Short-Lived Certificates: Worth the Hype or Operational Headache?
In PKI, certificate lifespans have always been a balancing act between security and operational simplicity. The industry standard has preferred longer-lived certificates valid for one year, and sometimes even for...
How to Create a Cloud-Based RADIUS Server
In order to successfully configure a WPA2-Enterprise network, a RADIUS server is a must. The RADIUS authorizes and authenticates users signing into the network and eliminates any speculation into who...
JoinNow 8.0: Adaptive Defense, ACME for Server Certs, and More!
Trust rules how the world works. It’s the foundation of personal relationships, how we choose who to do business with, and how we grant people (and now non-human identities) access...
Configure Google SCEP Certificate Automatic Enrollment Profiles
Certificates are far superior to credentials and mitigate many of the vulnerabilities associated with pre-shared keys. They enhance the user experience by facilitating network access and removing password-related friction induced...
Making the Shift to Passwordless Seamless: Overcoming Objections and Hurdles
Passwords have been the foundation of digital security for decades, but today’s threat landscape has outpaced their effectiveness. Due to resets and lockouts, IT staff are overloaded, and they remain...
When Static Trust Becomes a Backdoor: Lessons from the 2025 SharePoint ToolShell Exploit
In July 2025, a widely exploited zero-day vulnerability, CVE-2025-53770 & 53771, named ToolShell, hit on-premises Microsoft SharePoint Server systems, triggering a large-scale compromise. The ToolShell exploit gave attackers unauthenticated remote...
How To: Enabling Safe GenAI Access on Unmanaged Devices and Corporate Wi-Fi
Generative AI (GenAI) tools such as ChatGPT, Claude, and GitHub Copilot have become integral to the workplace and are used by employees as productivity tools. Banning new tech doesn’t work;...
Securing Identity-less Infrastructure and Userless Agents
The security landscape is profoundly transforming as AI and cloud-native technologies reshape organizations’ operations. Today, infrastructure consists of identity-less components such as containers, serverless functions, and ephemeral compute instances that...
The Password That Collapsed a Company: What We Can Learn from the KNP Logistics Ransomware Attack
“A ransomware attack on the group’s IT systems had such a devastating impact that the group concluded it could not continue to trade,” – BBC KNP Logistics (formerly known as...
The DoD Just Confirmed What We’ve Been Saying All Along: Trust Must Be Earned
Even the DoD Knows the Perimeter is Dead “There is no such thing as a secure system.” —Lisa Porter, Former Deputy Undersecretary of Defense for Research and Engineering The U.S....
Launching Certificate-Based Security Shouldn’t be Intimidating
“Global spending on information security and risk management is expected to grow 14.3% in 2025 to reach $212 billion.” Source: Gartner Press Release, August 28, 2024 Implementing strong network security...
5 Million Unsecured Wi-fi Networks: Why We’re Still Failing at Basic Network Security
As of 2025, more than 5 million unsecured Wi-Fi networks are active worldwide. Schools, hotels, small businesses, and even enterprise guest networks continue to rely on open or shared-password Wi-Fi....
Certificate Pinning vs. Device Attestation
Certificate pinning is widely used in networks to establish trust between client devices and servers. However, with enterprises shifting to dynamic BYOD and device trust policies, certificate pinning alone does...
What is the difference between MITM and AITM?
A traditional Man-in-the-Middle (MITM) attack primarily involves an attacker passively intercepting a communication channel to eavesdrop or steal static credentials, such as passwords. The Adversary-in-the-Middle (AITM) attack takes this a...
Apple Managed Device Attestation Explained
Apple introduced Managed Device Attestation (MDA) to give organizations stronger assurance about the devices they authorize for access. Device Trust, which identifies devices managed by your organization and ensures they...
Understanding Authentication Strengths in Conditional Access
As cyberattacks become more targeted and identity becomes the core of security strategy, IT administrators are rethinking how users authenticate to sensitive resources. Organizations widely adopt Multi-Factor Authentication (MFA) to...
Does RadSec support roaming services, such as Eduroam?
RADIUS over TLS, also known as RadSec, enhances roaming services like Eduroam by providing stronger encryption than the standard Remote Access Dial-In Service (RADIUS) protocol. RADIUS in Eduroam utilizes the...
Why Is Device Attestation Important For Secure Access?
Device attestation is used to verify a device’s authenticity and ensure that only genuine, untampered devices with approved, uncompromised software are given access to systems. It provides cryptographic evidence through...
How Do You Enforce Consistent PKI Policy Across Distributed Teams?
You can enforce a consistent PKI policy across distributed teams by using centralized, automated enforcement with dynamic tools that integrate with your existing IT ecosystem. Manual management methods often lead...
What is a PKI, and How Does It Help Secure Networks in an Organization?
Password breaches have impacted nearly every industry, from telecommunications to healthcare. As threat actors refine their attack methods, securing networks solely with passwords has become increasingly challenging. Organizations are transitioning...
What does a modern PKI team structure look like?
Public Key Infrastructure (PKI) is like experiencing a renaissance. PKI, formerly thought to be the realm of cryptography specialists and obsolete hardware, is now a strategic enabler of business identity...
Can Continuous Authentication Help Enforce Policy-Based Access with Certificates?
Modern hybrid networks comprise a mix of both managed and unmanaged devices. With static one-time authentication being inadequate, users and devices are only authenticated at the start of a session,...
What Are the EAP Method Requirements For WPA3-Enterprise?
The only EAP method allowed in WPA3-Enterprise 192-bit mode is EAP-TLS, which uses X.509 certificates for client and server-side authentication. No other EAP authentication types are permitted, since they lack...
RADIUS + Dynamic PKI: Better Together
With many devices attempting to connect to the network, identifying potential risks from compromised devices becomes paramount. This is where a robust Public Key Infrastructure (PKI) integrated with RADIUS comes...
What is Opportunistic Wireless Encryption (OWE) in WPA3?
Public Wi-Fi is available everywhere. However, behind the convenience lies a long-standing issue: unsecured Wi-Fi networks lack encryption, exposing user data to eavesdropping and attacks. Opportunistic Wireless Encryption (OWE), a...
Is RadSec Necessary if I Already Use EAP-TLS?
EAP-TLS is a powerful certificate-based authentication technique that has been extensively used due to its high security posture. It enables mutual authentication between the client and server and secures credentials...
Why Isn’t my SCEP Profile Working?
You’re not alone if you have ever hit “Push” on the Simple Certificate Enrollment Protocol (SCEP) profile in your Mobile Device Management (MDM) only to find that nothing immediately happens....
ACME Device Attestation: Strengthening Certificate-Based Security
Public Key Infrastructure (PKI) was never designed for an environment where devices could drift out of compliance within hours, sometimes minutes, of being trusted. And yet, many organizations still rely...
Dynamic PKI: Continuous Authentication for Modern Security
Traditional authentication models have relied on static trust. Once a device or user is authenticated a single time they typically remain trusted indefinitely. This model assumes continuous security from a...
Why Does Certificate Lifecycle Management Automation Need Continuous Authentication?
Enterprises are relying more on automated solutions to manage the lifecycle of digital certificates. Certificate Lifecycle Management (CLM) has evolved from a manual, error-prone process to an automated, API-driven workflow...
Can Continuous Authentication Work with Existing MDM, EDR, or Identity Tools?
Yes, continuous authentication can work alongside existing Mobile Device Management ( MDM), Endpoint Detection and Response (EDR), and identity tools. This is possible when these tools share real-time context and...
Why is Mutual Authentication Important in Secure Communication?
Mutual authentication is important in secure communication because it is a process where both entities verify each other’s identities before establishing a connection. In a network environment, the client and...
What’s the difference between device authentication and device attestation?
Device security is more important than ever. Just one compromised device can give attackers access to your whole network. Because of this, security professionals depend on device attestation and authentication....
Why Should I Use EAP?
The Extensible Authentication Protocol (EAP) provides a standard framework for authenticating users and devices to a network. It uses various authentication methods, such as tokens, smart cards, digital certificates, and...
What is the difference between TLS and EAP-TLS?
TLS and EAP-TLS might seem identical initially since they depend on encryption and certificate-based authentication. TLS and extensible authentication protocols-transfer layer security (EAP-TLS) are often discussed in network security. They...
What are the three components in the 802.1X system?
The 802.1X system has three primary components: the supplicant, the authenticator, and the authentication server. The supplicant is the part of the device that requests access, the authenticator is the...
Is EAP-TLS The Same as PEAP?
Extensible Authentication Protocol-Transport Layer Security (EAP-TLS ) and Protected Extensible Authentication Protocol (PEAP ) are both authentication protocols used in the 802.1x framework, but they are not the same. The...
What Is The Gold Standard Of Network Security?
Extensible Authentication Protocol-Transfer Layer Security (EAP-TLS) is considered the gold standard for network security. It allows digital certificates to be deployed on WPA2-Enterprise with 802.1X authentication. EAP-TLS uses asymmetric cryptography...
How Does WPA3 Improve Wi-Fi Security Compared To Previous Protocols?
Wireless Protocol 3 (WPA3) improves Wi-Fi security compared to the WPA2 protocol, as it provides individual data encryption, side channel protection, and a more robust authentication mechanism through its 192-bit...
What is 802.1x Authentication Used For?
802.1x Authentication is a network security standard that grants access to wired and wireless networks by validating authorized users and devices. The 802.1X protocol is the IEEE Standard for Port-Based...
Understanding NIST SP 800-171 3.5.2: Device Identification & Authentication
NIST SP 800-171 is a cybersecurity framework that protects Controlled Unclassified Information (CUI). It applies to organizations handling sensitive government data and has been widely adopted as a best practice...
Your Guide To Wi-Fi Security
Wi-Fi is now a necessity. However, its convenience also makes it a prime target for cyber threats. As the number of Wi-Fi-enabled devices skyrockets, so do security risks. Attackers exploit...
How Does a Man-in-the-Middle (MITM) Attack Compromise Wi-Fi Networks?
A MITM happens when attackers hijack a communication channel to intercept and steal data. In this type of attack, they position themselves between a user and an application, silently capturing...
What is an Evil Twin attack in Wi-Fi, and how can I protect against it?
Imagine you’re out shopping, getting coffee, or waiting for a flight. You quickly want to check your messages or search for something, so hop on a free public Wi-Fi network....
SCEP vs. Dynamic SCEP
Simple Certificate Enrollment Protocol (SCEP) streamlines secure certificate issuance across networked devices, enabling scalable authentication and encryption. Instead of relying on manual provisioning, SCEP automates the process, allowing devices to...
What is MAC spoofing, and how does it affect Wi-Fi security?
MAC spoofing is when an attacker tricks a network by faking a device’s unique ID (MAC address) to gain unauthorized access or disrupt communication. This attack can happen in different...
Enabling Okta Device Trust for any MDM
The traditional network perimeter is a relic of the past. With remote work now common, users need secure access from anywhere, making outdated security models ineffective. Relying on perimeter-based defenses...
Top PKI Management Tools For A Network
Organizations should prioritize automated certificate lifecycle management to maintain complete visibility and granular control over who and what accesses their network. Managing certificates manually—distributing, renewing, and revoking them—quickly becomes tedious...
Can I Use Azure With A RADIUS Server?
Organizations worldwide are making the transition to cloud-based network solutions. To ease the transition, Microsoft created Entra to aid clients in moving their directories from on-premise Active Directory (AD) to...
Configuring Certificate Auto-Enrollment with Microsoft GPO
Enterprises that use Public Key Infrastructures (PKI) will have to issue and manage tens or even hundreds of thousands of digital certificates. Keeping track of all those certificates may seem...
Complete Guide To Certificate Authorities
Imagine walking into a vast library, seeking a single book among millions. Without a librarian or a catalog system, you’d be lost. In many ways, the internet is that library,...
Without Server Certificate Validation, WPA2-Enterprise Isn’t Secure
Your users have strong, unique passwords, your networks are protected with WPA2-Enterprise encryption, and you use 802.1x for authentication. WPA2-Enterprise is the gold standard when it comes to security, so...
Microsoft PKI Best Practices
A Public Key Infrastructure (PKI) is an 802.1x network security solution that uses public-private key cryptography to authenticate users for online resources. PKIs can be configured to authenticate for Wi-Fi,...
How to Configure Kandji SCEP Profile
Digital certificates have, time and again, proven to be more secure than credential or password-based authentication as they are phishing-resistant. However, manually distributing digital certificates is a considerable challenge for...
What Are Virtual Smart Cards?
In the world of authentication cybersecurity, a device growing in popularity is the Smart Card. A smart card, like those produced by Yubico, is a cryptographic tool that allows users...
SHA-2 vs ECC: Digital Certificate Encryption Advancements
Cryptographic systems are at the heart of digital certificates, enabling encryption, authentication, and integrity. SHA-2 and ECC are two pivotal technologies that protect everything from SSL certificates to system integrity...
2024 Security Analysis of PEAP-MSCHAPv2
These days, wired and wireless (Wi-Fi) networks are ubiquitous. Organizations need these connections to perform critical business functions, but these connections are susceptible to various ever-evolving cyber threats. As a...
Network-as-a-Service (NaaS): Explained
NaaS, or Network as a Service, is a cloud-based networking model that modifies how businesses handle and use their networks. Instead of having a lot of network equipment on-site, you...
