Making the Shift to Passwordless Seamless: Overcoming Objections and Hurdles
Passwords have been the foundation of digital security for decades, but today’s threat landscape has outpaced their effectiveness. Due to resets and lockouts, IT staff are overloaded, and they remain...
When Static Trust Becomes a Backdoor: Lessons from the 2025 SharePoint ToolShell Exploit
In July 2025, a widely exploited zero-day vulnerability, CVE-2025-53770 & 53771, named ToolShell, hit on-premises Microsoft SharePoint Server systems, triggering a large-scale compromise. The ToolShell exploit gave attackers unauthenticated remote...
The DoD Just Confirmed What We’ve Been Saying All Along: Trust Must Be Earned
Even the DoD Knows the Perimeter is Dead “There is no such thing as a secure system.” —Lisa Porter, Former Deputy Undersecretary of Defense for Research and Engineering The U.S....
Certificate Pinning vs. Device Attestation
Certificate pinning is widely used in networks to establish trust between client devices and servers. However, with enterprises shifting to dynamic BYOD and device trust policies, certificate pinning alone does...
What is the difference between MITM and AITM?
A traditional Man-in-the-Middle (MITM) attack primarily involves an attacker passively intercepting a communication channel to eavesdrop or steal static credentials, such as passwords. The Adversary-in-the-Middle (AITM) attack takes this a...
What does a modern PKI team structure look like?
Public Key Infrastructure (PKI) is like experiencing a renaissance. PKI, formerly thought to be the realm of cryptography specialists and obsolete hardware, is now a strategic enabler of business identity...
What is Opportunistic Wireless Encryption (OWE) in WPA3?
Public Wi-Fi is available everywhere. However, behind the convenience lies a long-standing issue: unsecured Wi-Fi networks lack encryption, exposing user data to eavesdropping and attacks. Opportunistic Wireless Encryption (OWE), a...
Dynamic PKI: Continuous Authentication for Modern Security
Traditional authentication models have relied on static trust. Once a device or user is authenticated a single time they typically remain trusted indefinitely. This model assumes continuous security from a...
Why Does Certificate Lifecycle Management Automation Need Continuous Authentication?
Enterprises are relying more on automated solutions to manage the lifecycle of digital certificates. Certificate Lifecycle Management (CLM) has evolved from a manual, error-prone process to an automated, API-driven workflow...
Can Continuous Authentication Work with Existing MDM, EDR, or Identity Tools?
Yes, continuous authentication can work alongside existing Mobile Device Management ( MDM), Endpoint Detection and Response (EDR), and identity tools. This is possible when these tools share real-time context and...
What’s the difference between device authentication and device attestation?
Device security is more important than ever. Just one compromised device can give attackers access to your whole network. Because of this, security professionals depend on device attestation and authentication....
Why Should I Use EAP?
The Extensible Authentication Protocol (EAP) provides a standard framework for authenticating users and devices to a network. It uses various authentication methods, such as tokens, smart cards, digital certificates, and...
What is the difference between TLS and EAP-TLS?
TLS and EAP-TLS might seem identical initially since they depend on encryption and certificate-based authentication. TLS and extensible authentication protocols-transfer layer security (EAP-TLS) are often discussed in network security. They...
What are the three components in the 802.1X system?
The 802.1X system has three primary components: the supplicant, the authenticator, and the authentication server. The supplicant is the part of the device that requests access, the authenticator is the...
Is EAP-TLS The Same as PEAP?
Extensible Authentication Protocol-Transport Layer Security (EAP-TLS ) and Protected Extensible Authentication Protocol (PEAP ) are both authentication protocols used in the 802.1x framework, but they are not the same. The...
What Is The Gold Standard Of Network Security?
Extensible Authentication Protocol-Transfer Layer Security (EAP-TLS) is considered the gold standard for network security. It allows digital certificates to be deployed on WPA2-Enterprise with 802.1X authentication. EAP-TLS uses asymmetric cryptography...
How Does WPA3 Improve Wi-Fi Security Compared To Previous Protocols?
Wireless Protocol 3 (WPA3) improves Wi-Fi security compared to the WPA2 protocol, as it provides individual data encryption, side channel protection, and a more robust authentication mechanism through its 192-bit...
