How to Create a Cloud-Based RADIUS Server
In order to successfully configure a WPA2-Enterprise network, a RADIUS server is a must. The RADIUS authorizes and authenticates users signing into the network and eliminates any speculation into who...
JoinNow 8.0: Adaptive Defense, ACME for Server Certs, and More!
Trust rules how the world works. It’s the foundation of personal relationships, how we choose who to do business with, and how we grant people (and now non-human identities) access...
Making the Shift to Passwordless Seamless: Overcoming Objections and Hurdles
Passwords have been the foundation of digital security for decades, but today’s threat landscape has outpaced their effectiveness. Due to resets and lockouts, IT staff are overloaded, and they remain...
When Static Trust Becomes a Backdoor: Lessons from the 2025 SharePoint ToolShell Exploit
In July 2025, a widely exploited zero-day vulnerability, CVE-2025-53770 & 53771, named ToolShell, hit on-premises Microsoft SharePoint Server systems, triggering a large-scale compromise. The ToolShell exploit gave attackers unauthenticated remote...
How To: Enabling Safe GenAI Access on Unmanaged Devices and Corporate Wi-Fi
Generative AI (GenAI) tools such as ChatGPT, Claude, and GitHub Copilot have become integral to the workplace and are used by employees as productivity tools. Banning new tech doesn’t work;...
Securing Identity-less Infrastructure and Userless Agents
The security landscape is profoundly transforming as AI and cloud-native technologies reshape organizations’ operations. Today, infrastructure consists of identity-less components such as containers, serverless functions, and ephemeral compute instances that...
Certificate Pinning vs. Device Attestation
Certificate pinning is widely used in networks to establish trust between client devices and servers. However, with enterprises shifting to dynamic BYOD and device trust policies, certificate pinning alone does...
What is the difference between MITM and AITM?
A traditional Man-in-the-Middle (MITM) attack primarily involves an attacker passively intercepting a communication channel to eavesdrop or steal static credentials, such as passwords. The Adversary-in-the-Middle (AITM) attack takes this a...
How Do You Enforce Consistent PKI Policy Across Distributed Teams?
You can enforce a consistent PKI policy across distributed teams by using centralized, automated enforcement with dynamic tools that integrate with your existing IT ecosystem. Manual management methods often lead...
What does a modern PKI team structure look like?
Public Key Infrastructure (PKI) is like experiencing a renaissance. PKI, formerly thought to be the realm of cryptography specialists and obsolete hardware, is now a strategic enabler of business identity...
Why Isn’t my SCEP Profile Working?
You’re not alone if you have ever hit “Push” on the Simple Certificate Enrollment Protocol (SCEP) profile in your Mobile Device Management (MDM) only to find that nothing immediately happens....
ACME Device Attestation: Strengthening Certificate-Based Security
Public Key Infrastructure (PKI) was never designed for an environment where devices could drift out of compliance within hours, sometimes minutes, of being trusted. And yet, many organizations still rely...
Dynamic PKI: Continuous Authentication for Modern Security
Traditional authentication models have relied on static trust. Once a device or user is authenticated a single time they typically remain trusted indefinitely. This model assumes continuous security from a...
Why Does Certificate Lifecycle Management Automation Need Continuous Authentication?
Enterprises are relying more on automated solutions to manage the lifecycle of digital certificates. Certificate Lifecycle Management (CLM) has evolved from a manual, error-prone process to an automated, API-driven workflow...
Can Continuous Authentication Work with Existing MDM, EDR, or Identity Tools?
Yes, continuous authentication can work alongside existing Mobile Device Management ( MDM), Endpoint Detection and Response (EDR), and identity tools. This is possible when these tools share real-time context and...
Why is Mutual Authentication Important in Secure Communication?
Mutual authentication is important in secure communication because it is a process where both entities verify each other’s identities before establishing a connection. In a network environment, the client and...
What’s the difference between device authentication and device attestation?
Device security is more important than ever. Just one compromised device can give attackers access to your whole network. Because of this, security professionals depend on device attestation and authentication....
Why Should I Use EAP?
The Extensible Authentication Protocol (EAP) provides a standard framework for authenticating users and devices to a network. It uses various authentication methods, such as tokens, smart cards, digital certificates, and...
What is the difference between TLS and EAP-TLS?
TLS and EAP-TLS might seem identical initially since they depend on encryption and certificate-based authentication. TLS and extensible authentication protocols-transfer layer security (EAP-TLS) are often discussed in network security. They...
What are the three components in the 802.1X system?
The 802.1X system has three primary components: the supplicant, the authenticator, and the authentication server. The supplicant is the part of the device that requests access, the authenticator is the...
Is EAP-TLS The Same as PEAP?
Extensible Authentication Protocol-Transport Layer Security (EAP-TLS ) and Protected Extensible Authentication Protocol (PEAP ) are both authentication protocols used in the 802.1x framework, but they are not the same. The...
What Is The Gold Standard Of Network Security?
Extensible Authentication Protocol-Transfer Layer Security (EAP-TLS) is considered the gold standard for network security. It allows digital certificates to be deployed on WPA2-Enterprise with 802.1X authentication. EAP-TLS uses asymmetric cryptography...
How Does WPA3 Improve Wi-Fi Security Compared To Previous Protocols?
Wireless Protocol 3 (WPA3) improves Wi-Fi security compared to the WPA2 protocol, as it provides individual data encryption, side channel protection, and a more robust authentication mechanism through its 192-bit...
What is 802.1x Authentication Used For?