[Solved] Jamf Casper Certificate Error
Apple devices and gadgets have been unparalleled in cutting-edge technology and customer satisfaction over the years. In a recent interview, the CIO of Jamf Linh Lam predicted Apple to reach...
WPA3-Enterprise: Should you Adopt It?
WPA (Wi-Fi Protected Access) was created in the early 2000s when IT professionals quickly realized that WEP (Wired Equivalency Protocol) had terrible security vulnerabilities. WPA2 was ratified in 2004 as...
Is RadSec Necessary for Eduroam?
Students and staff who visit other colleges and universities frequently encounter challenges accessing safe Wi-Fi networks. Without an integrated system, they may encounter connectivity challenges, different login procedures, or concerns...
Complete Guide to Android 802.1X
In this article, we’ll examine a crucial authentication method for keeping your Android devices secure while connecting to networks. It’s called 802.1X authentication. This specific security approach ensures only the...
The Dangers of Self-Signed Certificates
Self-signed certificates continue to pose critical risks to organizations prioritizing secure communication. While they may seem convenient for quick deployments, their inherent vulnerabilities can lead to severe security and operational...
Solved: Error “Cannot Manage Active Directory Certificate Services”
Admins configuring Active Directory Certificate Services (AD CS) for their network may encounter the following error message: Cannot manage active directory certificate services. The system cannot find the file specified:...
What is PIV (Personal Identity Verification)?
Personal Identity Verification (PIV) is a security standard detailed in NIST FIPS 201-2 that creates a framework for multi-factor authentication (MFA) on a smartcard. While PIV was originally designed for...
How Safe Is The EMF Exposure From Wi-fi?
Most people use Wi-Fi, which emits electronic and magnetic fields (EMF). But are the EMFs from Wi-Fi dangerous? The short answer is no, but we'll dig into the question further.
A Guide to Server Certificates
Server security is critical in today’s digitally driven environment. The server certificate, a digital document that verifies the identification of a website or server, is fundamental to Internet communication security....
Top 6 Ways To Prevent Your Network From DNS Poisoning Attacks
As we increasingly rely on the internet for both personal and professional activities, understanding the potential threats to our online security becomes essential. A prevalent and significant risk is DNS...
An Overview Of Passpoint In Network Infrastructure
Wi-Fi access has evolved from the manual selection of Service Set Identifiers (SSIDs) to the automated, secure connectivity of Passpoint. Initially, users had to browse a list of available SSIDs,...
All that You Need To Know About Public Key Encryption
We are living in a time where wireless security is imperative because private data and personal information are uploaded online. As the amount of online data increases, so does the...
Drawbacks of NPS in a Cloud Environment
Organizations want different technologies to work well together and integrate smoothly so they can be used more efficiently. The combination of Microsoft Azure and Network Policy Server (NPS) frequently generates...
Why is It Safe to Migrate AD CS from SHA-2 to SHA-1 In 2024?
It’s imperative for organizations to fully switch from SHA-1 to SHA-2. The National Institute of Standards and Technology (NIST) stated SHA-1 should not be trusted, PCI Compliance scanners no longer...
Why Do You Need S/MIME Encryption In Network Security
S/MIME stands for “Secure/Multipurpose Internet Mail Extensions”. It’s an IETF standard for public key encryption and creating a digital signature for MIME data. In essence, S/MIME uses a PKI to...
WPA vs WPA2- The Better Wifi Authentication
Wireless networks are omnipresent. You may have access to many wireless networks, whether in a neighborhood coffee shop, a school, or home. However, it’s hard to tell which ones are...
How To Use RadSec For A Secure Roaming Network
RadSec is an 802.11x protocol designed to securely transfer information from a RADIUS through TCP (Transmission Control Protocol) and TLS (Transport Layer Security) for protected communications. At a basic level,...
How to Use Active Directory Set-up For Wi-Fi and CloudRADIUS
Organizations that leverage Microsoft Active Directory (AD) often want to connect their core user identities to their Wi-Fi network. The goal is to enable users to authenticate uniquely to the...
An Overview Of Certificate Revocation List In A PKI
What is a Certificate Revocation List? A certificate revocation list, more commonly called a CRL, is exactly what it sounds like: a list of digital certificates that have been revoked....
What Is RADIUS Certificate-Based Authentication?
As cyber security risks increase and secure access to network resources is required, organizations are adopting different authentication methods. RADIUS certificate-based authentication is one of those methods that increase the...
4 Best Practices For Eduroam Deployment
Scholars and students often visit different campuses for internships, seminars, conferences, and other events. Accessing secure Wi-Fi at foreign campuses has always been a challenge for these individuals who require...
How to Integrate with Entra ID For Effective Certificate Management
The transition from on-premise Active Directory (AD) to cloud-based Azure AD (Microsoft Entra ID) can be tricky, leaving Azure admins searching for an easy way to migrate. Unlike AD, there...
How to Configure Dynamic VLAN for EAP-TLS
Researching and implementing new cybersecurity technologies is a vital aspect of maintaining an effective network for your organization. But transitioning to more up to date security measures often comes with...
Benefits of Digital Certificates For Secure Eduroam Wi-Fi
Eduroam has become crucial for colleges worldwide, providing students and staff with seamless, cross-campus Wi-Fi connectivity. However, as more institutions use Eduroam as their principal Wi-Fi network, security and accessibility...
Certificate Lifetimes – Is 20 Years Too long?
Over the last few years, software makers have begun cracking down on certificates that do not expire soon enough. Most browsers will reject any SSL certificate with a lifetime longer...
Can I Use OAuth 2 With ADFS?
What is ADFS? Active Directory Federation Service (ADFS) is a software component developed by Microsoft to provide Single Sign-On (SSO) authorization services to users on Windows Server Operating Systems. ADFS...
Best EAP Method to Configure a Secure WiFi Network
Extensible Authentication Protocol (EAP) is a strong security layer and authentication framework used in Wi-Fi networks. It provides various methods to verify the identities of users and devices before granting...
The Importance of Device Attestation for Zero Trust
Here, you can learn the concepts of device trust and cryptographic principles of attestation in ensuring security of your organization.
Adding a Trusted Root Certificate Authority to Group Policy Objects
Organizations that want the best in authentication security should look no further than certificate-based authentication. When compared to using credentials for authentication, it’s simply no contest. The two pillars supported...
PKI Smart Card Authentication for Enterprise
Companies and governments around the world are finding more and more uses for PKI smart cards – especially for identity management. These tiny chips can be found in a multitude...
Passwordless Magic Link Authentication: Explained
Want to know how magic links work? Read on to know more about magic links other passwordless authentication methods for network security.
You Don’t Need LDAP for 802.1X Anymore
Without protection, your organization’s network is vulnerable to cyber attacks. The 802.1X protocol heightens network security by introducing RADIUS servers for authentication, and Lightweight Directory Access Protocol (LDAP) has commonly...
Using Multi-Factor Authentication for Network Security
Many inquiries that we receive reference Multi-Factor Authentication (MFA) and how it can be used to improve the network security. MFA is a process that requires more than one form...
How to Check if a Digital Certificate is Revoked
A critical component of EAP-TLS certificate-based authentication is properly managing certificates, which includes confirming that they have been properly revoked AND placed on the list of revoked certificates so the...
How to Set up Device Identification in Defender for Cloud Apps
Want better visibility and control on all devices in your network for efficient device management? Try Defender Device Management with us.
Which Devices Support Passpoint and OpenRoaming?
OpenRoaming & Passpoint Wi-Fi makes the use of mobile devices on the go more secure. Find out what devices and OS support Passoint.
Expanded Windows Hello for Business + Yubikey Login
SecureW2 has developed two solutions that offer major functionality upgrades to Windows Hello for Business: A Yubikey Management Solution that allows you to use your Azure AD or AD directory...
(Solved) Android 11 Samsung “Deep Sleep” Wi-Fi Connectivity Issue
Android devices have long had an “app sleep” feature designed to reduce power usage for infrequently used apps, and it’s not a new problem that it can cause apps to...
What is Microsoft NPS?
In an era dominated by cloud-centric solutions, Microsoft NPS sets out as an on-premise network security tool for Windows Server. Its primary goal is centralizing network regulations, user identities, and...
How to Use Yubikeys for VPN
Yubikeys are a useful and secure tool for protecting yourself from data theft. They add a layer of authentication and can be used with other authentication methods to further protect...
FreeRADIUS vs. Cisco ISE
Cyber-attacks cost small businesses an average of $84,000 to $148,000, and 60% of those attacked go out of business in 6 months. As organizations continue to grow, it becomes more...
Device-Based vs User-Based RADIUS Lookup
If all the users in your network fit into one single group, RADIUS authentication would be simple. Alas, things aren’t that easy; administrators often find themselves needing to specifically distinguish...
WPA2-PSK is Not Good Enough
In this day and age, employees are accessing their corporate resources wherever they can get a strong wireless signal, whether it be a public hotspot, an airport, or a friend’s...
Why NTLM Authentication is Vulnerable
One of the biggest problems with Windows environments is the insistence to continue to build upon older systems despite the emergence of cloud solutions. Attackers can easily gain access to...
Everything You Need to Know About PEAP Security
Since most transactions and communication are done over networks today, the security of these networks can’t be overlooked. Securing your network connections has never been more critical, as the data...
A Security Analysis of WPA-Personal
In the continuous effort to strengthen wireless network security, Wi-Fi Protected Access (WPA) represents a significant turning point. Data transmission over airwaves is becoming increasingly common in the ever-expanding digital...
MobileIron vs MEM Intune: Top MDMs Compared
Mobile devices like phones, tablets, and laptops are being used for work more than ever, especially after the COVID-19 pandemic. Remote work and hybrid workplaces are the new normal, making...
What is the Trusted Root Certification Authorities Store?
A Certificate Authority (CA) is the entity that handles the certificate distribution for a PKI. Certificate Authorities assist in validating the identities of different websites, individuals, and devices by providing...
Does Rotating Preshared Keys Improve Security?
Wifi Protected Access 2 – Pre-Shared Key (WPA2-PSK), a wireless security standard from 2004, is still used by many organizations today. And although it’s safer than its predecessors, WPA2-PSK relies...
Designing a Zero Trust 802.1x Network
As hackers get more sophisticated and hands-on, network security strategies have to adapt to meet the new challenge. An old idea that has recently been given new life is the...
OCSP vs CRL: The Best Bet To Revoke Certificates In A PKI
OCSP support is not included in the current roadmap of SecureW2 for some key reasons. Here’s a brief overview of your options for certificate revocation: What is OCSP OCSP stands...
Passwords vs. Digital Certificates For RADIUS Authentication
Businesses understand the importance of passwords for private data security but might not realize that using a network with passwords poses many security threats. As hacking techniques become more advanced,...
Deploy Yubikeys For Secure Wi-Fi in WPA2-Enterprise Network
Security keys are useful tools for hardening your devices with an additional factor of authentication. Did you know that same protection can be extended to your network? SecureW2, a Yubico...
A Guide To Client Certificate Mapping In Active Directory
Certificate mapping, in a general sense, refers to the tying of an identity to an X.509 digital certificate. In practice, the term is mostly used in the context of Microsoft’s...
Is EAP-TLS Safer than PEAP-MSCHAPv2 in 2024?
The short answer is: Yes. Organizations that are interested in moving from the unsecure PEAP-MSCHAPv2 protocol to the superior EAP-TLS protocol might be worried about huge infrastructure overhaul or the...
Configuration Guide For WPA2-Enterprise On Operating Systems
Automation is critical for a positive user experience; the faster a monotonous task can be finished, the more time users can focus on important activities. Network authentication can operate the...
A Guide To Configure Certificates In Your Yubikey PIV Slots
Physical security tokens like the Yubikey have smartcards that can be configured to store several certificates, the quantity of which depends on the specifications of the secure cryptoprocessor at the...
How To Renew SSL and Client Certificates For Secure Network
Automate certificate distribution and lifecycle management with industry best managed PKI solution. Continue reading to know more.
Configure 802.1X Authentication with Microsoft Office 365 Suite
We are living in an age where basically every person has an online footprint, whether it be for entertainment or to conduct business. Since millions of people are taking their...
A Complete Guide to Intune 802.1x
The 802.1X standard provides secure authentication for users and devices looking to connect to wired and wireless networks. It uses an authentication server known as the RADIUS server that validates...
Configure RADIUS on Windows Server 2008
The name RADIUS needs no introduction whenever you imagine a wired or wireless authentication server. Commonly referred to as AAA servers, RADIUS performs the core task of Authentication, Accounting, and...
What is WEP Security?
As we all know, wireless networks simplify numerous business procedures while providing trustworthy security. As a result, a user must be familiar with wireless networks and how they might facilitate...
Preventing Man-in-the-Middle (MITM) Attacks: The Ultimate Guide
A man-in-the-middle (MITM) attack is an incredibly dangerous type of cyber attack that involves a hacker infiltrating a private network by impersonating a rogue access point and acquiring login credentials....
RADIUS Server Authentication: Explained
A RADIUS server prevents unauthorized access to your network - and, thanks to services like Cloud RADIUS, this powerful authentication tool is more accessible than ever.
Best Practices for Storing X.509 Private Keys
X.509 certificates play a crucial role in guaranteeing the authenticity and integrity of communications. However, organizations that rely on the security provided by certificates also need to address a concern:...
