In today’s mobile era, consumers are no longer chained to a bulky desktop in a cubicle or classroom. They are doing business, taking classes, and accessing resources on the go from their personal mobile devices, oftentimes sending emails or tweaking a presentation from a coffee shop or on the train.
Bring Your Own Device (BYOD) has evolved on its own, as consumers are now expecting instantaneous access to information from any device. However, some IT teams are hesitant to bring this trend into the workplace, even with the inherent benefits of BYOD.
This same theory applies to universities, as more and more students continue to bring personal devices onto campuses. According to a recent study conducted by College Explorer, the average college student today owns 6.9 tech devices. Check out how we helped this K-12 school district deploy a BYOD network with ease and security in this case study here.
The latest smartphones are also more likely to have the latest and greatest apps and productivity features, fostering innovation that can greatly benefit businesses and student learning. As BYOD supports a mobile and cloud-focused IT strategy, consumers are more productive and can easily upload files to the cloud regardless of location.
Employees and students expect Wi-Fi to be secure and easily accessible, no matter what device they are using. Deploying WPA2-Enterprise and using 802.1X to authenticate your users is a great first step. However, from a network perspective, enabling BYOD while maintaining security standards creates unique challenges. As corporations and universities begin to integrate the demand for BYOD into their environments, they may be faced with a variety of problems relating to the manual onboarding process.
The Problem With Manual Wi-Fi Configuration
Relying on manual configuration by the end-user introduces a bevy of potential missteps and security challenges. If not configured precisely, users can easily fall victim to a man-in-the-middle attack, which involves an attacker broadcasting an imitation SSID with the intention of tricking improperly configured devices into connecting and giving up user credentials.
These types of attacks are a very real threat, as unsuspecting users at many universities have fallen victim to these types of attacks. This is a nightmarish scenario for corporations and universities, as just about anyone with basic hacking knowledge can potentially steal credentials, gain unauthorized access to confidential data and wreak havoc for the IT department.
Deploying client certificates (EAP-TLS) is one way in which corporations and education institutions choose to deploy secure wireless. Issuing individual device certificates helps eliminate common issues surrounding password change policies and allows IT staff to differentiate access and policies between device types, ownership, and more. Regardless of what EAP type you choose, end-user configuration can be a serious pain point that adds complexity to an already convoluted world of device support and security policy.
Manually Configuring a Windows Device
Consider manually configuring a Windows device for EAP-TLS. It requires the user to set up a new wireless network, enter a network name, set the security type, adjust network settings, set the 802.1x authentication method, and many more steps.
While it’s certainly possible to complete this process accurately, it is highly complex and much more difficult than an onboarding software designed for efficiency. Each Windows user needs to complete the following steps.
- Setting Up a New Network
- Go to the control panel, then under setup network go to manual configuration.
- Make sure the security type is set to WPA2-Enterprise and the encryption type is set to AES.
- Modify the Wi-Fi Connection
- Go to change connection settings.
- Configuring Certificate Authentication
- Under security, go to Choose Authentication method.
- Pick the setting in regards to certificates.
- Choose the setting ‘Microsoft: smart cards or other certificates’
- Authentication with EAP-TLS
- Install a certificate authority so the certificates will be able to verify which server to connect with.
- Make sure it is a trusted root CA.
- EAP-TLS is the authentication method used to authenticate certificates.
- Enable certificate enrollment
- Be sure to enable both the certificate and simple certificate selection
- Select the option that allows the device to use the certificate. After clicking OK, the process is complete.
Windows is just one of many different operating systems that your BYOD enviornment will need to be prepared for, manual configuration is simply not an option for larger organizations.
Automatic Wi-Fi Onboarding With SecureW2
Think it’s virtually impossible to deploy secure over-the-air encryption without causing headaches for users and a spike in help desk calls? Think again!
Device onboarding doesn’t have to be a support and end-user nightmare. An automated, browser-based BYOD solution can help you gain the full benefits of WPA2-Enterprise, while also eliminating human error and creating an onboarding process that is painless from start to finish. This seamless process allows the user to correctly configure secure wireless with just a few clicks.
SecureW2 delivers powerful tools that streamline the wireless network onboarding for your users via a self-service method, taking a tremendous burden off of IT departments and help desks. Visibility and in-depth reporting are always a challenge with any network, so SecureW2’s products monitor all aspects of the onboarding process and allow network administrators to easily monitor patterns of errors.
Nothing is more important than delivering secure wireless for your end-users. It may seem that secure wireless and BYOD are mutually exclusive, but they don’t have to be. SecureW2 has spent years developing best-in-class tools with the end-user in mind in order to make connecting devices for secure wireless a breeze and make your deployment a success. With an automated, self-service onboarding solution customers can take the guesswork, repetitive help desk calls, and end-user frustration out of network security.
SecureW2 offers affordable options for organizations of all shapes and sizes. Click here to inquire about pricing.