802.1x Authentication is a network security standard that grants access to wired and wireless networks by validating authorized users and devices. The 802.1X protocol is the IEEE Standard for Port-Based...
Your Guide To Wi-Fi Security
Wi-Fi is now a necessity. However, its convenience also makes it a prime target for cyber threats. As the number of Wi-Fi-enabled devices skyrockets, so do security risks. Attackers exploit...
How Does a Man-in-the-Middle (MITM) Attack Compromise Wi-Fi Networks?
A MITM happens when attackers hijack a communication channel to intercept and steal data. In this type of attack, they position themselves between a user and an application, silently capturing...
What is an Evil Twin attack in Wi-Fi, and how can I protect against it?
Imagine you’re out shopping, getting coffee, or waiting for a flight. You quickly want to check your messages or search for something, so hop on a free public Wi-Fi network....
SCEP vs. Dynamic SCEP
Simple Certificate Enrollment Protocol (SCEP) streamlines secure certificate issuance across networked devices, enabling scalable authentication and encryption. Instead of relying on manual provisioning, SCEP automates the process, allowing devices to...
What is MAC spoofing, and how does it affect Wi-Fi security?
MAC spoofing is when an attacker tricks a network by faking a device’s unique ID (MAC address) to gain unauthorized access or disrupt communication. This attack can happen in different...
Enabling Okta Device Trust for any MDM
The traditional network perimeter is a relic of the past. With remote work now common, users need secure access from anywhere, making outdated security models ineffective. Relying on perimeter-based defenses...
Top PKI Management Tools For A Network
Organizations should prioritize automated certificate lifecycle management to maintain complete visibility and granular control over who and what accesses their network. Managing certificates manually—distributing, renewing, and revoking them—quickly becomes tedious...
Can I Use Azure With A RADIUS Server?
Organizations worldwide are making the transition to cloud-based network solutions. To ease the transition, Microsoft created Entra to aid clients in moving their directories from on-premise Active Directory (AD) to...
Configuring Certificate Auto-Enrollment with Microsoft GPO
Enterprises that use Public Key Infrastructures (PKI) will have to issue and manage tens or even hundreds of thousands of digital certificates. Keeping track of all those certificates may seem...
Complete Guide To Certificate Authorities
Imagine walking into a vast library, seeking a single book among millions. Without a librarian or a catalog system, you’d be lost. In many ways, the internet is that library,...
Without Server Certificate Validation, WPA2-Enterprise Isn’t Secure
Your users have strong, unique passwords, your networks are protected with WPA2-Enterprise encryption, and you use 802.1x for authentication. WPA2-Enterprise is the gold standard when it comes to security, so...
Microsoft PKI Best Practices
A Public Key Infrastructure (PKI) is an 802.1x network security solution that uses public-private key cryptography to authenticate users for online resources. PKIs can be configured to authenticate for Wi-Fi,...
How to Configure Kandji SCEP Profile
Digital certificates have, time and again, proven to be more secure than credential or password-based authentication as they are phishing-resistant. However, manually distributing digital certificates is a considerable challenge for...
What Are Virtual Smart Cards?
In the world of authentication cybersecurity, a device growing in popularity is the Smart Card. A smart card, like those produced by Yubico, is a cryptographic tool that allows users...
SHA-2 vs ECC: Digital Certificate Encryption Advancements
Cryptographic systems are at the heart of digital certificates, enabling encryption, authentication, and integrity. SHA-2 and ECC are two pivotal technologies that protect everything from SSL certificates to system integrity...
2024 Security Analysis of PEAP-MSCHAPv2
These days, wired and wireless (Wi-Fi) networks are ubiquitous. Organizations need these connections to perform critical business functions, but these connections are susceptible to various ever-evolving cyber threats. As a...
Network-as-a-Service (NaaS): Explained
NaaS, or Network as a Service, is a cloud-based networking model that modifies how businesses handle and use their networks. Instead of having a lot of network equipment on-site, you...
[Solved] Jamf Casper Certificate Error
Apple devices and gadgets have been unparalleled in cutting-edge technology and customer satisfaction over the years. In a recent interview, the CIO of Jamf Linh Lam predicted Apple to reach...
WPA3-Enterprise: Should you Adopt It?
WPA (Wi-Fi Protected Access) was created in the early 2000s when IT professionals quickly realized that WEP (Wired Equivalency Protocol) had terrible security vulnerabilities. WPA2 was ratified in 2004 as...
Complete Guide to Android 802.1X
In this article, we’ll examine a crucial authentication method for keeping your Android devices secure while connecting to networks. It’s called 802.1X authentication. This specific security approach ensures only the...
The Dangers of Self-Signed Certificates
Self-signed certificates continue to pose critical risks to organizations prioritizing secure communication. While they may seem convenient for quick deployments, their inherent vulnerabilities can lead to severe security and operational...
Solved: Error “Cannot Manage Active Directory Certificate Services”
Admins configuring Active Directory Certificate Services (AD CS) for their network may encounter the following error message: Cannot manage active directory certificate services. The system cannot find the file specified:...
How Safe Is The EMF Exposure From Wi-fi?
Most people use Wi-Fi, which emits electronic and magnetic fields (EMF). But are the EMFs from Wi-Fi dangerous? The short answer is no, but we'll dig into the question further.
A Guide to Server Certificates
Server security is critical in today’s digitally driven environment. The server certificate, a digital document that verifies the identification of a website or server, is fundamental to Internet communication security....
Top 6 Ways To Prevent Your Network From DNS Poisoning Attacks
As we increasingly rely on the internet for both personal and professional activities, understanding the potential threats to our online security becomes essential. A prevalent and significant risk is DNS...