What is 802.1x Authentication Used For?
802.1x Authentication is a network security standard that grants access to wired and wireless networks by validating authorized users and devices. The 802.1X protocol is the IEEE Standard for Port-Based...
Understanding NIST SP 800-171 3.5.2: Device Identification & Authentication
NIST SP 800-171 is a cybersecurity framework that protects Controlled Unclassified Information (CUI). It applies to organizations handling sensitive government data and has been widely adopted as a best practice...
Your Guide To Wi-Fi Security
Wi-Fi is now a necessity. However, its convenience also makes it a prime target for cyber threats. As the number of Wi-Fi-enabled devices skyrockets, so do security risks. Attackers exploit...
How Does a Man-in-the-Middle (MITM) Attack Compromise Wi-Fi Networks?
A MITM happens when attackers hijack a communication channel to intercept and steal data. In this type of attack, they position themselves between a user and an application, silently capturing...
What is an Evil Twin attack in Wi-Fi, and how can I protect against it?
Imagine you’re out shopping, getting coffee, or waiting for a flight. You quickly want to check your messages or search for something, so hop on a free public Wi-Fi network....
SCEP vs. Dynamic SCEP
Simple Certificate Enrollment Protocol (SCEP) streamlines secure certificate issuance across networked devices, enabling scalable authentication and encryption. Instead of relying on manual provisioning, SCEP automates the process, allowing devices to...
What is MAC spoofing, and how does it affect Wi-Fi security?
MAC spoofing is when an attacker tricks a network by faking a device’s unique ID (MAC address) to gain unauthorized access or disrupt communication. This attack can happen in different...
Enabling Okta Device Trust for any MDM
The traditional network perimeter is a relic of the past. With remote work now common, users need secure access from anywhere, making outdated security models ineffective. Relying on perimeter-based defenses...
Top PKI Management Tools For A Network
Organizations should prioritize automated certificate lifecycle management to maintain complete visibility and granular control over who and what accesses their network. Managing certificates manually—distributing, renewing, and revoking them—quickly becomes tedious...
Can I Use Azure With A RADIUS Server?
Organizations worldwide are making the transition to cloud-based network solutions. To ease the transition, Microsoft created Entra to aid clients in moving their directories from on-premise Active Directory (AD) to...
Configuring Certificate Auto-Enrollment with Microsoft GPO
Enterprises that use Public Key Infrastructures (PKI) will have to issue and manage tens or even hundreds of thousands of digital certificates. Keeping track of all those certificates may seem...
Complete Guide To Certificate Authorities
Imagine walking into a vast library, seeking a single book among millions. Without a librarian or a catalog system, you’d be lost. In many ways, the internet is that library,...
Without Server Certificate Validation, WPA2-Enterprise Isn’t Secure
Your users have strong, unique passwords, your networks are protected with WPA2-Enterprise encryption, and you use 802.1x for authentication. WPA2-Enterprise is the gold standard when it comes to security, so...
Microsoft PKI Best Practices
A Public Key Infrastructure (PKI) is an 802.1x network security solution that uses public-private key cryptography to authenticate users for online resources. PKIs can be configured to authenticate for Wi-Fi,...
How to Configure Kandji SCEP Profile
Digital certificates have, time and again, proven to be more secure than credential or password-based authentication as they are phishing-resistant. However, manually distributing digital certificates is a considerable challenge for...
What Are Virtual Smart Cards?
In the world of authentication cybersecurity, a device growing in popularity is the Smart Card. A smart card, like those produced by Yubico, is a cryptographic tool that allows users...
SHA-2 vs ECC: Digital Certificate Encryption Advancements
Cryptographic systems are at the heart of digital certificates, enabling encryption, authentication, and integrity. SHA-2 and ECC are two pivotal technologies that protect everything from SSL certificates to system integrity...
2024 Security Analysis of PEAP-MSCHAPv2
These days, wired and wireless (Wi-Fi) networks are ubiquitous. Organizations need these connections to perform critical business functions, but these connections are susceptible to various ever-evolving cyber threats. As a...
Network-as-a-Service (NaaS): Explained
NaaS, or Network as a Service, is a cloud-based networking model that modifies how businesses handle and use their networks. Instead of having a lot of network equipment on-site, you...
