particular network. In this case, there wasn’t really a connection to the main network even though the WiFi network was located alongside the internal network. It operated more as a separate network for a variety of reasons.
2. SSID: Another path is to simply leverage an SSID and passphrase and let anybody on the network that has that. Subsequently the user could authenticate to the directory service, but even if they failed the authentication, they would still have access to the WiFi network.
3. RADIUS Authentication: Yet, another path was to leverage the RADIUS authentication protocol to auth access to the WiFi network which would subsequently authenticate access with Active Directory. The RADIUS server was the intermediary between the WiFi access point and the core identity provider. RADIUS was able to speak to the WiFi access points and then translate for the directory to authenticate user access. Of course, the downside of this approach was more servers, more integration, and more configuration on end user devices.

WiFi Authentication with Portnox CLEAR

WiFi extends beyond your walls. Employees harmlessly share company WiFi passwords with guests, contractors, business neighbors without ever stopping to think about the network and information security risks this poses to their organization. It’s not just outsiders, however. Today, nearly 20% of SMBs experience a data breach by a former employee who still has WiFi access.

It’s never been easier to secure your WiFi. With Portnox’s WiFi Security-as-a-Service, complex integrations and RADIUS server setups that traditionally required skilled IT staff and extensive training have been eliminated. Now, you can set-up user and device authentication that comply with security regulations in minutes.