An Overview Of Passpoint In Network Infrastructure
Wi-Fi access has evolved from the manual selection of Service Set Identifiers (SSIDs) to the automated, secure connectivity of Passpoint. Initially, users had to browse a list of available SSIDs,...
All that You Need To Know About Public Key Encryption
We are living in a time where wireless security is imperative because private data and personal information are uploaded online. As the amount of online data increases, so does the...
Drawbacks of NPS in a Cloud Environment
Organizations want different technologies to work well together and integrate smoothly so they can be used more efficiently. The combination of Microsoft Azure and Network Policy Server (NPS) frequently generates...
Why is It Safe to Migrate AD CS from SHA-2 to SHA-1 In 2024?
It’s imperative for organizations to fully switch from SHA-1 to SHA-2. The National Institute of Standards and Technology (NIST) stated SHA-1 should not be trusted, PCI Compliance scanners no longer...
Why Do You Need S/MIME Encryption In Network Security
S/MIME stands for “Secure/Multipurpose Internet Mail Extensions”. It’s an IETF standard for public key encryption and creating a digital signature for MIME data. In essence, S/MIME uses a PKI to...
WPA vs WPA2- The Better Wifi Authentication
Wireless networks are omnipresent. You may have access to many wireless networks, whether in a neighborhood coffee shop, a school, or home. However, it’s hard to tell which ones are...
How to Use Active Directory Set-up For Wi-Fi and CloudRADIUS
Organizations that leverage Microsoft Active Directory (AD) often want to connect their core user identities to their Wi-Fi network. The goal is to enable users to authenticate uniquely to the...
An Overview Of Certificate Revocation List In A PKI
What is a Certificate Revocation List? A certificate revocation list, more commonly called a CRL, is exactly what it sounds like: a list of digital certificates that have been revoked....
What Is RADIUS Certificate-Based Authentication?
As cyber security risks increase and secure access to network resources is required, organizations are adopting different authentication methods. RADIUS certificate-based authentication is one of those methods that increase the...
How to Integrate with Entra ID For Effective Certificate Management
The transition from on-premise Active Directory (AD) to cloud-based Azure AD (Microsoft Entra ID) can be tricky, leaving Azure admins searching for an easy way to migrate. Unlike AD, there...
How to Configure Dynamic VLAN for EAP-TLS
Researching and implementing new cybersecurity technologies is a vital aspect of maintaining an effective network for your organization. But transitioning to more up to date security measures often comes with...
Certificate Lifetimes – Is 20 Years Too long?
Over the last few years, software makers have begun cracking down on certificates that do not expire soon enough. Most browsers will reject any SSL certificate with a lifetime longer...
Can I Use OAuth 2 With ADFS?
What is ADFS? Active Directory Federation Service (ADFS) is a software component developed by Microsoft to provide Single Sign-On (SSO) authorization services to users on Windows Server Operating Systems. ADFS...
Best EAP Method to Configure a Secure WiFi Network
Extensible Authentication Protocol (EAP) is a strong security layer and authentication framework used in Wi-Fi networks. It provides various methods to verify the identities of users and devices before granting...
The Importance of Device Attestation for Zero Trust
Here, you can learn the concepts of device trust and cryptographic principles of attestation in ensuring security of your organization.
Adding a Trusted Root Certificate Authority to Group Policy Objects
Organizations that want the best in authentication security should look no further than certificate-based authentication. When compared to using credentials for authentication, it’s simply no contest. The two pillars supported...
PKI Smart Card Authentication for Enterprise
Companies and governments around the world are finding more and more uses for PKI smart cards – especially for identity management. These tiny chips can be found in a multitude...
Passwordless Magic Link Authentication: Explained
Want to know how magic links work? Read on to know more about magic links other passwordless authentication methods for network security.
You Don’t Need LDAP for 802.1X Anymore
Without protection, your organization’s network is vulnerable to cyber attacks. The 802.1X protocol heightens network security by introducing RADIUS servers for authentication, and Lightweight Directory Access Protocol (LDAP) has commonly...
Using Multi-Factor Authentication for Network Security
Many inquiries that we receive reference Multi-Factor Authentication (MFA) and how it can be used to improve the network security. MFA is a process that requires more than one form...
How to Check if a Digital Certificate is Revoked
A critical component of EAP-TLS certificate-based authentication is properly managing certificates, which includes confirming that they have been properly revoked AND placed on the list of revoked certificates so the...
How to Set up Device Identification in Defender for Cloud Apps
Want better visibility and control on all devices in your network for efficient device management? Try Defender Device Management with us.
Which Devices Support Passpoint and OpenRoaming?
OpenRoaming & Passpoint Wi-Fi makes the use of mobile devices on the go more secure. Find out what devices and OS support Passoint.
Expanded Windows Hello for Business + Yubikey Login
SecureW2 has developed two solutions that offer major functionality upgrades to Windows Hello for Business: A Yubikey Management Solution that allows you to use your Azure AD or AD directory...
(Solved) Android 11 Samsung “Deep Sleep” Wi-Fi Connectivity Issue
Android devices have long had an “app sleep” feature designed to reduce power usage for infrequently used apps, and it’s not a new problem that it can cause apps to...
What is Microsoft NPS?
In an era dominated by cloud-centric solutions, Microsoft NPS sets out as an on-premise network security tool for Windows Server. Its primary goal is centralizing network regulations, user identities, and...
How to Use Yubikeys for VPN
Yubikeys are a useful and secure tool for protecting yourself from data theft. They add a layer of authentication and can be used with other authentication methods to further protect...