WPA3-Enterprise: Should you Adopt It?
WPA (Wi-Fi Protected Access) was created in the early 2000s when IT professionals quickly realized that WEP (Wired Equivalency Protocol) had terrible security vulnerabilities. WPA2 was ratified in 2004 as...
Is RadSec Necessary for Eduroam?
Students and staff who visit other colleges and universities frequently encounter challenges accessing safe Wi-Fi networks. Without an integrated system, they may encounter connectivity challenges, different login procedures, or concerns...
Complete Guide to Android 802.1X
In this article, we’ll examine a crucial authentication method for keeping your Android devices secure while connecting to networks. It’s called 802.1X authentication. This specific security approach ensures only the...
The Dangers of Self-Signed Certificates
Self-signed certificates continue to pose critical risks to organizations prioritizing secure communication. While they may seem convenient for quick deployments, their inherent vulnerabilities can lead to severe security and operational...
What is PIV (Personal Identity Verification)?
Personal Identity Verification (PIV) is a security standard detailed in NIST FIPS 201-2 that creates a framework for multi-factor authentication (MFA) on a smartcard. While PIV was originally designed for...
How Safe Is The EMF Exposure From Wi-fi?
Most people use Wi-Fi, which emits electronic and magnetic fields (EMF). But are the EMFs from Wi-Fi dangerous? The short answer is no, but we'll dig into the question further.
A Guide to Server Certificates
Server security is critical in today’s digitally driven environment. The server certificate, a digital document that verifies the identification of a website or server, is fundamental to Internet communication security....
Top 6 Ways To Prevent Your Network From DNS Poisoning Attacks
As we increasingly rely on the internet for both personal and professional activities, understanding the potential threats to our online security becomes essential. A prevalent and significant risk is DNS...
All that You Need To Know About Public Key Encryption
We are living in a time where wireless security is imperative because private data and personal information are uploaded online. As the amount of online data increases, so does the...
Drawbacks of NPS in a Cloud Environment
Organizations want different technologies to work well together and integrate smoothly so they can be used more efficiently. The combination of Microsoft Azure and Network Policy Server (NPS) frequently generates...
Why is It Safe to Migrate AD CS from SHA-2 to SHA-1 In 2024?
It’s imperative for organizations to fully switch from SHA-1 to SHA-2. The National Institute of Standards and Technology (NIST) stated SHA-1 should not be trusted, PCI Compliance scanners no longer...
Why Do You Need S/MIME Encryption In Network Security
S/MIME stands for “Secure/Multipurpose Internet Mail Extensions”. It’s an IETF standard for public key encryption and creating a digital signature for MIME data. In essence, S/MIME uses a PKI to...
WPA vs WPA2- The Better Wifi Authentication
Wireless networks are omnipresent. You may have access to many wireless networks, whether in a neighborhood coffee shop, a school, or home. However, it’s hard to tell which ones are...
How To Use RadSec For A Secure Roaming Network
RadSec is an 802.11x protocol designed to securely transfer information from a RADIUS through TCP (Transmission Control Protocol) and TLS (Transport Layer Security) for protected communications. At a basic level,...
How to Use Active Directory Set-up For Wi-Fi and CloudRADIUS
Organizations that leverage Microsoft Active Directory (AD) often want to connect their core user identities to their Wi-Fi network. The goal is to enable users to authenticate uniquely to the...
An Overview Of Certificate Revocation List In A PKI
What is a Certificate Revocation List? A certificate revocation list, more commonly called a CRL, is exactly what it sounds like: a list of digital certificates that have been revoked....
What Is RADIUS Certificate-Based Authentication?
As cyber security risks increase and secure access to network resources is required, organizations are adopting different authentication methods. RADIUS certificate-based authentication is one of those methods that increase the...
4 Best Practices For Eduroam Deployment
Scholars and students often visit different campuses for internships, seminars, conferences, and other events. Accessing secure Wi-Fi at foreign campuses has always been a challenge for these individuals who require...
How to Integrate with Entra ID For Effective Certificate Management
The transition from on-premise Active Directory (AD) to cloud-based Azure AD (Microsoft Entra ID) can be tricky, leaving Azure admins searching for an easy way to migrate. Unlike AD, there...