Is there an Alternative to Windows NPS?
Microsoft’s Network Policy Server (NPS) is a AAA RADIUS server used for a number of different types of network connections. It can be used for wireless authentication, VPN connections, dial-up,...
What’s the Difference between OpenRoaming and Passpoint?
Advances in Wi-Fi infrastructure are coming at a rapid-fire pace these past few years, and it’s a little difficult to keep up. Some of the most exciting news has been...
SCEP Security Best Practices
Simple Certificate Enrollment Protocol (SCEP) makes certificate issuance easier, scalable, and secure. SCEP relies on HTTP and uses RSA cryptography. It lacks support for online certificate revocation, thus limiting its...
Windows RADIUS Server Pros and Cons
There are thousands of deployed instances of Windows RADIUS Server across the world, but users still debate its capabilities to keep their large networks intact and secure, giving rise to...
Guide to AD CS Policies and Enforcement
What is AD CS Used For? Active Directory Certificate Services (AD CS), a Windows server software solution, is used for issuing and managing x.509 digital certificates and provides Active Directory...
5 Network Access Control (NAC) Best Practices
Cybercrimes have been a cause of concern for organizations in recent times, especially when they are expanding remotely. Even nations’ policymakers have expressed concern about the surge in cybersecurity attacks over the...
What is PKCS11?
High-profile data breaches from major organizations such as Equifax, Solar Winds, and even the White House have pushed network security into the forefront of the public eye. One method of...
Can I Use Let’s Encrypt for an Enterprise?
When it comes to accessible Certificate Authority (CA) solutions that are easily available and free, Let’s Encrypt is second to none. They’ve enabled countless people and organizations to enable certificate-based...
How to Configure Azure AD CBA
With the introduction of Azure AD CBA, Microsoft has taken steps to move past using passwords - and your organization can, too.
Enabling RADIUS MAC Auth Bypass for IoT
Enabling RADIUS MAC Auth Bypass for IoT devices can alleviate cyber threats and help improve your network security. Here's How
Setup Microsoft Defender for Cloud Conditional Access App Control
Managed PKI solution for Microsoft Defender for Cloud Conditional Access App Control
Coworking Wi-Fi Security Best Practices: How to Protect Shared Networks
Coworking spaces are on the rise with the increase in the number of remote workers. Many organizations have moved towards coworking as the shared office model offers similar benefits as that of a...
5 Ways to Protect iOS Networks From Password Sharing Risks
If you are an Apple device user, you must know about the Airdrop feature, which lets you share files. You can also use the Airdrop feature to share your WiFi...
Top 3 Ways To Troubleshoot Common Okta Certificate Errors
Okta is one of the leading Identity and Access Management (IAM) service providers for enterprises around the globe. Okta supports binding identities to digital certificates, but you might encounter one...
Certificate Management Guide For Google Workspace
Google Workspace is one of the most common Identity Providers used by enterprises today. The Google ecosystem includes a number of easy tools organizations can use in their daily operation,...
Attack Vectors That Leave Your 802.1X Network Vulnerable
When used correctly, 802.1X authentication is the gold standard for network security. However, even seasoned IT professionals fail to recognize some key points of attack. If they are left unchecked,...
Troubleshoot Okta RADIUS Internal Server Error
Okta is one of the leading Identity and Access Management (IAM) service providers for enterprises around the globe. They provide a great user experience, but sometimes you might encounter some...
Group Policy vs. Intune Profiles: A High-Level Comparison
Microsoft has many policy management tools to secure client devices in an organizational environment. Microsoft Group Policy and Intune Profiles are commonly used solutions in different environments, catering to different...
The Best Cloud RADIUS Server For Authentication
Due to the COVID-19 pandemic, employees are working from home now more than ever before. According to a Stanford study, an incredible 42 percent of the U.S. labor force now...
Guide: How To Build A PKI Certificate Authority
What is a Certificate Authority? A certificate authority (CA) is an entity that distributes digital certificates. A digital certificate certifies the ownership of a public key by tying it cryptographically...
Overview: Root And Intermediate Certificates
One of the main problems in online communication is trust. Let’s say you communicate with your bank through their website: how can you be sure the bank’s page is real...
Compare Apple MDMs: JAMF vs. Mosyle
Apple devices are becoming increasingly popular for enterprises as they are feature-rich and user-friendly. Over 81% of employees use company-owned or BYOD Apple devices to access their corporate network, which...
Configure Okta Client Certificate Authentication
In this article, you can learn integrating digital certificates with one of the leading identity providers, Okta.
WPA2-Password Safety In An Enterprise Network
When you try to connect to a Wi-Fi network and are asked for a password, do you ever find it hard to figure out what to do? You’re not by...
Why is EAP-TTLS/PAP Not Safe in 2024
When designing a new network, there are countless features to consider that significantly impact the organization at large. Few functions of the network impact users more than the authentication method...
Configure Microsoft GPO with RADIUS Authentication
Integrating Microsoft’s Group Policy Object (GPO) with RADIUS authentication effectively improves network security and access control. GPO enables administrators to apply policy settings for specific user groups, ensuring that individuals...
Can I Set Up Microsoft NPS in the Cloud?
Microsoft Network Policy Server (NPS) is Microsoft’s AAA RADIUS server. It authorizes and authenticates users and devices for network connections. NPS is an on-premise RADIUS server and uses the Active...
Guide: TLS Authentication and How It Works
The essence of Transport Layer Security (TLS) requires understanding two key concepts: encryption and authentication. While encryption ensures that the data transmitted between your browser and the web server is...
X.509 Digital Certificates Explained
In order to run a certificate-based network, admins need to understand how to create and configure X.509 certificates. X.509 is a cryptography standard for defining a public key certificate. X.509...
WEP vs. WPA vs WPA2- The Better Wifi Authentication
One key component of wireless security is encryption, which is the process of encoding data before it is transmitted over the air. Only authorized parties with the correct decryption key...
Analysis Of Windows On-Premise vs. Cloud PKI Servers.
The definition for a Public Key Infrastructures (PKIs) varies among cyber security professionals, but is generally considered a collection of components that give everything an organization needs to issue and...
MAC Auth Bypass In 802.1X Network: An Overview
A look at how RADIUS MAC Auth Bypass and MAC Address Filtering can help secure and manage your IoT devices.
An Overview of Server Certificate Validation in Android 13
Integrating the capabilities of two leading operating systems, Android and Windows, have been a dream for most tech-savvy enthusiasts across the globe. Microsoft is going to offer this upgrade by...
Configuring Passpoint/OpenRoaming on Android
For individuals who possess an Android mobile device, the significance of Wi-Fi connectivity to their gadget is widely recognized. In addition to cost savings, utilizing this method yields faster data...
Complete Guide to iOS 802.1X
Securely connecting iOS devices to a network can be a difficult task, especially since the Covid-19 pandemic sped up the inevitable rise of hybrid work environments. Network security must be...
How to Create Network Policies Based on Intune Device Compliance
Intune's device compliance attribute is a powerful tool for managing the devices on your network. Here's how you can turn it into a robust network policy with SecureW2.
Can you Authenticate RADIUS with YubiKeys?
As YubiKeys achieve widespread adoption, the industry keeps finding more and more uses for the powerful little device. One of the more interesting use cases for YubiKey is AAA/RADIUS authentication....
8 Top IAM Platforms
In the expanding digital environment, users are signing in from various devices such as smartphones, laptops, and tablets. Whenever a user logs in, onboards, offboards, resets a password, or changes...
Best Practices for Certificate Authority Management
An ever-growing trend in authentication cybersecurity is the replacement of credential-based authentication with certificates. Credentials are simply incapable of protecting a secure network. According to the 2019 Verizon Data Breach...
AD CS Certificate and Security Configuration Exploits
Active Directory Certificate Services (AD CS) is a critical platform in cybersecurity, providing infrastructure for managing certificates within an organization. At the heart of AD CS lies the Public Key...
Do RADIUS Servers use AD?
Do you know what facilitated back-office IT functions for any business twenty years ago? It was Active Directory, Microsoft’s user directory system. Because Active Directory simplified the task for organizations to...
The Four Stages of a Certificate Lifecycle
Digital certificates are electronic credentials that are used to authenticate the identities of individuals or devices using a particular network. It’s helpful to think of certificates with similar functionality as...
What is TLS Encryption?
Transport Layer Security is a protocol that ensures privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today and is incorporated into web...
Wi-Fi Onboarding Captive Portal Best Practices
Accessing Wi-Fi networks easily and remotely has become a critical interaction point between organizations and their remotely located users. The captive portal is at the center of this process. It...
NAC Vendors: Cisco ISE vs. Aruba Clearpass
The rise in the popularity of remote work has caused a massive portion of the workforce to stay home. This is made possible by advanced BYOD devices with top-notch technical...
How AAA Servers Work
WPA2-Personal is common in homes and cafes – a security type requiring a preshared key (PSK). But some networks cannot be secured with a password, they want a username and...
The History of RADIUS Authentication Protocol: IEEE 802.1X
The Internet has been one of our most transformative and fast-evolving technologies. According to Satista.com, the internet user base increased from 413 million in 2000 to nearly 4.9 billion in...
Troubleshooting Common SCEP Errors
Simple Certificate Enrollment Protocol (SCEP) automates certificate distribution to issue and manage network certificates for users and devices securely. SCEP protocol addresses certificate enrollment without any intervention by end users. ...
Jamf vs. Intune: The Best Way to Manage Apple Devices
The rise in hybrid work culture has increased the usage of mobile devices such as smartphones and tablets for corporate purposes. Organizations must strengthen the security of these devices to...
A Comprehensive Review of Certificate Pinning: The Challenges and Alternatives
While digital certificates undoubtedly provide a more secure authentication method than passwords, some organizations still fear the possibility that certificates can be issued to unauthorized parties. Certificate pinning is a...
A Deep Dive into the Security of WPA2-PSK
In Wi-Fi security, one protocol stands out for its widespread adoption and significant role in protecting data: WPA2-PSK. This protocol, short for Wi-Fi Protected Access 2 – Pre-Shared Key, has...
Can You Use Certificates for Single Sign-On (SSO)?
Forgetting your password is one of the worst things about the internet. Unfortunately, it is encouraged to create complex passwords, making remembering them more difficult. Consequently, a considerable number of...
[Solved] Enterprise PKI OCSP Error
Certificate Management has emerged as one of the better alternatives to avoid the vulnerabilities of credentials in modern-day cyberspace. Here’s a recent incident of a high-profile data breach involving credentials...
How Does WPA-Enterprise Secure Your Network
Securely authenticating network users is a fundamental aspect of network security and is the source of significant challenges for many network administrators. Authentication security has never been more important; In...
How To Solve the NPS Error Code 66 in Meraki?
The RADIUS server plays a vital role in the authentication within a network infrastructure. NPS (Network Policy Server) is Microsoft’s own RADIUS solution that performs a similar role of filtering...
Public Key Infrastructure- A High-Level Overview
Digital signatures are pivotal to cybersecurity. They offer a robust mechanism to verify the authenticity and integrity of a document or message. Imagine sending a handwritten letter; your signature assures...
How To Test MITM Attacks And Protect Networks
A man-in-the-middle (MITM) attack is a highly effective type of cyber attack that involves a hacker infiltrating a private network by impersonating a rogue access point and acquiring login credentials....
How To Use RadSec For A Secure Roaming Network
Integrating a RADIUS server with your network security infrastructure is a wise decision. RADIUS or AAA (Authentication, Authorization, and Accounting) servers guard your network against unauthorized access by verifying individual...
Public vs Private Certificate Authority
Certificate authorities (CAs) play a critical role in securing digital communications and data exchange. Organizations must choose between public and private CAs based on their unique security requirements, use cases,...
MacOS AD Bind Issues Post Microsoft Kerberos Update
On October 11th, 2022 Microsoft pushed an update to enforce domain controller validation for Active Directory. The purpose of this update is to shore up a security bypass vulnerability that...
Smart Cards for Identity Authentication and Access Security
Smart cards, occasionally called chip cards or integrated circuit cards (IC or ICC), are a broad family of physical electronic authentication devices. More practically, they’re physically-secured microprocessors used to control...
List of Devices Supporting 802.1x
It is hard to imagine life without Wi-Fi, both in personal or professional spaces but we can not deny that it has parallelly caused the transmission of more and more...
How to Enable Windows Machine Certificate Authentication
Whether you use Windows, macOS, or any other operating system, deploying digital certificates for your device can be the most impactful step to strengthening your network security. Digital certificates use...
Why Apple Wants You to Use ACME vs. SCEP
In this article, we will discuss the latest ACME protocol that you can use for your iOS devices for a smooth transition to digital certificates with minimum effort.
LDAP Authentication with Azure AD
LDAP (Lightweight Directory Access Protocol) authentication can confirm user identities across a network. It uses a centralized directory system for user authorization and authentication. On the other hand, Microsoft offers...
Understanding Phishing-Resistant MFA in Azure AD
On an average day, most employees have to log into numerous different applications and resources at work. The influx of applications necessary for work has led to an exponential increase...
How to Generate Root & Intermediate CAs
With 10 million attacks targeting usernames and passwords occur every day. it’s not a bad idea to drop passwords wherever possible. A proper PKI allows your network to utilize certificate-based...