FreeRADIUS vs. Cisco ISE
Cyber-attacks cost small businesses an average of $84,000 to $148,000, and 60% of those attacked go out of business in 6 months. As organizations continue to grow, it becomes more...
Device-Based vs User-Based RADIUS Lookup
If all the users in your network fit into one single group, RADIUS authentication would be simple. Alas, things aren’t that easy; administrators often find themselves needing to specifically distinguish...
WPA2-PSK is Not Good Enough
In this day and age, employees are accessing their corporate resources wherever they can get a strong wireless signal, whether it be a public hotspot, an airport, or a friend’s...
Why NTLM Authentication is Vulnerable
One of the biggest problems with Windows environments is the insistence to continue to build upon older systems despite the emergence of cloud solutions. Attackers can easily gain access to...
Everything You Need to Know About PEAP Security
Since most transactions and communication are done over networks today, the security of these networks can’t be overlooked. Securing your network connections has never been more critical, as the data...
A Security Analysis of WPA-Personal
In the continuous effort to strengthen wireless network security, Wi-Fi Protected Access (WPA) represents a significant turning point. Data transmission over airwaves is becoming increasingly common in the ever-expanding digital...
MobileIron vs MEM Intune: Top MDMs Compared
Mobile devices like phones, tablets, and laptops are being used for work more than ever, especially after the COVID-19 pandemic. Remote work and hybrid workplaces are the new normal, making...
What is the Trusted Root Certification Authorities Store?
A Certificate Authority (CA) is the entity that handles the certificate distribution for a PKI. Certificate Authorities assist in validating the identities of different websites, individuals, and devices by providing...
Does Rotating Preshared Keys Improve Security?
Wifi Protected Access 2 – Pre-Shared Key (WPA2-PSK), a wireless security standard from 2004, is still used by many organizations today. And although it’s safer than its predecessors, WPA2-PSK relies...
Designing a Zero Trust 802.1x Network
As hackers get more sophisticated and hands-on, network security strategies have to adapt to meet the new challenge. An old idea that has recently been given new life is the...
OCSP vs CRL: The Best Bet To Revoke Certificates In A PKI
OCSP support is not included in the current roadmap of SecureW2 for some key reasons. Here’s a brief overview of your options for certificate revocation: What is OCSP OCSP stands...
Passwords vs. Digital Certificates For RADIUS Authentication
Businesses understand the importance of passwords for private data security but might not realize that using a network with passwords poses many security threats. As hacking techniques become more advanced,...
Deploy Yubikeys For Secure Wi-Fi in WPA2-Enterprise Network
Security keys are useful tools for hardening your devices with an additional factor of authentication. Did you know that same protection can be extended to your network? SecureW2, a Yubico...
A Guide To Client Certificate Mapping In Active Directory
Certificate mapping, in a general sense, refers to the tying of an identity to an X.509 digital certificate. In practice, the term is mostly used in the context of Microsoft’s...
Is EAP-TLS Safer than PEAP-MSCHAPv2 in 2024?
The short answer is: Yes. Organizations that are interested in moving from the unsecure PEAP-MSCHAPv2 protocol to the superior EAP-TLS protocol might be worried about huge infrastructure overhaul or the...
Configuration Guide For WPA2-Enterprise On Operating Systems
Automation is critical for a positive user experience; the faster a monotonous task can be finished, the more time users can focus on important activities. Network authentication can operate the...
A Guide To Configure Certificates In Your Yubikey PIV Slots
Physical security tokens like the Yubikey have smartcards that can be configured to store several certificates, the quantity of which depends on the specifications of the secure cryptoprocessor at the...
How To Renew SSL and Client Certificates For Secure Network
Automate certificate distribution and lifecycle management with industry best managed PKI solution. Continue reading to know more.
Configure 802.1X Authentication with Microsoft Office 365 Suite
We are living in an age where basically every person has an online footprint, whether it be for entertainment or to conduct business. Since millions of people are taking their...
Configure RADIUS on Windows Server 2008
The name RADIUS needs no introduction whenever you imagine a wired or wireless authentication server. Commonly referred to as AAA servers, RADIUS performs the core task of Authentication, Accounting, and...
What is WEP Security?
As we all know, wireless networks simplify numerous business procedures while providing trustworthy security. As a result, a user must be familiar with wireless networks and how they might facilitate...
Preventing Man-in-the-Middle (MITM) Attacks: The Ultimate Guide
A man-in-the-middle (MITM) attack is an incredibly dangerous type of cyber attack that involves a hacker infiltrating a private network by impersonating a rogue access point and acquiring login credentials....
RADIUS Server Authentication: Explained
A RADIUS server prevents unauthorized access to your network - and, thanks to services like Cloud RADIUS, this powerful authentication tool is more accessible than ever.
Best Practices for Storing X.509 Private Keys
X.509 certificates play a crucial role in guaranteeing the authenticity and integrity of communications. However, organizations that rely on the security provided by certificates also need to address a concern:...
Is there an Alternative to Windows NPS?
Microsoft’s Network Policy Server (NPS) is a AAA RADIUS server used for a number of different types of network connections. It can be used for wireless authentication, VPN connections, dial-up,...
What’s the Difference between OpenRoaming and Passpoint?
Advances in Wi-Fi infrastructure are coming at a rapid-fire pace these past few years, and it’s a little difficult to keep up. Some of the most exciting news has been...
SCEP Security Best Practices
Simple Certificate Enrollment Protocol (SCEP) makes certificate issuance easier, scalable, and secure. SCEP relies on HTTP and uses RSA cryptography. It lacks support for online certificate revocation, thus limiting its...