How to Configure Dynamic VLAN for EAP-TLS
Researching and implementing new cybersecurity technologies is a vital aspect of maintaining an effective network for your organization. But transitioning to more up to date security measures often comes with...
Benefits of Digital Certificates For Secure Eduroam Wi-Fi
Eduroam has become crucial for colleges worldwide, providing students and staff with seamless, cross-campus Wi-Fi connectivity. However, as more institutions use Eduroam as their principal Wi-Fi network, security and accessibility...
Certificate Lifetimes – Is 20 Years Too long?
Over the last few years, software makers have begun cracking down on certificates that do not expire soon enough. Most browsers will reject any SSL certificate with a lifetime longer...
Can I Use OAuth 2 With ADFS?
What is ADFS? Active Directory Federation Service (ADFS) is a software component developed by Microsoft to provide Single Sign-On (SSO) authorization services to users on Windows Server Operating Systems. ADFS...
Best EAP Method to Configure a Secure WiFi Network
Extensible Authentication Protocol (EAP) is a strong security layer and authentication framework used in Wi-Fi networks. It provides various methods to verify the identities of users and devices before granting...
The Importance of Device Attestation for Zero Trust
Here, you can learn the concepts of device trust and cryptographic principles of attestation in ensuring security of your organization.
Passwordless Magic Link Authentication: Explained
Want to know how magic links work? Read on to know more about magic links other passwordless authentication methods for network security.
You Don’t Need LDAP for 802.1X Anymore
Without protection, your organization’s network is vulnerable to cyber attacks. The 802.1X protocol heightens network security by introducing RADIUS servers for authentication, and Lightweight Directory Access Protocol (LDAP) has commonly...
Using Multi-Factor Authentication for Network Security
Many inquiries that we receive reference Multi-Factor Authentication (MFA) and how it can be used to improve the network security. MFA is a process that requires more than one form...
How to Check if a Digital Certificate is Revoked
A critical component of EAP-TLS certificate-based authentication is properly managing certificates, which includes confirming that they have been properly revoked AND placed on the list of revoked certificates so the...
How to Set up Device Identification in Defender for Cloud Apps
Want better visibility and control on all devices in your network for efficient device management? Try Defender Device Management with us.
Which Devices Support Passpoint and OpenRoaming?
OpenRoaming & Passpoint Wi-Fi makes the use of mobile devices on the go more secure. Find out what devices and OS support Passoint.
(Solved) Android 11 Samsung “Deep Sleep” Wi-Fi Connectivity Issue
Android devices have long had an “app sleep” feature designed to reduce power usage for infrequently used apps, and it’s not a new problem that it can cause apps to...
What is Microsoft NPS?
In an era dominated by cloud-centric solutions, Microsoft NPS sets out as an on-premise network security tool for Windows Server. Its primary goal is centralizing network regulations, user identities, and...
FreeRADIUS vs. Cisco ISE
Cyber-attacks cost small businesses an average of $84,000 to $148,000, and 60% of those attacked go out of business in 6 months. As organizations continue to grow, it becomes more...
Device-Based vs User-Based RADIUS Lookup
If all the users in your network fit into one single group, RADIUS authentication would be simple. Alas, things aren’t that easy; administrators often find themselves needing to specifically distinguish...
WPA2-PSK is Not Good Enough
In this day and age, employees are accessing their corporate resources wherever they can get a strong wireless signal, whether it be a public hotspot, an airport, or a friend’s...
Why NTLM Authentication is Vulnerable
One of the biggest problems with Windows environments is the insistence to continue to build upon older systems despite the emergence of cloud solutions. Attackers can easily gain access to...
Everything You Need to Know About PEAP Security
Since most transactions and communication are done over networks today, the security of these networks can’t be overlooked. Securing your network connections has never been more critical, as the data...
A Security Analysis of WPA-Personal
In the continuous effort to strengthen wireless network security, Wi-Fi Protected Access (WPA) represents a significant turning point. Data transmission over airwaves is becoming increasingly common in the ever-expanding digital...
MobileIron vs MEM Intune: Top MDMs Compared
Mobile devices like phones, tablets, and laptops are being used for work more than ever, especially after the COVID-19 pandemic. Remote work and hybrid workplaces are the new normal, making...
What is the Trusted Root Certification Authorities Store?