What’s the Difference between RADIUS, TLS, and EAP-TLS?
There are many components involved in running a secure network. It’s very easy to get bogged down by different terminology and be confused about what exactly each component does. This...
How To Set Up 802.1X Using Azure AD
You can configure 802.1X using Azure AD by syncing it with an LDAP server or enrolling every device with an x.509 certificate.
Windows Defender Credential Guard and PEAP MS-CHAPv2
In today’s evolving world of cybersecurity, protecting data and user credentials is of utmost importance as it is the biggest threat to an organization’s security. Microsoft has implemented two security...
Active Directory Certificate Services (AD CS): Explained
There are many components involved in running a certificate-based network. You need to establish trusted servers and certificate authorities (CA), make sure devices can enroll for certificates, authenticate users, manage...
FreeRADIUS with Google LDAP: How Does it Work?
Is an authentication system built around FreeRADIUS with Google LDAP more economical? Learn the truth about this setup here.
What is the Most Secure Method of Wi-Fi Authentication?
The first layer of defense for a wireless network is the authentication process. With a strong authentication barrier, an organization can feel confident that only approved network users are able...
What is RSA Asymmetric Encryption? How Does it Work?
Encryption is the systematic process of converting plain, readable information, or data, into an unreadable format to prevent unauthorized access. This process is achieved by implementing a set of rules...
PEAP-MSCHAPv2 Vulnerability Allows For Credential Theft
In 2013, Microsoft released a report of a known security vulnerability present within Wi-Fi authentication. The 802.1x authentication protocol known as PEAP-MSCHAPv2, a widely supported standard, can be exploited to...
2024 Guide to Android Network Settings
Android network settings are critical for ensuring a seamless connectivity and security for users. These settings cover a variety of parameters controlling VPN connections, mobile data, and Wi-Fi, among other...
How to Enable MFA for Google Workspace
Cyber-attacks are becoming more sophisticated, with hackers exploiting every available option to infiltrate your network. One-step authentication methods, such as using a login ID and password, are no longer enough...
Troubleshooting Commonly Encountered Okta Sign-In Errors
Okta is one of the leading identity and authentication platforms compatible with both cloud and on-premise directories. They provide a great user experience, but sometimes you might encounter networking errors...
High Level Comparison Of User Certificate vs. Device Certificate
The popularity of digital certificates has been soaring day by day with the advancement of cloud technology. It has already replaced the traditional usage of credential-based protection in various IT...
Internal Or External CA- The Best Bet For Your Organization?
Public Key Infrastructures (PKI) are widely used by organizations because they secure communications among servers and clients with digital certificates and certificate authorities (CA). Certificates are a combination of cryptographic...
SHA-256 vs. SHA-1: Which Is The Better Encryption?
Sending information in clear text over the air is a tremendous risk in today’s complex cybersecurity environment. Hackers constantly evolve attack vectors to target sensitive data in transit, but encryption...
Your Guide To Renew Certificates On Microsoft CA
Organizations can leverage digital certificates to build a robust network, as certificates use public-private key encryption to encrypt information sent securely over-the-air. Managing digital certificates for a smaller organization is...
How To Enable RADIUS CBA On Google Workspace?
If the cybersecurity community could be compared to a court, the jury has reached its verdict: it’s time to move past outdated pre-shared keys as a means to network authentication....
An Overview Of RADIUS Certificate-based Authentication
With an increasing number of cybersecurity risks and the necessity for secured access to network resources, organizations are implementing various authentication methods. RADIUS certificate-based authentication is one of these techniques,...
MAC Spoofing Attacks Explained: A Technical Overview
New cyberattacks and breaches are reported every day in our news feeds. Cybercriminals target people as well as large corporations and other businesses. One of the many techniques hackers employ...
Does LDAP work with Entra ID? Yes and No
To make a long story short: Microsoft offers the ability to sync Azure AD (Microsoft Entra ID) with an LDAP server, which can suffice as a short-term solution. This means...
Microsoft Intune Enterprise Wi-Fi Profile Best Practices
Microsoft Endpoint Manager (Intune) is a stellar MDM that we frequently encounter in managing managed devices, especially when the enterprise size is large, and we need to have centralized control...
SCEP( Simple Certificate Enrollment Protocol): A Complete Guide
Distributing certificates to managed devices can be a monumental task with a lot of moving parts that need to be accounted for: PKI integration, establishing a gateway, configuration policies, certificate...
AD CS Certificate Templates: Security Best Practices
Microsoft AD CS allows administrators to establish their domain’s CA to deploy a digital certificate with Microsoft PKI Infrastructure. To properly run their PKI infrastructure and after establishing their hierarchy, administrators...
A Complete Guide To Wi-Fi Security
In the modern world, it seems as though it would be nearly impossible to function without access to the wireless internet. People everywhere rely on Wi-Fi for everything from entertainment...
How To Configure 802.1X for Ubiquiti UniFi
In an era where network infrastructures must run smoothly, protecting sensitive data and securing connections is crucial. Ubiquiti UniFi is a market leader in networking solutions, providing a dependable and...
A High-Level Overview of Windows 802.1x Authentication
802.1X is a network security protocol that enhances the security of a network by requiring authentication before granting access, preventing unauthorized network access. In Windows environments, 802.1X is widely employed...
Windows Access Control: ACL, DACL, SACL, & ACE
Read this to know more about access control list and its components and the best way to secure your enterprise network.
How to Resolve NPS Reason Code 22
Remote Authentication Dial-in User Service (RADIUS) is integral to network infrastructure, especially for authentication, authorization, and accounting (AAA) purposes. NPS (Network Policy Server) is Microsoft’s RADIUS server, replacing its age-old...
Certificate Signing Requests: Explained
X.509 digital certificates use the X.509 Public Key Infrastructure (PKI) to certify a public key to a user, device, or service identity embedded in the certificate. A PKI encapsulates the...
Why You Shouldn’t Use NPS with Azure AD (Microsoft Entra ID)
Since cloud-based solutions are becoming the norm today, knowing how different identity and access management tools work together and what they do is important. This article details Microsoft NPS (Network...
[Solved] Wi-Fi Security Certificate Error
Functioning in the current world would be virtually impossible without access to wireless internet or Wi-Fi. Wi-Fi is used by people all over the world for everything from entertainment to...
Resolving SCEP Certificate Enrollment Initialization for Workgroup Error
Utilizing MDMs to establish a highly secure environment is an excellent safeguard for mitigating user error risks and developing consistency in device management. This common practice amongst enterprises is a...
Configuring SCEP Profiles in Intune: A High-Level Overview
Nowadays, network admins have started to come around to the benefits of digital certificates, which is a justified response given the superior cryptographic protection compared to traditional passwords and usernames....
EAP-TLS vs. EAP-TTLS/PAP
Choosing the right authentication protocol is more than a matter of security. Authentication is the critical check ensuring only rightful users can access certain data or networks. The decision between...
8 WiFi Hacks: How They Work and Preventive Measures
Our lives now wouldn’t be the same without an internet connection, and WiFi networks give us quick and easy access. Nonetheless, hackers find WiFi networks a desirable target due to...
What is NAS-ID?
The Network Access Server (NAS) is the frontline of authentication – it’s the first server that fields network authentication requests before they pass through to the RADIUS. The NAS Identifier...
How To Revoke Certificate in Windows (AD-CS)
Digital Certificates are an integral part of a Public Key Infrastructure (PKI) and cybersecurity as a whole. The certificates can encrypt communications and authenticate the identity of users and machines....
Complete Guide to MacOS 802.1X
Implementing robust authentication protocols is paramount in today’s hyper-connected digital environment, where data security and network integrity are paramount. MacOS 802.1X authentication stands out among these protocols as a crucial...
WPA2 vs 802.1X: What’s the Difference?
Nowadays, there are numerous methods and types of encryption used to secure networks. Businesses should look beyond using WPA2-PSK, which isn’t secure enough for their needs. It’s easy to get...
How Does SSH Certificate Authentication Work?
Secure Shell (SSH) certificate authentication provides a robust method for authenticating users and hosts connecting to an SSH server. As a protocol, SSH prevents unauthorized parties from accessing systems remotely....
How to Configure RADIUS on Windows 2016: A Detailed Guide
A WPA-2 Enterprise network is incomplete without a RADIUS server, thanks to its triple role of Authentication, Accounting, and Authorization (AAA). Any robust network security demands all three functions for...
What to Expect When You’re Adopting the JoinNow Platform for BYODs
If we were to define our platform briefly, we’d say that SecureW2 makes it easier to transition to passwordless security by providing an easy Public Key Infrastructure (PKI) and RADIUS...
What to Expect When You’re Adopting the JoinNow Platform for Managed Devices
In a nutshell, SecureW2 helps organizations achieve passwordless network access by providing a managed Public Key Infrastructure (PKI) and RADIUS service. These two core products work together to empower wired...
EAP-TLS Explained: How It Works and Why It’s Secure
Extensible Authentication Protocol–Transport Layer Security (EAP-TLS) is an IETF open standard defined in RFC 5216. More colloquially, EAP-TLS is the authentication protocol most commonly deployed on WPA2-Enterprise networks to enable...
RADIUS Events Logs: How to View and Access Them
RADIUS servers are often called AAA (authentication, authorization and accounting) servers because they perform each of those three functions. Accounting – which refers to the process of tracking events as...
A Complete Guide to Configuring RADIUS on Windows 2019
The term “RADIUS server” will probably be mentioned at some point in any conversation regarding wired or wireless authentication. Within a WPA-2 Enterprise network, RADIUS (also referred to as a...
Understanding Mutual TLS (MTLS) Authentication: How It Works
Mutual TLS, or mTLS, is a trending talk of the town, especially regarding cryptographic encryption in general. Since you’re here, there’s a good chance you’re concerned about the network at...
A Complete Guide to Configuring Microsoft RADIUS Server
Need a solution for your network authentication, authorization, and accounting (AAA) requirements? RADIUS has been around for decades, used by thousands of organizations. Without a RADIUS server, authentication would have...
Network Segmentation Best Practices
VLANs are a great way to increase security because they reduce the risk of threats spreading throughout the network. A threat can quickly move around the network if users/devices are...
Smart Card Authentication with Active Directory
Chances are, your work requires you to have logins and passwords for multiple resources. On top of that, you probably have to update your password regularly, ensuring that each new...
How to Build and Set Up Your Own PKI
A Managed Public Key Infrastructure (PKI) is a vital part of any comprehensive network security strategy. It allows you to use digital certificates for authentication, a form of credential that’s...
802.1X EAP-TLS Authentication Flow Explained
For many organizations, the IEEE 802.1X authentication mechanism for Port-Based Network Access Control is the first line of defense against outside attack. It’s also one of the most commonly targeted...
Server Certificate Validation with Android 12 Devices
Cyber-attacks have grown stronger over the years and are able to easily bypass the rudimentary security standards provided by the username/password mechanism. If an organization relies on passwords for network...
WPA3: The Ultimate Guide
The network type Wi-Fi Protected Access (WPA) has been upgraded once since its inception in 1999. In 2004, it was replaced by WPA2, which has stood as the standard for...
Android 11 Server Certificate Validation Error and Solution
*Updated Feb 2021 The dust has settled on the Dec 2020 Android 11 update and, for better or worse, the effects on network authentication have not been as drastic as...
Should WPA2-Enterprise Be Used For My Home Network?
Securing home wireless networks has never been as important. An increase in remote work requires more people to handle sensitive business data at home. On top of this, our lives,...
EAP-TLS vs. PEAP-MSCHAPv2: Which Authentication Protocol is Superior?
Ensuring network users are able to securely authenticate to the wireless network is paramount to the overall safety and security of your organization. So many attacks are aimed at exploiting...
How to Manage Certificates with Intune (MEM Intune)
Network administrators often feel certificate management to be challenging at times, especially in finding the right PKI for certificate deployment. They either end up paying for a pricey PKI...
RADIUS Accounting Best Practices
RADIUS is a crucial networking protocol best known for centralized authentication, authorization, and accounting (AAA) administration. The final “A” in AAA signifies accounting, a fundamental aspect of network management. Network...
AAA Server Best Practices
An AAA server processes user requests for access to computer resources and provides an organization’s authentication, authorization, and accounting (AAA) services. The AAA server typically interacts with network access, gateway...
What Is Apple Captive Network Assistant?
Maintaining a safe connection is of the utmost importance in the hyper-connected world we live in today, where we use the internet for almost everything. Yet, the security of public...
How Does Wi-Fi Certificate Authentication Work?
Wireless network security is of the utmost importance in the rapidly evolving digital world. Wi-Fi certificate authentication has become a vital option that not only makes networks safer but also...
Network Security Basics—Definition, Threats, and Solutions
The adoption of remote work, cloud computing, and integrated IoT devices leads to complexities of securing computer networks and network security infrastructures. The evolution of cyber threats—from sophisticated malware attacks...
How to Use IEEE 802.1x Authentication for a Wired or a Wireless Network
IEEE 802.1x authentication is a standard for port-based network access control. It essentially requires devices to authenticate themselves before gaining access to network resources. This standard is versatile, working seamlessly...
Using VLANS to Keep Students off the Staff Network
Keeping your students off the staff network is among the daily challenges IT administrators face monitoring their domain. Especially as we continue to integrate technology with education, many institutions are...