Windows RADIUS Server Pros and Cons
There are thousands of deployed instances of Windows RADIUS Server across the world, but users still debate its capabilities to keep their large networks intact and secure, giving rise to...
Guide to AD CS Policies and Enforcement
What is AD CS Used For? Active Directory Certificate Services (AD CS), a Windows server software solution, is used for issuing and managing x.509 digital certificates and provides Active Directory...
5 Network Access Control (NAC) Best Practices
Cybercrimes have been a cause of concern for organizations in recent times, especially when they are expanding remotely. Even nations’ policymakers have expressed concern about the surge in cybersecurity attacks over the...
What is PKCS11?
High-profile data breaches from major organizations such as Equifax, Solar Winds, and even the White House have pushed network security into the forefront of the public eye. One method of...
Can I Use Let’s Encrypt for an Enterprise?
When it comes to accessible Certificate Authority (CA) solutions that are easily available and free, Let’s Encrypt is second to none. They’ve enabled countless people and organizations to enable certificate-based...
How to Configure Azure AD CBA
With the introduction of Azure AD CBA, Microsoft has taken steps to move past using passwords - and your organization can, too.
Setup Microsoft Defender for Cloud Conditional Access App Control
Managed PKI solution for Microsoft Defender for Cloud Conditional Access App Control
Top 3 Ways To Troubleshoot Common Okta Certificate Errors
Okta is one of the leading Identity and Access Management (IAM) service providers for enterprises around the globe. Okta supports binding identities to digital certificates, but you might encounter one...
Certificate Management Guide For Google Workspace
Google Workspace is one of the most common Identity Providers used by enterprises today. The Google ecosystem includes a number of easy tools organizations can use in their daily operation,...
Attack Vectors That Leave Your 802.1X Network Vulnerable
When used correctly, 802.1X authentication is the gold standard for network security. However, even seasoned IT professionals fail to recognize some key points of attack. If they are left unchecked,...
Troubleshoot Okta RADIUS Internal Server Error
Okta is one of the leading Identity and Access Management (IAM) service providers for enterprises around the globe. They provide a great user experience, but sometimes you might encounter some...
Group Policy vs. Intune Profiles: A High-Level Comparison
Microsoft has many policy management tools to secure client devices in an organizational environment. Microsoft Group Policy and Intune Profiles are commonly used solutions in different environments, catering to different...
The Best Cloud RADIUS Server For Authentication
Due to the COVID-19 pandemic, employees are working from home now more than ever before. According to a Stanford study, an incredible 42 percent of the U.S. labor force now...
Guide: How To Build A PKI Certificate Authority
What is a Certificate Authority? A certificate authority (CA) is an entity that distributes digital certificates. A digital certificate certifies the ownership of a public key by tying it cryptographically...
Overview: Root And Intermediate Certificates
One of the main problems in online communication is trust. Let’s say you communicate with your bank through their website: how can you be sure the bank’s page is real...
Configure Okta Client Certificate Authentication
In this article, you can learn integrating digital certificates with one of the leading identity providers, Okta.
WPA2-Password Safety In An Enterprise Network
When you try to connect to a Wi-Fi network and are asked for a password, do you ever find it hard to figure out what to do? You’re not by...
Why is EAP-TTLS/PAP Not Safe in 2024
When designing a new network, there are countless features to consider that significantly impact the organization at large. Few functions of the network impact users more than the authentication method...
Configure Microsoft GPO with RADIUS Authentication
Integrating Microsoft’s Group Policy Object (GPO) with RADIUS authentication effectively improves network security and access control. GPO enables administrators to apply policy settings for specific user groups, ensuring that individuals...
Can I Set Up Microsoft NPS in the Cloud?
Microsoft Network Policy Server (NPS) is Microsoft’s AAA RADIUS server. It authorizes and authenticates users and devices for network connections. NPS is an on-premise RADIUS server and uses the Active...
Guide: TLS Authentication and How It Works
The essence of Transport Layer Security (TLS) requires understanding two key concepts: encryption and authentication. While encryption ensures that the data transmitted between your browser and the web server is...
WEP vs. WPA vs WPA2- The Better Wifi Authentication
One key component of wireless security is encryption, which is the process of encoding data before it is transmitted over the air. Only authorized parties with the correct decryption key...
Analysis Of Windows On-Premise vs. Cloud PKI Servers.
The definition for a Public Key Infrastructures (PKIs) varies among cyber security professionals, but is generally considered a collection of components that give everything an organization needs to issue and...
MAC Auth Bypass In 802.1X Network: An Overview
A look at how RADIUS MAC Auth Bypass and MAC Address Filtering can help secure and manage your IoT devices.
An Overview of Server Certificate Validation in Android 13
Integrating the capabilities of two leading operating systems, Android and Windows, have been a dream for most tech-savvy enthusiasts across the globe. Microsoft is going to offer this upgrade by...
How to Create Network Policies Based on Intune Device Compliance
Intune's device compliance attribute is a powerful tool for managing the devices on your network. Here's how you can turn it into a robust network policy with SecureW2.
Can you Authenticate RADIUS with YubiKeys?
As YubiKeys achieve widespread adoption, the industry keeps finding more and more uses for the powerful little device. One of the more interesting use cases for YubiKey is AAA/RADIUS authentication....
8 Top IAM Platforms
In the expanding digital environment, users are signing in from various devices such as smartphones, laptops, and tablets. Whenever a user logs in, onboards, offboards, resets a password, or changes...
