Over the past decade, we’ve helped hundreds of organizations around the world secure and set up WPA2-Enterprise networks. While WPA2-Enterprise remains the golden standard for 802.1x authentication, there are many pitfalls an organization can make when they set it up. Here are the top 3 mistakes we see most commonly being made out in the field, when universities use WPA2-Enterprise and 802.1x network security on campus.
Mistake #1: I’m Not at Risk for Wi-Fi Credential Theft
Like car accidents, security professionals often have the attitude that “It won’t happen to me”. Unfortunately, like car accidents, cybercrime happens all the time, and the risk of it happening to you grows greater every day.
A survey found that 74% of IT decision makers (whose organizations have been breached in the past) say it involved privileged access credential abuse. According to IBM’s X-Force Threat Intelligence Index, 35% of exploitation activity involves Man-in-the-Middle Attacks. Just last year, a student at one of the California State Universities farmed credentials at the university and presented it to the CIO. Shortly thereafter, they reached out to SecureW2 and we made sure they would never be at risk for credential theft again.
The real losers of Wi-Fi credential theft are the end users. CIOs, CTOS, Network Administrators, and Systems Administrators can, and should, take action to eliminate the risk of credential theft. Sometimes leadership will determine that it’s not a worthwhile issue, which is unfortunate for the rest of the organization because it’s the value of their data that’s being dismissed.
The Equifax breach showed the world just how easily user data can be stolen, and that the responsibility of keeping user data safe is not being taken seriously by our leaders today. Millions of innocent people had their social security information stolen, and the irresponsible few walked away with just a slap on the wrist.
Don’t let your credentials be compromised. We offer everything an organization would ever need to deploy 802.1x authentication securely and prevent over-the-air credential theft in a package that’s both incredibly cost-effective and easy to deploy. Protect your users today.
Mistake #2: Leaving it Up to Students to Manually Configure Their Devices
A lot of universities depend on a set of instructions, typically hosted on their IT website, to ensure that their end users are able to configure their devices correctly for 802.1x WPA2-Enterprise Wi-Fi. However, many end users don’t understand the significance of concepts like WPA2-Enterprise and 802.1x, so pawning configuration off on them can lead to misconfiguration. While those who grew up with technology and have studied or worked in IT may not have a difficult time configuring devices for secure 802.1x authentication, the majority of users may have a very difficult time configuring their devices.
What makes this situation even worse is that it puts your network at serious risk for credential theft. Ensuring devices are properly configured for 802.1x WPA2-Enterprise is absolutely critical to preventing over-the-air credential theft.There are a few settings, namely Server Certificate Validation, that are frequently omitted and must be configured properly to prevent devices from authenticating to Evil Twin Networks and Rogue Access Points. Further exacerbating the issue, devices are still able to access the network even if these settings are omitted.
Not only is relying on users to manually configure their devices for 802.1x a poor user experience and a security liability, it’s ultimately more expensive than using Device Onboarding Software. InfoTech Research Group conducted the study “How to Reduce Help Desk Costs”, and they found that not only are 40% of IT service desk volumes password related, but password resets cost approximately $118 per student annually. Our services eliminate Wi-Fi-related password tickets, and cost a small fraction of that price.
Mistake #3: Deploying 802.1x WPA2-Enterprise Allows Students to Automatically Connect to Wi-Fi
Passwords are only effective security mechanisms if they are accompanied by a password-change policy to combat Dictionary Attacks. Unfortunately, while they may be great for security, they are absolutely loathed by end users.
A recent study showed that University students have an average of 7 internet connected devices. That’s a lot of devices to reconfigure every password reset cycle and creates a significant burden on both users, and the IT department when deploying 802.1x authentication.
If the policy is determined to be too cumbersome for students, they will quit using the secure network and switch to guest networks or using cellular data when available. This undermines the entire cybersecurity infrastructure and creates a situation where your network is left vulnerable to outside attacks.
Organizations that authenticate with certificates do not experience these same pains. Certificate lifetimes can be set to last years instead of months. Many universities opt for a system where new students are issued 4 year certificates. Under these circumstances, the user experience with authentication is a one-time setup with the onboarding client and then they will be automatically authenticated for the duration of their tenure at the university.
Not only does SecureW2 eliminate 802.1x and WPA2-Enterprise vulnerabilities, but it can save you a significant amount of money. Click here if you’d like to learn more about our pricing, or if you’d like to talk to an expert, schedule a Free Demo with us here.