How to Set Up AD CS PKI Certificates with Jamf
As credential-based authentication becomes increasingly insecure, many organizations see the benefit of moving to passwordless security methods such as digital certificates. Implementing certificates, however, requires the implementation of a Public...
Network Access Control: Explained
Network Access Control (NAC) is an advanced cybersecurity measure designed to regulate who, what, and how entities gain access to network resources. As the traditional security perimeter is no longer...
What is Port-Based Network Access Control (PNAC)?
Network security is one of the important factors for organizations of different sizes. As cyber threats evolve, authorized access to network devices and critical resources becomes very important. Port-Based Network...
How to Monitor Network Traffic: Best Tips for IT Pros
Network traffic monitoring is essential for IT professionals to protect the company’s environment against potential vulnerabilities. It tracks data movement across different networks, ensures the network operates efficiently and identifies...
How to Configure 802.1x Printer Authentication?
When organizations establish their IT infrastructure, it’s essential to protect it, including network-connected devices and wired and wireless access points. Printers often fly under the radar among these devices regarding...
How is a Smart CAC Card Used in A PKI?
Public Key Infrastructure (PKI) is one of the most robust methods for safeguarding sensitive information, particularly within the Department of Defense (DoD) ecosystem, where it secures sensitive data and communications...
What is PKI-as-a-Service (PKIaaS)?
Public Key Infrastructure (PKI) keeps data secure, authenticates identities, and ensures end-to-end encryption. It plays a vital role in securing digital communications and involves a set of roles, policies, hardware,...
What Are Wildcard Certificates?
SSL certificates (Secure Sockets Layer) and their successor TLS certificates (Transport Layer Security) are critical for establishing secure communications over the Internet. They authenticate the identity of a website and...
What is a Hardware Security Module (HSM)?
Data security has never been more critical. Hardware Security Modules (HSMs) are pivotal in safeguarding the cryptographic infrastructure of numerous global enterprises. HSMs have come a long way, from niche,...
4 Ways to Secure Wi-Fi Connectivity
Wi-fi networks are ubiquitous as more and more users connect to networks remotely for work, access data and applications, and manage IoT devices. As their popularity grows, so do the...
What is a PKI Token?
Today’s world relies heavily on online interactions, such as collaborating with family, friends, and colleagues on social media or checking our bank accounts. However, this ease of use raises security...
What is a DoD PKI?
The Department of Defence Public Key Infrastructure (DoD PKI) is a vital component in strengthening the Department of Defense’s (DoD) digital communications and data-sharing infrastructure. Fundamentally, DoD PKI is an...
Understanding PKI Certificates
Imagine conducting important business online without identifying the person you’re interacting with. It would be like handing sensitive documents to a stranger on the street; every login would be risky....
Mitigate the Risks of a Pre-Shared Keys-Based Network
Wi-Fi security is designed to safeguard data as it traverses the airwaves in wireless networks. Wi-Fi Protected Access (WPA) emerged as a response to the glaring deficiencies of its predecessor,...
Should I Install AD CS on Domain Controller?
IT administrators must decide on network security: should they install Active Directory Certificate Services (AD CS) on a Domain Controller (DC)? Microsoft PKI (Public Key Infrastructure) solutions are the cornerstone...
Everything You Need to Know About SecureW2 Deployment
Relying on passwords alone to safeguard access to your resources (including Wi-Fi, applications, and email security) is no longer secure. Cyber attacks designed to harvest credentials become increasingly complex by...
A Deep Dive into PKI Certificates
Corporate data, social media pages, applications, and user data are crucial assets of an organization, and any theft or misuse of these could lead to huge financial losses. They not...
What is WPA Authentication?
The ubiquity of Wi-Fi networks in today’s world has made them popular targets for cyberattacks, especially if they rely on vulnerable mechanisms like passwords. In a 2021 study, security researchers...
Introducing WebAuth Wi-Fi with Cloud IDPs
It’s no secret that open Wi-Fi networks are infamously insecure, and Pre-Shared Key (PSK) networks aren’t much better. If you tie your organization’s Wi-Fi to a single password and more...
LEAP Authentication and How It Works
Wi-Fi connection integrity is critical for organizations securing sensitive data or individuals protecting personal information. This requirement has created many authentication methods, each attempting to balance usability and security. LEAP...
2024 Security Analysis of PEAP-MSCHAPv2
These days, wired and wireless (Wi-Fi) networks are ubiquitous. Organizations need these connections to perform critical business functions, but these connections are susceptible to various ever-evolving cyber threats. As a...
How to Authenticate to VPN with EAP-TLS
In today’s world, VPNs (Virtual Private Networks) are very important for individuals and small and large-scale business owners. However, utilizing a VPN can be tricky due to some common difficulties...
A Comprehensive Guide to the EAP Protocol in Networking
Network security is crucial in the modern digital world, where wireless communication is commonplace. Security risks such as unauthorized access, data eavesdropping, and network breaches can affect wireless networks. Because...
WPA3 vs WPA2: What’s the Difference?
The standards used to protect wireless/Wi-Fi networks have evolved over the years to keep up with emerging threats and protect sensitive data. WPA2 and WPA3 are some of the more...
Kandji Enterprise Wi-Fi Profile Settings Guide
With a focus on centralized control of Apple devices, Kandji stands out as an innovative leader in modern enterprise management. IT managers can easily automate device deployment, enforce security policies,...
Best Wi-Fi Security Settings MacOS
In a world driven by digital connection, safeguarding the security of our Wi-Fi networks is critical, especially for Mac users. Despite its strong standing, the macOS environment is not immune...
What is an X.509 Digital Certificate?
X.509 certificates are forms of identification that leverage public-private key cryptography. They are a secure replacement for passwords.
How To Prevent Man-in-the-Middle Attacks
Man-in-the-middle attacks (MITM) or on-path attacks are becoming common and complex. Organizations are putting in a lot of effort to mitigate these risks to no avail. Phishing kits are freely...
Configure Google SCEP Certificate Automatic Enrollment Profiles
Certificates are far superior to credentials and mitigate many vulnerabilities associated with pre-shared keys. They enhance the user experience by facilitating network access and removing password-related friction induced by password...
What is a Jamf Push Certificate?
Do you use Apple devices in your work infrastructure? Then you’ve probably heard of Jamf. Jamf Pro is one of the most robust and feature-dense solutions for managing Apple devices....
Risk of Public Wi-Fi
Public Wi-Fi is any network other than your home or work network and is commonly found in places such as airports, malls, coffee shops, hotels, and restaurants. It allows users...
Configure Azure AD Continuous Access Evaluation for RADIUS
Continuous Access Evaluation (CAE) is an essential security feature in Azure Active Directory (Azure AD) that constantly monitors and evaluates user access to resources. Through CAE, Azure provides a proactive...
Configuring Azure AD CBA with Conditional Access Policies
Conditional Access Policies, the If-Then statements available in Microsoft Azure AD (Entra ID), enable a much more granular level of access control over the resources managed with Azure AD /...
What is Certificate-Based Authentication?
An IBM study says that stolen or compromised passwords are the most common reason for a data breach. Let’s be honest, usernames and passwords aren’t a good way to prove...
What is Cryptographic Agility and Why Does it Matter?
Cryptography is a cornerstone of securing information systems. It involves encoding data to ensure only authorized parties can access it. By converting data into an unreadable format, cryptography protects sensitive...
What is Secure Sockets Layer (SSL)?
Security over the internet has drastically improved in the few decades that the internet has been widely available. The average user doesn’t realize how much goes on behind the scenes...
Invoking Device Trust with Intune as MDM
Imagine you are a parent working from home, and your child accidentally spills a drink on your work laptop. You have an approaching work deadline, so you finish it on...
AD CS: Domain Escalation Attack Scenario 1 (ESC1)
Active Directory Certificate Services (AD CS) is an essential tool for domain administrators to enhance network security, ensuring secure communication, code signing, and user authentication. Organizations can leverage the 802.1x...
Simple, Practical Security Guidance for AD CS
In 2008, Microsoft released the Active Directory Certificate Services(AD CS) feature to allow Administrators to manage their own Public Key Infrastructure and their Remote Authentication Dial-In User Service(RADIUS). This paved...
Transport Layer Security (TLS) Explained
Protecting and encrypting communications online is vitally important as there are countless attempts made daily to intercept them for nefarious purposes. From securing a bank transaction to protecting an authentication...
Overview of LDAP For Today’s Cloud Environment
Lightweight Directory Access Protocol (LDAP) is an integral component of digital identity frameworks, providing an open and cross-platform protocol used for directory service authentication. It provides a systematic method for...
LDAP Injection Attacks: Explained
LDAP also known as Lightweight Directory Access Protocol, is an essential utility in network settings that facilitates getting hold of data about organizations, individuals, and resources. LDAP is commonly used...
What is a PKI (Public Key Infrastructure)?
The use of a Public Key Infrastructure (PKI) by an organization demonstrates a dedication to cybersecurity. It enables passwordless authentication, encrypted communication, and it has been listed by organizations such...
Jamf RADIUS Server Best Practices
For small and medium-sized enterprises, coordinating employees’ iPhone, iPad, and Mac devices may distract you from your primary responsibilities. Jamf assists businesses in addressing this issue. The affordable cloud-based solution...
MDM Security Best Practices
In the current digital environment, the proper management and security of devices within organizations are of the utmost importance. Mobile Device Management (MDM) solutions enable organizations to manage “managed devices”...
PEAP Exploit Explained
An enterprise needs a safe, secure, and proper network infrastructure implementation to ensure a functional business environment. The Protected Extensible Authentication Protocol (PEAP) is a form of EAP protocol used...
Student BYOD Wi-Fi Security Solutions
It wasn’t too long ago that accessing a school network meant logging onto a stationary desktop in a computer lab. In today’s IT environment, however, more and more devices are...
How to Connect to Passpoint Wi-Fi on iOS
In a nutshell, Passpoint is a protocol developed by the Wi-Fi Alliance that allows users to connect securely to a Wi-Fi hotspot. Designed to operate like roaming works for cellular...
802.1X Port Security Simplified
Did you know that the cost of data breaches reached a whopping $4.35 million in 2022? Data breaches cost organizations a lot in penalties and lost business opportunities. Almost 68%...
Are Password Managers Secure?
Everyone uses numerous accounts on the internet these days. Take yourself as an example; you most certainly have a minimum of one social network account, one email address, one for...
Layer 2 Attacks that Defeat PSK Networks
Move away from traditional PSKs to digital certificates and protect your network from Layer 2 attacks. Know more here!
How to Fix the “X.509 Certificate Signed by Unknown Authority” Error Code
X.509 digital certificates are a fantastic way to encrypt communication and authenticate into systems, but they require a little more infrastructure to support than your typical username and password credentials....
Why You Should Protect Your Local Area Network, Even if You’re Cloud-Based
Ensuring the security and integrity of a business’s data and network infrastructure is of utmost importance, and thus safeguarding the local network is imperative. The Wi-Fi network serves as the...
Passwordless Authentication: Explained
Do you want to move to effective Passwordless authentication solutions? Read to find out how a robust passwordless solution can enhance your network's security.
Securely Eliminate MFA with Azure AD CBA
Hackers acquired the personal data of over 37 million T-Mobile users, including names, dates of birth, Social Security numbers, and driver’s license information, in a recent incident that featured a...
Using Certificates for Granular Application Access with Microsoft Defender
The cloud presents an enticing opportunity for businesses – it makes important resources available anywhere, allows them to offshore the cost of storage, and can even save them on hardware...
Microsoft Network Device Enrollment Service: Do You Need It?
In this article, we will discuss NDES, its importance in network security, and its benefits for managing devices in an enterprise environment.
Implement Microsoft Passwordless Authentication With Azure AD CBA
In this article, we’ll cover precisely what Microsoft Authenticator App is and how you can quickly onboard to digital certificates.
How to Improve Device Identity Context for Network Security
Protect your network from security breach by getting more visibility over your unmanaged and BYOD devices. Device Identity Context can help you improve network security. Continue reading to know more.
How Digital Certificates Enable Secure Single Sign-On (SSO)
Users in an organization typically need access to many applications to assign and complete their tasks, access email, write code and communicate with each other. Multiple apps require multiple sets...
Configure Client Certificate Authentication with OneLogin
Configure Client Certificate Authentication on OneLogin and enforce Zero Trust Policy and make your network secure.
Configure Client Certificate Authentication with Ping
As many organizations shift to the digital mode in the post-pandemic era, there is an exponential increase in cloud-based network solutions. Surprisingly, numerous cutting-edge wireless technologies, such as 5G, virtual...
Automated Certificate Management Environment (ACME) Explained
Want to understand what Automated Certificate Management Environment (ACME) Explained is all about? Read this to know more.
JAMF vs. Kandji: Apple MDMs compared
Read and compare JAMF and Kandji as Apple MDM solutions here.
Portnox CORE vs. Cisco ISE: NAC Comparison
Read about two popular NAC solutions ad pick out the best one for your organizational needs.
How to Set Up Passwordless Authentication on Chromebook
Many enterprises are planning to shift towards passwordless authentication for their managed Chromebooks. Passwords have been proven to be a weak form of security, so it’s in everyone’s best interest...