Best Practices for Certificate Authority Management
An ever-growing trend in authentication cybersecurity is the replacement of credential-based authentication with certificates. Credentials are simply incapable of protecting a secure network. According to the 2019 Verizon Data Breach...
AD CS Certificate and Security Configuration Exploits
Active Directory Certificate Services (AD CS) is a critical platform in cybersecurity, providing infrastructure for managing certificates within an organization. At the heart of AD CS lies the Public Key...
Do RADIUS Servers use AD?
Do you know what facilitated back-office IT functions for any business twenty years ago? It was Active Directory, Microsoft’s user directory system. Because Active Directory simplified the task for organizations to...
The Four Stages of a Certificate Lifecycle
Digital certificates are electronic credentials that are used to authenticate the identities of individuals or devices using a particular network. It’s helpful to think of certificates with similar functionality as...
What is TLS Encryption?
Transport Layer Security is a protocol that ensures privacy and data integrity between two communicating applications. It’s the most widely deployed security protocol used today and is incorporated into web...
NAC Vendors: Cisco ISE vs. Aruba Clearpass
The rise in the popularity of remote work has caused a massive portion of the workforce to stay home. This is made possible by advanced BYOD devices with top-notch technical...
How AAA Servers Work
WPA2-Personal is common in homes and cafes – a security type requiring a preshared key (PSK). But some networks cannot be secured with a password, they want a username and...
The History of RADIUS Authentication Protocol: IEEE 802.1X
The Internet has been one of our most transformative and fast-evolving technologies. According to Satista.com, the internet user base increased from 413 million in 2000 to nearly 4.9 billion in...
Troubleshooting Common SCEP Errors
Simple Certificate Enrollment Protocol (SCEP) automates certificate distribution to issue and manage network certificates for users and devices securely. SCEP protocol addresses certificate enrollment without any intervention by end users. ...
Jamf vs. Intune: The Best Way to Manage Apple Devices
The rise in hybrid work culture has increased the usage of mobile devices such as smartphones and tablets for corporate purposes. Organizations must strengthen the security of these devices to...
A Comprehensive Review of Certificate Pinning: The Challenges and Alternatives
While digital certificates undoubtedly provide a more secure authentication method than passwords, some organizations still fear the possibility that certificates can be issued to unauthorized parties. Certificate pinning is a...
A Deep Dive into the Security of WPA2-PSK
In Wi-Fi security, one protocol stands out for its widespread adoption and significant role in protecting data: WPA2-PSK. This protocol, short for Wi-Fi Protected Access 2 – Pre-Shared Key, has...
Can You Use Certificates for Single Sign-On (SSO)?
Forgetting your password is one of the worst things about the internet. Unfortunately, it is encouraged to create complex passwords, making remembering them more difficult. Consequently, a considerable number of...
[Solved] Enterprise PKI OCSP Error
Certificate Management has emerged as one of the better alternatives to avoid the vulnerabilities of credentials in modern-day cyberspace. Here’s a recent incident of a high-profile data breach involving credentials...
How Does WPA-Enterprise Secure Your Network
Securely authenticating network users is a fundamental aspect of network security and is the source of significant challenges for many network administrators. Authentication security has never been more important; In...
How To Solve the NPS Error Code 66 in Meraki?
The RADIUS server plays a vital role in the authentication within a network infrastructure. NPS (Network Policy Server) is Microsoft’s own RADIUS solution that performs a similar role of filtering...
Public Key Infrastructure- A High-Level Overview
Digital signatures are pivotal to cybersecurity. They offer a robust mechanism to verify the authenticity and integrity of a document or message. Imagine sending a handwritten letter; your signature assures...
How To Test MITM Attacks And Protect Networks
A man-in-the-middle (MITM) attack is a highly effective type of cyber attack that involves a hacker infiltrating a private network by impersonating a rogue access point and acquiring login credentials....
How To Use RadSec For A Secure Roaming Network
Integrating a RADIUS server with your network security infrastructure is a wise decision. RADIUS or AAA (Authentication, Authorization, and Accounting) servers guard your network against unauthorized access by verifying individual...
Public vs Private Certificate Authority
Certificate authorities (CAs) play a critical role in securing digital communications and data exchange. Organizations must choose between public and private CAs based on their unique security requirements, use cases,...
MacOS AD Bind Issues Post Microsoft Kerberos Update
On October 11th, 2022 Microsoft pushed an update to enforce domain controller validation for Active Directory. The purpose of this update is to shore up a security bypass vulnerability that...
Smart Cards for Identity Authentication and Access Security
Smart cards, occasionally called chip cards or integrated circuit cards (IC or ICC), are a broad family of physical electronic authentication devices. More practically, they’re physically-secured microprocessors used to control...
List of Devices Supporting 802.1x
It is hard to imagine life without Wi-Fi, both in personal or professional spaces but we can not deny that it has parallelly caused the transmission of more and more...
How to Enable Windows Machine Certificate Authentication
Whether you use Windows, macOS, or any other operating system, deploying digital certificates for your device can be the most impactful step to strengthening your network security. Digital certificates use...
Why Apple Wants You to Use ACME vs. SCEP
In this article, we will discuss the latest ACME protocol that you can use for your iOS devices for a smooth transition to digital certificates with minimum effort.
LDAP Authentication with Azure AD
LDAP (Lightweight Directory Access Protocol) authentication can confirm user identities across a network. It uses a centralized directory system for user authorization and authentication. On the other hand, Microsoft offers...
Understanding Phishing-Resistant MFA in Azure AD
On an average day, most employees have to log into numerous different applications and resources at work. The influx of applications necessary for work has led to an exponential increase...