A Certificate Authority (CA) is the entity that handles the certificate distribution for a PKI. Certificate Authorities assist in validating the identities of different websites, individuals, and devices by providing...
Does Rotating Preshared Keys Improve Security?
Wifi Protected Access 2 – Pre-Shared Key (WPA2-PSK), a wireless security standard from 2004, is still used by many organizations today. And although it’s safer than its predecessors, WPA2-PSK relies...
Designing a Zero Trust 802.1x Network
As hackers get more sophisticated and hands-on, network security strategies have to adapt to meet the new challenge. An old idea that has recently been given new life is the...
OCSP vs CRL: The Best Bet To Revoke Certificates In A PKI
OCSP support is not included in the current roadmap of SecureW2 for some key reasons. Here’s a brief overview of your options for certificate revocation: What is OCSP OCSP stands...
Passwords vs. Digital Certificates For RADIUS Authentication
Businesses understand the importance of passwords for private data security but might not realize that using a network with passwords poses many security threats. As hacking techniques become more advanced,...
Is EAP-TLS Safer than PEAP-MSCHAPv2 in 2024?
The short answer is: Yes. Organizations that are interested in moving from the unsecure PEAP-MSCHAPv2 protocol to the superior EAP-TLS protocol might be worried about huge infrastructure overhaul or the...
Configuration Guide For WPA2-Enterprise On Operating Systems
Automation is critical for a positive user experience; the faster a monotonous task can be finished, the more time users can focus on important activities. Network authentication can operate the...
How To Renew SSL and Client Certificates For Secure Network
Automate certificate distribution and lifecycle management with industry best managed PKI solution. Continue reading to know more.
Configure 802.1X Authentication with Microsoft Office 365 Suite
We are living in an age where basically every person has an online footprint, whether it be for entertainment or to conduct business. Since millions of people are taking their...
Configure RADIUS on Windows Server 2008
The name RADIUS needs no introduction whenever you imagine a wired or wireless authentication server. Commonly referred to as AAA servers, RADIUS performs the core task of Authentication, Accounting, and...
What is WEP Security?
As we all know, wireless networks simplify numerous business procedures while providing trustworthy security. As a result, a user must be familiar with wireless networks and how they might facilitate...
Preventing Man-in-the-Middle (MITM) Attacks: The Ultimate Guide
A man-in-the-middle (MITM) attack is an incredibly dangerous type of cyber attack that involves a hacker infiltrating a private network by impersonating a rogue access point and acquiring login credentials....
RADIUS Server Authentication: Explained
A RADIUS server prevents unauthorized access to your network - and, thanks to services like Cloud RADIUS, this powerful authentication tool is more accessible than ever.
Is there an Alternative to Windows NPS?
Microsoft’s Network Policy Server (NPS) is a AAA RADIUS server used for a number of different types of network connections. It can be used for wireless authentication, VPN connections, dial-up,...
What’s the Difference between OpenRoaming and Passpoint?
Advances in Wi-Fi infrastructure are coming at a rapid-fire pace these past few years, and it’s a little difficult to keep up. Some of the most exciting news has been...
Windows RADIUS Server Pros and Cons
There are thousands of deployed instances of Windows RADIUS Server across the world, but users still debate its capabilities to keep their large networks intact and secure, giving rise to...
Group Policy vs. Intune Profiles: A High-Level Comparison
Microsoft has many policy management tools to secure client devices in an organizational environment. Microsoft Group Policy and Intune Profiles are commonly used solutions in different environments, catering to different...
What is RSA Asymmetric Encryption? How Does it Work?
Encryption is the systematic process of converting plain, readable information, or data, into an unreadable format to prevent unauthorized access. This process is achieved by implementing a set of rules...
Troubleshooting Commonly Encountered Okta Sign-In Errors
Okta is one of the leading identity and authentication platforms compatible with both cloud and on-premise directories. They provide a great user experience, but sometimes you might encounter networking errors...
Does LDAP work with Entra ID? Yes and No
To make a long story short: Microsoft offers the ability to sync Azure AD (Microsoft Entra ID) with an LDAP server, which can suffice as a short-term solution. This means...