Identifying Network Issues with 802.1X
Open SSIDs don't offer the degree of troubleshooting visibility 802.1X does. Here's how 802.1X helps you troubleshoot network issues.
Enrolling Devices for Certificate Auth for OneLogin Device Trust
Amidst uncertainties in times of war, hackers have frequently upgraded their attack modes and penetrated almost every industry you can think of. The Australian cyber-security head has admitted reporting one...
7 Critical IAM Tools
As an organization, you know there are a lot of factors to consider when provisioning network access to employees. You need to ensure that the users are who they claim...
Cloud RADIUS for Wi-Fi Authentication
A survey found that 74% of IT decision-makers whose organizations have been breached in the past say it involved privileged access credential abuse. While Wi-Fi revolutionized networking during the transition from...
IAM vs PAM
IAM and PAM explained and how the right implementation of the two solution can help make your network security secure from cyberattacks
What the Windows 11 TPM Requirement Means for Microsoft
Cyberspace is a rapidly evolving world, and in order to keep up with the pace, tech organizations must evolve at a similar speed. The cyber performance enterprise Riverbed recently analyzed...
Google Cloud Certificate Authorities Service Alternative
The digital world has been on a growth spurt for the past few years as more and more devices have come into being. An average user has at least two...
Updating Your Network Access Control After a Merger or Acquisition
Updating your network access control after mergers doesn't have to be hard. With the right cybersecurity tools, your NAC can emerge better than ever.
MFA Options for Cyber Insurance Requirements
More cyber insurance providers require MFA. But why, and what other cyber insurance requirements should you prepare for?
Best Practices for Enrolling Users for WPA2-Enterprise
Wifi is essential in daily life and is critical for any business today. At home, we use a single static password to protect your wifi. This security is called WPA2-Personal....
FreeRADIUS vs. Jumpcloud
As technology progresses, hackers have constantly upgraded their modes of attack, which include social engineering techniques to compromise the network space of an organization. Here’s a recent incident of a...
Configuration Guide: Windows RADIUS Server 2012
Anytime there’s a discussion about a wired or wireless authentication, it’s probable that the word “RADIUS server” will come up sooner or later. RADIUS, also known as a “AAA server,”...
HIPAA Compliant Wireless 802.1X
The Health Insurance Portability and Accountability Act (HIPAA) has impacted the way healthcare organizations operate since its introduction in 1996. Its goal, ultimately, was to protect patient data by imposing...
Azure AD Conditional Access with 802.1X
The post-pandemic world is witnessing an exponential surge in cloud-based network solutions as many businesses transition into digital mode. Interestingly, many cutting-edge wireless technologies like 5G, virtual reality, and AI...
Device Authentication with User Attributes for Cloud Directories
When users and devices authenticate to your network, you should ideally have as much information from them as possible to make context-rich security decisions. Certificate-based authentication (CBA) empowers administrators to...
Auto-Enrolling Certificates in Jamf
Digital certificates have become the backbone of safe access in Apple environments, and Jamf is still the top platform for managing Macs, iPhones, and iPads at scale. By integrating Jamf’s...
Digital Signatures: Explained
An effective Zero Trust architecture is built on a foundation of identity context. Digital signatures support a Zero Trust initiative by cryptographically assuring the identity of the signee, answering questions...
[Solved] Okta Sign-in Error
Okta is one of the leading identity and authentication platforms compatible with both cloud and on-premise directories. They provide a great user experience and support, but you may still run...
Cloud 802.1x Explained
What Is Cloud 802.1x? An 802.1x network is unique in one major way; it uses a Cloud RADIUS server as a means of authenticating users. The Cloud RADIUS checks a...
What is Certificate Lifecycle Management?
Using X.509 digital certificates for authentication is an immediate and significant upgrade to credential (password) authentication, but it requires proper support infrastructure. Certificate Lifecycle Management systems (CLM/CLMS), also called Certificate...
The Anatomy Of An X.509 Digital Certificate
Digital certificates are frequently used in the online world as a means of identification. The information embedded in the certificates lets anyone verify the identity of an entity with the...
Code Signing with Digital Certificates: Explained
Imagine you’re installing an application and a pop-up like the screenshot above comes up. How can you be sure that the application you’re about to download is really safe? The...
Intune vs. Workspace ONE: The Best MDM for Windows Devices
The technological advancements in the last decade have evolved the use of mobile devices such as smartphones and laptops in the corporate world. Before the pandemic, some organizations were skeptical...
Foxpass RADIUS vs. Jumpcloud RaaS
Network authentication has evolved in lockstep with the development of software over the years. The networking protocols considered secure just a few years back have not withstood the test of...
This Security Flaw is Preventing Organizations from Switching to Azure AD
The migration from on-premise to cloud-based network infrastructure is becoming more and more common. With better security, scalability, and user experience, the benefits of the cloud cannot be denied. For...
Top 3 Tips for Enrolling Chromebooks with AD CS
There has been a huge increase in the use of wireless devices to connect to organization’s secure networks and it’s created a new security challenge for network admins. Securely connecting...
Cloud-Hosted LDAP is Vulnerable with Credentials
Organizations are always looking for a new strategy to increase the convenience of using their network without compromising security. As a result, many have sought out cloud solutions. Read here...
Can I Use Google Secure LDAP for Wi-Fi?
LDAP’s importance cannot be denied. As a protocol, it has greatly simplified the directory search process. Unfortunately, as time goes on, LDAP has begun to grow outdated, especially given its...
Why a Managed PKI (MPKI) is Probably Right for You
If you’ve decided to make the move to secure certificate-based authentication, one of the first things you need to figure out is whether you’re going to build your own Public...
What Is Certificate Management?
When considering the importance of authentication security and establishing device trust to protect your network, it’s no wonder organizations are moving away from credentials in droves. A solution that many...
Can PKI Replace Passwords?
There is a new trend that’s taking the IT world by storm: Passwordless Authentication. NordPass estimates that the average user has between 70 and 80 passwords. That’s why people so...
Combining FIDO2 and PKI: Supporting All Your Applications
The world of IT is constantly evolving. This is true due to both advancements in technology and the emerging remote work landscape of the world. Remote work is now commonplace...
What is a Hardware Security Module?
More than ever, businesses and organizations have a responsibility to secure their data. Highly adaptable organizations have begun to implement a PKI as a means to upgrade network security. According...
How To Utilize PKI Certificates
Using a Public Key Infrastructure (PKI) is a great step for any organization choosing to prioritize their network’s security. The primary purpose of a PKI is to manage the public...
How to Address MAC Randomization for Cloud Networks
Mac Address Randomization is an increasing trend among device manufacturers that are quickly becoming the industry standard. While it can help in reducing the risks of data breaches and spying...
Is Okta A RADIUS Server?
A RADIUS server operates through connecting to a central database to inform who is allowed to connect to your network. It is a simple and easy-to-configure authentication solution that cannot...
How to Deploy Okta Device Trust on Windows
Device Trust is a concept in cybersecurity with a relatively simple premise; if a device can prove its identity, it can be trusted to have greater access to resources. If...
5 Reasons AD CS Is Not A Complete PKI
Credential-based authentication is the most common form of authentication that everyone is accustomed to. But with most decades-old technologies, credentials are woefully ill-equipped to face modern security threats. While multi-factor...
Top 4 Network Security Tips for Returning to School
The rapid and unexpected transition to remote learning led many schools to scramble for solutions to a new teaching experience. This led to many schools being forced to stretch their...
Google Workspace Network Security Best Practices
Considering the massive amount of revenue loss that can occur with just a single security breach and the continued prevalence of cyber attacks, organizations need to be emphasizing network security...
Should I Bind Non-Windows Devices to Active Directory?
Digital certificates are starting to take over as the preferred method of network authentication because of their proven superiority to passwords in security and user experience. Many organizations are wanting...
Comparing: OAuth, OpenID Connect, and SAML
Properly protecting a network requires administrators to make numerous decisions about their security. Knowing what protocol or system to implement at what stage is paramount to network safety. With Cybercrime...
OAuth Vs. OpenID? Which is better?
Authorization and authentication processes need to be more solid and safe than ever. OAuth and OpenID are two well-known names in this field. Before we get into the OAuth vs....
Using Object Identifiers In PKI Management
Management of a PKI can be a full-time task for an IT team. Ensuring network users are able to authenticate to a secure network, easily maintaining their network identity, providing...
Configuring MFA with AD FS
It’s widely held knowledge that using a single factor for authentication to wireless networks is less than secure and easily exploitable by hackers. Many organizations recognize this and utilize Multi-Factor...
Tying IP Addresses to Azure Active Directory Users
Effectively tracking and managing identity context is one of the most important aspects of a secure Azure-based network. Without accurate identity context, it’s near impossible to determine if someone is...
Everything You Need to Know About FIDO2
Security Keys are a method of authentication that is becoming increasingly more commonplace due to the additional layer of security they provide. They are a versatile security component that can...
I Have Active Directory, How do I Move to the Cloud?
It’s no secret that organizations are making the transition to cloud-based network environments. This is especially true considering the dramatic increase in remote work due to the global pandemic. Network...
What is the Android Trusted Credentials Store?
Similar to Windows and macOS, Android devices need a system in place in order to determine if a certificate issued by a particular Certificate Authority (CA) is trusted. How does...
MacOS Smart Card Services
Smart Card usage has been on the rise for a variety of different reasons, but undoubtedly the most prominent is for their identity management capabilities. Cybersecurity-oriented organizations are taking advantage...
Zero Trust Strategy Best Practices With AD CS
Zero trust is a burgeoning security practice among cybersecurity-focused organizations. The main concept behind zero trust is limiting a user’s resources to only what they need access to. For example,...
Private Key Attestation on macOS
Key attestation is a necessary part of creating valid X.509 digital certificates. Asymmetric cryptography requires that the client be able to prove its identity by attesting to the secure creation...
The NPS Extension for Cloud Authentication
Authentication security is an incredibly diverse field with countless options for organizations to choose from. How to authenticate your users to a secure network is a difficult decision to make...
Setting up Secure BYOD Wi-Fi for K-12 Students
The days of getting in trouble for bringing technology into class are long gone. Many school districts actually rely on students to bring their own devices in order to incorporate...
YubiKey Automatic Programming Software (Works with PIV)
YubiKeys are an easy way to significantly improve authentication security and, with digital certificates, can even provide a high degree of identity assurance. However, the native Yubikey configuration and personalization...
3 Hidden Costs of an On-Prem CA
A certificate authority is a requirement for many organizations, whether for customer-facing products or internal security protocols. One of the first decisions to make regarding a Public Key Infrastructure (PKI),...
How To Use Google Wi-Fi Without Active Directory and NPS?
While technology changes rapidly, one constant is the use of Google and its spread across all facets of business technology. But how people connect to Google services and how they...
Simplify Certificate Enrollment with AD CS
Many organizations recognize the inherent cybersecurity weakness of credential-based authentication and have made the switch to certificates as a result. The decision to move away from reliance on credentials is...
Securing VPN Authentication with AD CS
The rise in remote working has been increasing since the dawn of the digital age, but the increase has seen an especially massive jump since the outbreak of the COVID-19...
Assigning Network Access Policies Based On SSID
Using network access policies to segment users into VLANs with appropriate permissions is a core part of every organization’s identity and access management (IAM) strategy. More options to customize access...
How to Secure 802.1X for Remote Workers
Though remote work wasn’t started by the Covid-19 pandemic, it has increased drastically to the point that working from home will be commonplace for many workers. Unfortunately that leaves organizations...
What is Always On VPN?
The rise in remote working has steadily increased with new innovations in technology, but has seen a massive increase since the Covid-19 pandemic. Companies the world over have sent their...
How To Properly Delete a Certificate Authority
Securing communications via digital certificates is among the most secure processes used by organizations today. The use of public key cryptography makes certificates uncrackable and can be used to protect...
What is OpenXPKI?
Deploying digital certificates for internal and external use is a growing trend throughout countless industries. Of course, as more people convert to using certificates, they find that using the proper...
The Best Private CA / PKI Service
The use of certificates for network security is rapidly increasing due to their superiority over all other authentication methods. They’re incredibly versatile and can enable authentication customization that far surpasses...
What is a AWS Private CA?
Private certificate authorities (CA), also known as enterprise CAs, are CAs specifically meant for internal use. They are self-hosted and therefore not trusted externally. The usual use cases come from...
Issuing Certificates to Corporate-Owned Devices with Okta
Large organizations face a common problem when it comes to authentication: managing a variety of credentials for an assortment of different web applications. Each different application requires a unique set...
What is Certificate Revocation?
The average number of certificates an organization needs to manage grew 43 percent in 2020, so having a good certificate management system is paramount to success for any enterprise. SecureW2’s...
How to Setup Microsoft Enterprise PKI
The definition for a Public Key Infrastructures (PKI) varies among cyber security professionals, but is generally considered a collection of components that give everything an organization needs to issue and...
How to Issue a Certificate from a Microsoft CA Server
Now that we’ve learned passwords are not a secure form of authentication, organizations are implementing digital certificates, which provide stronger security and can be leveraged for more efficient network authentication....
A PKI is the Foundation for Zero Trust Network Security
The IT industry is evolving rapidly, with new technologies, devices, and systems introduced regularly. Organizations are regularly having to update and upgrade their environments regularly to keep up with the...