How to Generate Root & Intermediate CAs
With 10 million attacks targeting usernames and passwords occur every day. it’s not a bad idea to drop passwords wherever possible. A proper PKI allows your network to utilize certificate-based...
What’s the Difference between RADIUS, TLS, and EAP-TLS?
There are many components involved in running a secure network. It’s very easy to get bogged down by different terminology and be confused about what exactly each component does. This...
How To Set Up 802.1X Using Azure AD
You can configure 802.1X using Azure AD by syncing it with an LDAP server or enrolling every device with an x.509 certificate.
Windows Defender Credential Guard and PEAP MS-CHAPv2
In today’s evolving world of cybersecurity, protecting data and user credentials is of utmost importance as it is the biggest threat to an organization’s security. Microsoft has implemented two security...
Active Directory Certificate Services (AD CS): Explained
There are many components involved in running a certificate-based network. You need to establish trusted servers and certificate authorities (CA), make sure devices can enroll for certificates, authenticate users, manage...
FreeRADIUS with Google LDAP: How Does it Work?
Is an authentication system built around FreeRADIUS with Google LDAP more economical? Learn the truth about this setup here.
What is the Most Secure Method of Wi-Fi Authentication?
The first layer of defense for a wireless network is the authentication process. With a strong authentication barrier, an organization can feel confident that only approved network users are able...
What is RSA Asymmetric Encryption? How Does it Work?
Encryption is the systematic process of converting plain, readable information, or data, into an unreadable format to prevent unauthorized access. This process is achieved by implementing a set of rules...
PEAP-MSCHAPv2 Vulnerability Allows For Credential Theft
In 2013, Microsoft released a report of a known security vulnerability present within Wi-Fi authentication. The 802.1x authentication protocol known as PEAP-MSCHAPv2, a widely supported standard, can be exploited to...
2024 Guide to Android Network Settings
Android network settings are critical for ensuring a seamless connectivity and security for users. These settings cover a variety of parameters controlling VPN connections, mobile data, and Wi-Fi, among other...
How to Enable MFA for Google Workspace
Cyber-attacks are becoming more sophisticated, with hackers exploiting every available option to infiltrate your network. One-step authentication methods, such as using a login ID and password, are no longer enough...
Troubleshooting Commonly Encountered Okta Sign-In Errors
Okta is one of the leading identity and authentication platforms compatible with both cloud and on-premise directories. They provide a great user experience, but sometimes you might encounter networking errors...
High Level Comparison Of User Certificate vs. Device Certificate
The popularity of digital certificates has been soaring day by day with the advancement of cloud technology. It has already replaced the traditional usage of credential-based protection in various IT...
Internal Or External CA- The Best Bet For Your Organization?
Public Key Infrastructures (PKI) are widely used by organizations because they secure communications among servers and clients with digital certificates and certificate authorities (CA). Certificates are a combination of cryptographic...
SHA-256 vs. SHA-1: Which Is The Better Encryption?
Sending information in clear text over the air is a tremendous risk in today’s complex cybersecurity environment. Hackers constantly evolve attack vectors to target sensitive data in transit, but encryption...
Your Guide To Renew Certificates On Microsoft CA
Organizations can leverage digital certificates to build a robust network, as certificates use public-private key encryption to encrypt information sent securely over-the-air. Managing digital certificates for a smaller organization is...
How To Enable RADIUS CBA On Google Workspace?
If the cybersecurity community could be compared to a court, the jury has reached its verdict: it’s time to move past outdated pre-shared keys as a means to network authentication....
An Overview Of RADIUS Certificate-based Authentication
With an increasing number of cybersecurity risks and the necessity for secured access to network resources, organizations are implementing various authentication methods. RADIUS certificate-based authentication is one of these techniques,...
MAC Spoofing Attacks Explained: A Technical Overview
New cyberattacks and breaches are reported every day in our news feeds. Cybercriminals target people as well as large corporations and other businesses. One of the many techniques hackers employ...
Does LDAP work with Entra ID? Yes and No
To make a long story short: Microsoft offers the ability to sync Azure AD (Microsoft Entra ID) with an LDAP server, which can suffice as a short-term solution. This means...
Microsoft Intune Enterprise Wi-Fi Profile Best Practices
Microsoft Endpoint Manager (Intune) is a stellar MDM that we frequently encounter in managing managed devices, especially when the enterprise size is large, and we need to have centralized control...
SCEP( Simple Certificate Enrollment Protocol): A Complete Guide
Distributing certificates to managed devices can be a monumental task with a lot of moving parts that need to be accounted for: PKI integration, establishing a gateway, configuration policies, certificate...
AD CS Certificate Templates: Security Best Practices
Microsoft AD CS allows administrators to establish their domain’s CA to deploy a digital certificate with Microsoft PKI Infrastructure. To properly run their PKI infrastructure and after establishing their hierarchy, administrators...
A Complete Guide To Wi-Fi Security
In the modern world, it seems as though it would be nearly impossible to function without access to the wireless internet. People everywhere rely on Wi-Fi for everything from entertainment...
How To Configure 802.1X for Ubiquiti UniFi
In an era where network infrastructures must run smoothly, protecting sensitive data and securing connections is crucial. Ubiquiti UniFi is a market leader in networking solutions, providing a dependable and...
A High-Level Overview of Windows 802.1x Authentication
802.1X is a network security protocol that enhances the security of a network by requiring authentication before granting access, preventing unauthorized network access. In Windows environments, 802.1X is widely employed...