What to Expect When You’re Adopting the JoinNow Platform for Managed Devices
In a nutshell, SecureW2 helps organizations achieve passwordless network access by providing a managed Public Key Infrastructure (PKI) and RADIUS service. These two core products work together to empower wired...
EAP-TLS Explained: How It Works and Why It’s Secure
Extensible Authentication Protocol–Transport Layer Security (EAP-TLS) is an IETF open standard defined in RFC 5216. More colloquially, EAP-TLS is the authentication protocol most commonly deployed on WPA2-Enterprise networks to enable...
RADIUS Events Logs: How to View and Access Them
RADIUS servers are often called AAA (authentication, authorization and accounting) servers because they perform each of those three functions. Accounting – which refers to the process of tracking events as...
802.1X EAP-TLS Authentication Flow Explained
For many organizations, the IEEE 802.1X authentication mechanism for Port-Based Network Access Control is the first line of defense against outside attack. It’s also one of the most commonly targeted...
Server Certificate Validation with Android 12 Devices
Cyber-attacks have grown stronger over the years and are able to easily bypass the rudimentary security standards provided by the username/password mechanism. If an organization relies on passwords for network...
Android 11 Server Certificate Validation Error and Solution
*Updated Feb 2021 The dust has settled on the Dec 2020 Android 11 update and, for better or worse, the effects on network authentication have not been as drastic as...
Should WPA2-Enterprise Be Used For My Home Network?
Securing home wireless networks has never been as important. An increase in remote work requires more people to handle sensitive business data at home. On top of this, our lives,...
Network Security Basics—Definition, Threats, and Solutions
The adoption of remote work, cloud computing, and integrated IoT devices leads to complexities of securing computer networks and network security infrastructures. The evolution of cyber threats—from sophisticated malware attacks...
How to Use IEEE 802.1x Authentication for a Wired or a Wireless Network
IEEE 802.1x authentication is a standard for port-based network access control. It essentially requires devices to authenticate themselves before gaining access to network resources. This standard is versatile, working seamlessly...
How to Set Up AD CS PKI Certificates with Jamf
As credential-based authentication becomes increasingly insecure, many organizations see the benefit of moving to passwordless security methods such as digital certificates. Implementing certificates, however, requires the implementation of a Public...
Network Access Control: Explained
Network Access Control (NAC) is an advanced cybersecurity measure designed to regulate who, what, and how entities gain access to network resources. As the traditional security perimeter is no longer...
How is a Smart CAC Card Used in A PKI?
Public Key Infrastructure (PKI) is one of the most robust methods for safeguarding sensitive information, particularly within the Department of Defense (DoD) ecosystem, where it secures sensitive data and communications...
What is PKI-as-a-Service (PKIaaS)?
Public Key Infrastructure (PKI) keeps data secure, authenticates identities, and ensures end-to-end encryption. It plays a vital role in securing digital communications and involves a set of roles, policies, hardware,...
What is a Hardware Security Module (HSM)?
Data security has never been more critical. Hardware Security Modules (HSMs) are pivotal in safeguarding the cryptographic infrastructure of numerous global enterprises. HSMs have come a long way, from niche,...
Understanding PKI Certificates
Imagine conducting important business online without identifying the person you’re interacting with. It would be like handing sensitive documents to a stranger on the street; every login would be risky....
A Deep Dive into PKI Certificates
Corporate data, social media pages, applications, and user data are crucial assets of an organization, and any theft or misuse of these could lead to huge financial losses. They not...
Introducing WebAuth Wi-Fi with Cloud IDPs
It’s no secret that open Wi-Fi networks are infamously insecure, and Pre-Shared Key (PSK) networks aren’t much better. If you tie your organization’s Wi-Fi to a single password and more...
LEAP Authentication and How It Works
Wi-Fi connection integrity is critical for organizations securing sensitive data or individuals protecting personal information. This requirement has created many authentication methods, each attempting to balance usability and security. LEAP...
A Comprehensive Guide to the EAP Protocol in Networking
Network security is crucial in the modern digital world, where wireless communication is commonplace. Security risks such as unauthorized access, data eavesdropping, and network breaches can affect wireless networks. Because...
What is a Jamf Push Certificate?
Do you use Apple devices in your work infrastructure? Then you’ve probably heard of Jamf. Jamf Pro is one of the most robust and feature-dense solutions for managing Apple devices....