Running PKI-as-a-Service
Creating and operating a certificate-based network is no simple task. Without a highly knowledgeable staff that is well-versed in certificate management, an organization can get bogged down in integration, configuration,...
SolarWinds Compromise
Earlier this month, SolarWinds was breached by (who experts theorize to be) the hacker Russian organization, Cozy Bear. This attack has left 18,000 organizations potentially compromised with 250 of which...
Top 3 Pitfalls of Authenticating with OAuth
What is OAuth? Let’s demystify OAuth by starting with a definition. At its core, OAuth provides clients secure access to a server’s resources on behalf of a resource owner. OAuth...
Maximizing an Internal Windows Certificate Authority
Maintaining a secure network that is easily accessible for users within an organization is more difficult than ever. As cybersecurity technologies improve to address current threats, malicious attackers continue to...
Managing an Internal CA
When considering the failures of credential-based authentication, it’s no surprise that many security-conscious organizations have been upgrading to certificates for authentication. One of the benefits of certificates is the flexibility...
Managed Certificate Authority Services
What is a Certificate Authority? A certificate authority (CA) is an entity that distributes digital certificates. These certificates cryptographically tie an identity to a public key, ensuring that individuals online...
How to Configure Azure AD Attributes on Certificates
Attribute mapping in Azure AD (Microsoft Entra ID) is easier than you might think. With a simple SAML application, you can use customizable Azure attributes to enforce dynamic policy options...
Using Okta to Implement Zero Trust Network Access
Zero Trust is a cybersecurity concept that is being implemented by many security-conscious organizations to combat the external and internal threats they face. At its core, the purpose of Zero...
Can I Use Group Policy Objects with Azure?
As technology continues to migrate to cloud-based networking, many organizations have sought to take advantage of efficient cloud solutions. As a result, Microsoft-based organizations have been transitioning to Azure for...
What is a Microsoft Certificate Authority?
What is a Certificate Authority? A certificate authority (CA) is an entity that distributes digital certificates to devices. They assist in validating the identities of websites, individuals, and devices before...
How to Run Your Own Certificate Authority
What is a Certificate Authority? A certificate authority (CA) is an entity that distributes digital certificates to devices. A digital certificate certifies the ownership of a public key by tying...
How to Configure RADIUS with G-Suite (Google Workspace)
Google Suite, also known as Google Workspace is many people’s go to cloud-based productivity suite. While Google Suite is known for its ease of use, it’s credential-based authentication creates another...
G Suite + FreeRADIUS for WiFi Authentication
IT experts are stressing network security now more than ever, especially considering the massive amount of revenue loss that can occur with a security breach and how 10 million attacks...
Best Network Security Solutions for MSPs
Among small businesses that have been targeted by cyber-criminals, 70% were used as an entry point into a larger enterprise system they supply to. Nearly half (48%) of the cases...
How To Use Azure AD Conditional Access for a Zero Trust 802.1x Network
The standard method of thinking about network security is long overdue for an update. The usual “perimeter protection” approach consists of defining, and then controlling, a virtual boundary to make...
How to Auto-Enroll Certificates from AD CS
Active Directory Certificate Services (AD CS) is a Windows server software solution designed to issue x.509 digital certificates. Certificates have proven to be more secure and easier to use than...
Configuring FreeRADIUS for EAP-TLS Authentication
FreeRADIUS is one of the most widely used RADIUS authentication providers, with customers ranging from top enterprises to universities. While FreeRADIUS is certainly an effective authentication tool, cybersecurity hinges on...
Does AD CS Work in the Cloud?
Digital certificates have taken over as the preferred method of network authentication because of their proven superiority to passwords in security and user experience. Many organizations recognize this and want...
PKI for Microsoft GPO
Microsoft’s Group Policy Object (GPO) is a useful tool to allow administrators to control the level of access for users on the network. In addition to providing strong security from...
How To Use Active Directory in the Cloud
Organizations are making the much-needed transition to cloud-based network solutions. To ease the transition, Microsoft created Azure Active Directory to aid clients in moving their directories from the on-premise Active...
Multi-Tenant Cloud PKI for MSPs
A PKI is a vital part of any comprehensive network security strategy and Managed Service Providers (MSPs) are aware of this. Currently, MSPs are under scrutiny as a number of...
Top 3 Tips on Configuring Policies in Active Directory Certificate Services
Active Directory Certificate Services (AD CS) is a Windows server software solution designed to issue x.509 digital certificates. Certificates have proven to be more secure and easier to use than...
TLS/SSL Encryption with Azure
Improving cyber security is crucial for organizations as one cyber attack could trigger the downfall and bankruptcy of an entire business. That’s why end-to-end encryption has become a network security...
Authenticating Guest Users for VPN with Azure AD B2B and SecureW2
Cross-organization collaboration can be tricky for the IT department because they need to make sure the partner’s security policies match their own, then create temporary guest user accounts and ensure...
Enable 802.1X For Guest Users with Azure AD B2B and SecureW2
Business-to-Business collaboration is essential for company growth. Thousands of companies have collaborated on projects to increase company value and spread risk. At the core of these collaborations is identity and...
Managed PKI Solutions for Active Directory Certificate Services
Investing in a Public Key Infrastructure (PKI) for your 802.1x network is the single best decision you can make to improve your network. The hardened security and improved user experience...
Dynamic RADIUS VLAN Assignment for VPN
One quarter of all internet users in the world used a VPN in the last month to protect their identity privacy and their data privacy while accessing the internet. Are...
Can I Use Google With LDAP?
Google Suite, also known as Google Workspace, is many people’s go to cloud-based productivity suite. G-Suite is a collection of collaboration tools and software that organizations can use to increase...
Can I Replace LDAP/OpenLDAP with Azure?
OpenLDAP is a free, open-source LDAP server that is used and trusted by organizations around the world. Historically, OpenLDAP has been a good solution for directory services and has succeeded...
Best Cyber Security Practices for MSPs
Over 30 millions businesses have fewer than 1,000 employees and many don’t have the IT budget to provide effective network security. Managed Service Providers (MSP) are a godsend for small...
SSL vs. TLS Certificates
One of the most important security precautions for any customer-facing organization is to ensure data sent between the two parties is protected from outside attacks. Without data integrity, customers or...
Problems Facing IT Departments
No one can deny that the IT department is tasked with monumentally important functions. Without an efficient and secure network, nearly every organization would fall apart. IT has to find...
What is VLAN Steering?
The VLAN (Virtual Local Area Network) is an important tool in the IT toolbox. By emulating the properties of a Local Area Network, you can segment users into any number...
Securing VPN Authentication with RADIUS & MFA
Due to the Covid-19 pandemic, organizations all over the world have closed their offices and sent their employees home to work remotely. The mass exodus from the office to remote...
Top 3 Cybersecurity Concerns for MSPs
Managed service providers (MSPs) have been the focal point of a series of attacks that are starting to draw attention from the public. A study conducted by Vanson Bourne surveyed...
What is a TPM?
A TPM, also known as a Trusted Platform Module, is an international standard for a secure cryptoprocessor and is a chip found on the computer’s motherboard. The function of a...
How to Choose a Managed Cloud PKI
As cloud technology and reliability continue to surpass their on-premise counterparts, more than 50% of organizations have made the switch to managed cloud PKI or plan to soon. If your...
Active Directory: Explained
Directory servers make it easy for admins to store and access resources including user and device information, computers, files, server, and much more. Back in the old days, in order...
A Passpoint Solution for MAC Randomization
Although MAC Randomization has been around for a few years, it has really grown in popularity with the beta version of Apple iOS 14 update because it’s a default enabled...
Okta Smartcard Authentication Expanded
Okta is a popular choice for organizations that want top-of-the-line cloud identity management. It’s one of the largest identity providers with a modern cloud directory and a plethora of handy...
LDAP vs SAML, Access Protocol Comparison
LDAP and SAML are major authentication protocols that securely authenticate users to a network. They determine how users interact with a resource by connecting them to the respective directory services,...
AD DS: Explained
The purpose of online directories is to store resources on the network in a way that it’s simple to access. Microsoft’s Active Directory (AD) has risen through the ranks to...
Can I Use NPS with Cloud Directories?
The RADIUS protocol is used by thousands of organizations to protect their networks. Network admins set up RADIUS servers to verify approved network users, drastically reducing the risk of a...
YubiKey PIN/PUK Configuration at Scale
Yubikeys are an all-in-one MFA device. In addition to serving as a physical authentication token, they can generate one-time-passwords (OTP) and require users to input a PIN. It’s quite difficult...
Strong Network Security with Azure
Azure AD is a highly effective IDP that was built as a successor to Active Directory (AD) to accommodate newer, cloud-centric organizations. AD does not work natively in the cloud,...
Enhanced Azure Authentication with Yubikey
The cross section of organizations that use Azure AD (Microsoft Entra ID) for identity management and Yubikeys for MFA is already sizable and growing by the day. Recent advancements in...
Secure Authentication for Azure Networks
Wireless security is crucial now that most sensitive data can be accessed online. It’s imperative for network administrators to dictate who can access the network and how much they’re allowed...
Use Azure AD B2C for 802.1x Authentication
Microsoft employs a myriad of acronyms for their product names, so it’s often difficult to tell them apart or to guess their function. “Azure AD (Microsoft Entra ID) B2C” is...
What Is RADIUS Redundancy?
In all manner of security, redundancy is strength. It’s a way to ensure that no matter what goes wrong, there is a backup plan in action that can certify safety....
Multi-Factor Authentication for Okta VPN
When it comes to authentication security, one of the simplest upgrades you can make that will drastically improve your network’s safety is to implement Multi-Factor Authentication (MFA). Simply put, MFA...
How to Use VPN With Azure AD
As cloud-based solutions are gaining popularity, many organizations are having trouble transitioning to their on-prem servers. To help alleviate some stress, Microsoft created Azure AD (Microsoft Entra ID) to aid...
Okta SSO With Certificate Authentication
A major issue that organizations face for authentication is managing different credentials for various web applications. Traditionally, web app authentication requires a unique and complex set of credentials to ensure...
Okta Vs. LDAP
For many years, LDAP has been the dominant protocol for secure user authentication for on-premise directories. Organizations have used LDAP to store and retrieve data from directory services and it...
User Lookup With Certificate-Based Authentication
Traditionally, the process of authenticating certificates for network access is independent of the user directory. And in a normally-functioning network environment, this is perfectly acceptable. Certificate-based authentication is ironclad and...
Dynamic RADIUS Policy Enforcement with Static Certificates
Certificate-based WPA2-Enterprise networks are extremely secure, but x.509 digital certificates can be a hassle to manage. Although SecureW2 has one of the best certificate management platforms in the industry, we’re...
A Cloud PKI Solution for Azure AD
Azure AD (Microsoft Entra ID) customers can ditch password-based authentication and switch to x.509 certificate-based authentication. Digital certificates offer vast improvements to network security, efficiency, and user experience. But in...
Active Directory Vs. LDAP
Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) are two terms frequently used regarding directory services. These solutions are essential frameworks for managing user identities, resources, and network configurations...
How to Use Google for 802.1x Wi-Fi
Organizations are making the much-needed transition to cloud-based network solutions and Google is a forerunner in getting people’s devices and networks in the cloud. However, for some, getting your devices...
What is Dynamic RADIUS?
SecureW2 is pleased to announce the invention of a whole new kind of AAA server – Dynamic (Cloud) RADIUS. It will revolutionize the way you authenticate users and enforce policies...
Shared Hosted RADIUS for Managed Service Providers
It’s widely accepted that using a RADIUS server for network authentication is the most secure method, but there’s a significant number of organizations for which RADIUS isn’t feasible. SecureW2 has...
Generate x.509 Certificates with Okta
A major challenge that organizations face in regards to certificates is enrolling users without Active Directory. In response, SecureW2 has developed a solution that can provide a certificate-based network regardless...
Are Passwords Secure?
Credential-based authentication is the method nearly all network users are used to and has been a common tool for decades. But unlike other decades-old technology, passwords have not been phased...
The Importance of Authentication Security
Authentication acts as the first line of defense to allow access to valuable data only to those who are approved by the organization. Many organizations recognize this and utilize Multi-Factor...
Mobile Authentication with 802.11u
As mobile device users continue to expect stronger roaming connections and faster data speeds, Wi-Fi Alliance developed PassPoint to meet these high standards. It allows users to easily transfer from...
Enabling Windows Machine Certificate Authentication
Looking to use certificate-based authentication on your managed windows devices? Machine authentication with x.509 certificates permits managed Windows machines that don’t belong to any users, to authenticate onto a 802.1X...
PKI Delivery Software for Every Device
While the advantages of certificate-based authentication over credential-based are well documented, many still experience the barrier to entry of provisioning devices with certificates. This is certainly a valid concern for...
YubiKey PIV Certificate Management
Many organizations purchase security keys like the YubiKey to streamline and secure access to various applications, but they can be used for much more. The YubiKey in particular has the...
Enabling 802.1x with AD CS
Keeping your network secure from unwanted intruders is increasingly difficult with the advancements in technology. It’s relatively easy for malicious actors to obtain network access and steal all the data...
How to Set Up RADIUS Authentication with Okta
As the internet continues its trend toward ubiquity, the dangers of lackluster network security have become increasingly apparent. With 10 million attacks targeting usernames and passwords occur every day it’s...
How to Issue GeoTrust Certificates
How to Issue GeoTrust Certificates to Devices GeoTrust is one of the world’s largest digital certificate providers with more than 100,000 customers in over 150 countries. GeoTrust offers a variety...
802.1x Without Active Directory
802.1X is the de facto gold standard that organizations should strive for when it comes to authentication; it’s safe, secure, and efficient, especially when combined with certificates. However, setting up...
Enable Secure Wi-Fi with AD CS
In an age where people have migrated to conducting business online, organizations must ensure their Wi-Fi networks are protected from outside threats. Cyber attacks, including the infamous man-in-the-middle attack, prey...
The Risk of Expiring Web Certificates
Certificate use in a variety of mediums continues to grow, but your certificate provider cannot protect against a common certificate mistake: missing expiration dates. This isn’t a major issue if...
How to Issue Sectigo Certificates
Sectigo, formerly known as Comodo, is a leading provider of digital identity solutions. One of their main products are SSL/TLS certificates and Public Key Infrastructures (PKI), which allows the client...
How to Issue Digicert Certificates to Devices
Digicert offers a variety of SSL certificates to accommodate any organizational structure and fulfill their specific needs. They supply you with the tools to configure any Platform/OS combination, giving the...
How to Prevent VPN Phishing Attacks
What is a Phishing Attack A phishing attack is a type of social engineering attack that is used to steal an unsuspecting user’s data by masquerading as a trusted platform....
Enabling Double Encryption for Zscaler with SecureW2’s PKI
Double encryption adds an extra layer of security to ensure that the connections between the Z App, Connectors, and ZPA ZENs stay protected. Although Zscaler already comes with a layer...
Man-in-the-Middle (MITM) Attacks: Explained
If you’ve ever watched this scene from Spongebob Squarepants, then you have a basic understanding of a man-in-the-middle (MITM) attack. According to UPS Capital, cyber attacks cost small businesses an...
PKI-Supported CMS for Yubikey
A CMS (Credential Management System) or SCMS (Smart Card Management System) is an invaluable tool for organizations using smart cards and security keys. They have many functions to control credentials...
Configuring a PKI for Wi-Fi
Wi-Fi security and availability is imperative for businesses now that online communication is the standard. Many organizations use passwords to authenticate user devices, but that is no longer a viable...
How to Automate Certificate Management and Provisioning
One of the biggest hurdles in certificate management is the lack of experience in finding the proper certificate management solutions. Often, administrators are of the notion that their only option...
Can I Use Passpoint with Microsoft Azure?
The best way to ensure roaming internet access for employees is by deploying Passpoint. Whether you just need to be covered across campus or want to extend your network to...
The Best Way to Manage Microsoft Certificates
A primary weakness of password-based authentication is the human element. Passwords can be forgotten, shared, or stolen, making them a nightmare for IT admins. Forgotten passwords can lead to service...
Can I Use Passpoint with Google Workspace
Passpoint is the premier tool for ensuring your users have network access while roaming, but it can be a little difficult to deploy. Fortunately, SecureW2 has a solution that integrates...
Can I Use The Okta RADIUS Agent For My Wi-Fi?
An Okta RADIUS server agent is a lightweight program that runs as a service outside of Okta. It is usually installed outside of a firewall which gives Okta a route...
Top 3 Mistakes Setting Up AD CS Certificate Templates
In order to use certificates for authentication, a security trend caused by the inadequacies of password-based authentication, a public key infrastructure (PKI) must be in place. Active Directory Certificates Services...
Creating Private Certificates Authorities for Internal Use
What is a Certificate Authority? A certificate authority (CA) is an entity that distributes digital certificates to devices. These certificates cryptographically tie an identity to a public key, ensuring that...
List of Passpoint-Supported Operating Systems
Passpoint is a great tool to enable your network users to have continued access to the internet – whether they’re roaming around the city or moving from building to building...
Passpoint r1 & r2 Compared
Enabling an online connection while users are away from their home networks has been a challenge for those that want a complete and efficient system. The use of mobile data...
Yubikey Certificate Attestation Improved
Cyber security is ever-evolving to counter the attacks that are getting more aggressive by the day. One-step authentication is no longer enough to establish identity with absolute certainty. 2FA (two-factor...
Enterprise PKI Management in the Cloud
As the importance of secure authentication continues to rise, many organizations are looking for lightweight, cost-efficient solutions to their cybersecurity concerns. This has caused many to question the efficacy of...
3 Security Advantages of a Cloud RADIUS Server
In order to successfully configure a WPA2-Enterprise network you must have a RADIUS server. The RADIUS authorizes and authenticates users signing into the network and eliminates any speculation into who...
Why ECC is the Solution for IoT Security
ECC, or Eliptical Curve Cryptography, isn’t a new technology – it’s relatively old, actually, Despite being around since 1985, it has just recently begun to gain popularity as an alternative,...
Using VPN for Remote Work? Don’t Make this VPN Security Mistake
We have never been more connected with others than we are today. The workforce is quickly moving to mobile devices. Remote work has picked up dramatically due to the COVID-19...
3 Best Practices for Onboarding BYODs
Bring Your Own Device (BYOD) systems can be an amazing tool for businesses or schools looking to increase productivity and reduce cost. According to a study by Forbes, 42 percent...
Why Most Are Leaving LDAP With WPA2-Enterprise Behind
For years, the credential-based network authentication standard was the Lightweight Directory Access Protocol (LDAP). The security and efficiency offered by LDAP provided the necessary protection levels for everyday WPA2-Enterprise operations....
Managed PKI VS Private PKI
Deciding between a managed PKI and a private PKI is a difficult decision. Each method of PKI management has advantages and disadvantages, and if you’re coming from a place of...
Top 4 Managed PKI Use Cases
A Managed PKI is a vital part of any comprehensive network security strategy. It allows you to use digital certificates for authentication, a form of credential that’s much more secure...
It’s Time For SHA-1 Hash To End
SHA-1 is a commonly used cryptographic hash algorithm that has been used for nearly 2 decades to secure online communications. It was originally designed for government use, but an exploit...
Phishing Scams Are Now Capitalizing on Coronavirus
COVID-19, better known as the Coronavirus, is spreading throughout the world right now and has a lot of people concerned. This has led to scammers incorporating the virus into their...
How To Address America’s Ransomware Threats
Over the course of the 2010s, ransomware attacks on city and state governments have increased in number and effectiveness. The lack of proper cybersecurity measures has highlighted a weakness in...
Combating Burnout in Cybersecurity
Cybersecurity professionals are highly sought-after individuals that add an immense amount of value to an organization, but that value can be difficult to pin down in terms of dollars. As...
PPSK Is Not an Alternative to 802.1x
Believe it or not, the aging WPA-Personal protocol has seen some innovation in the past few years. Several companies have developed unique PSK authentication protocols with varying names, though “Private...
Top 3 PEAP-MSCHAPv2 Mistakes Made by Universities
Credential-based authentication with PEAP-MSCHAPv2 is still commonly used, and for some network types it is appropriate. A home network or a small coffee shop offering free wireless can benefit from...
Best Practices For IoT Security
The explosion of Internet of Things devices (IoT) onto the technology market has revolutionized how businesses operate. The endless possible applications of these incredibly diverse devices has led to a...
3 Mistakes Universities Make Deploying 802.1x and WPA2-Enterprise
Over the past decade, we’ve helped hundreds of organizations around the world secure and set up WPA2-Enterprise networks. While WPA2-Enterprise remains the golden standard for 802.1x authentication, there are many...
Certificate Security for IoT Devices
Internet of Things (IoT) devices have been a rapidly growing industry trend that can provide invaluable and unique data to many organizations. While most devices are designed to maximize the...
Cloud vs. On-Prem RADIUS: Which is Better?
A requirement for all WPA2-Enterprise networks is the use of a RADIUS server. A vital part of the network, the function of a RADIUS is to authenticate the user and...
Update Your Browser to TLS 1.2 to Support 802.1x WPA2-Enterprise
Organizations should be aware of an important update to TLS. TLS 1.2 is the most recent update that builds on top of TLS 1.0 and TLS 1.1 to increase network...
Reduce the Risks of a Certificate Authority
Recently, cybercriminals have begun targeting public Certificate Authorities (CA) to obtain legitimate certificates and then sell them on the black market. Because these are verified and signed certificates obtained by...
Using Digital Certificates on Yubikey
Yubikeys are an incredibly secure method of protecting yourself from data theft, but you’re probably not using them to their full potential. Natively, Yubikeys only support credential-based authentication through keypairs...
Best Practices for AD CS Configuration
Many companies use Windows servers as the main component of their IT infrastructures. If those companies want to use digital certificates for their network, they set up a public key...
Stronger Multi-Factor Authentication With Certificates
It’s widely held knowledge that using a single factor for authentication to wireless networks is less than secure and easily exploited by hackers. According to IBM’s X-Force Threat Intelligence Index,...
Certificate-Based Authentication for Okta PIV Cards
Efficiency is the name of the game when operating a wireless network. Designing every facet of the network with the user experience in mind will result in a streamlined system...
What is Public Key Cryptography?
Public key cryptography, a synonym for asymmetric cryptography, is a clever cryptographic system that allows two parties to exchange encrypted information publicly without worry of interception. Many cryptographic systems are...
Configuring Yubikey Desktop Login on Jamf-Managed Devices
Yubikeys represent an exciting opportunity to merge two features that are often at odds: security and convenience. Many organizations have purchased Yubikeys and distributed them to their employees for that...
Unlock the Potential of Security Keys
Security keys, also called hardware security keys, are a method of authentication that offers an additional layer of hardened security. They can be used to login to desktops, Wi-Fi, and...
How To Avoid BYOD Onboarding Issues
In today’s mobile era, consumers are no longer chained to a bulky desktop in a cubicle or classroom. They are doing business, taking classes, and accessing resources on the go...
Use WPA-2 Enterprise To Efficiently Onboard Thousands of Devices
Each year, college campuses must navigate the trials associated with successfully onboarding thousands of new students to the wireless network. This may have been moderately challenging 10 years ago, but...
iOS 9.x Wi-Fi Connectivity Issue with EAP-TTLS and EAP-PEAP: Explained
The iOS 9+ bug: Why do PEAP or TTLS users get locked out of Wi-Fi when their password is updated? Why and how does TLS authentication still work? Should you...
Buried Under a Mountain of Support Tickets? We Can Help!
Support tickets are an inescapable burden that many IT departments wish they could reduce. Resolving technical issues is a vital function of any IT department, but they amount to a...
Top 3 Mistakes When Setting Up a WPA2-Enterprise Network
The importance of wireless security cannot be understated as the threat of data theft continues to rise. WPA2-Enterprise networks are the first line of defense – they’ve been proven time...
Streamline Your Network with a Single Sign-On Policy
Organizations that seek out opportunities to improve the efficiency of their network should consider using SAML authentication to implement a Single Sign-On (SSO) policy. First and foremost, SAML is an...
Effective Cybersecurity in Banking Starts With People
Large banking institutions like Capital One are among the most targeted organizations by cyber-criminals looking to profit through data theft. Banks are responsible for protecting heaps of personal information about...
What’s In Store With WPA3-Enterprise?
The network type WPA has been upgraded once since its inception in 1999. In 2004, it was replaced by WPA2, which has stood as the standard for highly secure wireless...
Addressing Credential Theft Threats From Every Angle
The looming threat of a data breach has influenced many organizations to step up the security protecting their wireless network. Organizations with personnel files, financial information, and other types of...
How Vulnerabilities Put Sensitive Data at Risk
Cybersecurity is one of the most dynamic and complex industries in the world today. A business that provides cybersecurity software or products is not just competing against other companies; they’re...
Efficient Device Onboarding for Higher Education
An important first task for incoming students is to connect to the secure network they will use for all their on-campus studies. If the process is less than smooth, the...
Equifax’s Story: The Risks of Lax Security
On July 29th, 2017, Equifax discovered that data was leaking out of the credit bureau’s databases and had been since approximately mid-May of that year. They publicly reported the incident...
Implementing SSL Inspection
The proliferation of HTTPS websites has been a benefit and a challenge for network administrators. Overall, HTTPS enhances the overall security of websites because it encrypts the communications between the...
Using a SCEP Gateway to Distribute Certificates to Managed Devices
The Simple Certificate Enrollment Protocol (SCEP) automates the distribution of certificates at scale. Instead of manual provisioning, SCEP allows devices to request certificates directly from a Certificate Authority (CA) using...
Simplifying the Onboarding Process
The most common questions we get in reference to onboarding new users aren’t related to using the software, but rather how to direct users to the software. SecureW2 has developed...
Introducing an MDM Solution for SMBs
A common trend for SMBs seen across many industries is opting into a MDM infrastructure to replace or supplement a BYOD policy. For many organizations, a MDM system offers a...
Demystifying Server Certificate Validation
Credential theft is a high priority concern across many industries, and to combat it, many institutions have deployed WPA2-Enterprise wireless networks. This network type encrypts all network communications, as well...
Credential Theft Threats Facing SMBs
Data and credential theft have become an increasingly prevalent concern for SMBs as more attackers choose to target them. It’s common to hear about large scale hacks, such as Target,...
Try adjusting your search or filter criteria