Windows Access Control: ACL, DACL, SACL, & ACE
Read this to know more about access control list and its components and the best way to secure your enterprise network.
How to Resolve NPS Reason Code 22
Remote Authentication Dial-in User Service (RADIUS) is integral to network infrastructure, especially for authentication, authorization, and accounting (AAA) purposes. NPS (Network Policy Server) is Microsoft’s RADIUS server, replacing its age-old...
Certificate Signing Requests: Explained
X.509 digital certificates use the X.509 Public Key Infrastructure (PKI) to certify a public key to a user, device, or service identity embedded in the certificate. A PKI encapsulates the...
Why You Shouldn’t Use NPS with Azure AD (Microsoft Entra ID)
Since cloud-based solutions are becoming the norm today, knowing how different identity and access management tools work together and what they do is important. This article details Microsoft NPS (Network...
[Solved] Wi-Fi Security Certificate Error
Functioning in the current world would be virtually impossible without access to wireless internet or Wi-Fi. Wi-Fi is used by people all over the world for everything from entertainment to...
Configuring SCEP Profiles in Intune: A High-Level Overview
Nowadays, network admins have started to come around to the benefits of digital certificates, which is a justified response given the superior cryptographic protection compared to traditional passwords and usernames....
EAP-TLS vs. EAP-TTLS/PAP
Choosing the right authentication protocol is more than a matter of security. Authentication is the critical check ensuring only rightful users can access certain data or networks. The decision between...
8 WiFi Hacks: How They Work and Preventive Measures
Our lives now wouldn’t be the same without an internet connection, and WiFi networks give us quick and easy access. Nonetheless, hackers find WiFi networks a desirable target due to...
What is NAS-ID?
The Network Access Server (NAS) is the frontline of authentication – it’s the first server that fields network authentication requests before they pass through to the RADIUS. The NAS Identifier...
How To Revoke Certificate in Windows (AD-CS)
Digital Certificates are an integral part of a Public Key Infrastructure (PKI) and cybersecurity as a whole. The certificates can encrypt communications and authenticate the identity of users and machines....
Complete Guide to MacOS 802.1X
Implementing robust authentication protocols is paramount in today’s hyper-connected digital environment, where data security and network integrity are paramount. MacOS 802.1X authentication stands out among these protocols as a crucial...
WPA2 vs 802.1X: What’s the Difference?
Nowadays, there are numerous methods and types of encryption used to secure networks. Businesses should look beyond using WPA2-PSK, which isn’t secure enough for their needs. It’s easy to get...
How Does SSH Certificate Authentication Work?
Secure Shell (SSH) certificate authentication provides a robust method for authenticating users and hosts connecting to an SSH server. As a protocol, SSH prevents unauthorized parties from accessing systems remotely....
How to Configure RADIUS on Windows 2016: A Detailed Guide
A WPA-2 Enterprise network is incomplete without a RADIUS server, thanks to its triple role of Authentication, Accounting, and Authorization (AAA). Any robust network security demands all three functions for...
What to Expect When You’re Adopting the JoinNow Platform for BYODs
If we were to define our platform briefly, we’d say that SecureW2 makes it easier to transition to passwordless security by providing an easy Public Key Infrastructure (PKI) and RADIUS...
What to Expect When You’re Adopting the JoinNow Platform for Managed Devices
In a nutshell, SecureW2 helps organizations achieve passwordless network access by providing a managed Public Key Infrastructure (PKI) and RADIUS service. These two core products work together to empower wired...
EAP-TLS Explained: How It Works and Why It’s Secure
Extensible Authentication Protocol–Transport Layer Security (EAP-TLS) is an IETF open standard defined in RFC 5216. More colloquially, EAP-TLS is the authentication protocol most commonly deployed on WPA2-Enterprise networks to enable...
RADIUS Events Logs: How to View and Access Them
RADIUS servers are often called AAA (authentication, authorization and accounting) servers because they perform each of those three functions. Accounting – which refers to the process of tracking events as...
A Complete Guide to Configuring Microsoft RADIUS Server
Need a solution for your network authentication, authorization, and accounting (AAA) requirements? RADIUS has been around for decades, used by thousands of organizations. Without a RADIUS server, authentication would have...
802.1X EAP-TLS Authentication Flow Explained
For many organizations, the IEEE 802.1X authentication mechanism for Port-Based Network Access Control is the first line of defense against outside attack. It’s also one of the most commonly targeted...
WPA3: The Ultimate Guide
The network type Wi-Fi Protected Access (WPA) has been upgraded once since its inception in 1999. In 2004, it was replaced by WPA2, which has stood as the standard for...
Android 11 Server Certificate Validation Error and Solution
*Updated Feb 2021 The dust has settled on the Dec 2020 Android 11 update and, for better or worse, the effects on network authentication have not been as drastic as...
EAP-TLS vs. PEAP-MSCHAPv2: Which Authentication Protocol is Superior?
Ensuring network users are able to securely authenticate to the wireless network is paramount to the overall safety and security of your organization. So many attacks are aimed at exploiting...
How to Manage Certificates with Intune (MEM Intune)
Network administrators often feel certificate management to be challenging at times, especially in finding the right PKI for certificate deployment. They either end up paying for a pricey PKI...
What Is Apple Captive Network Assistant?
Maintaining a safe connection is of the utmost importance in the hyper-connected world we live in today, where we use the internet for almost everything. Yet, the security of public...
Network Security Basics—Definition, Threats, and Solutions
The adoption of remote work, cloud computing, and integrated IoT devices leads to complexities of securing computer networks and network security infrastructures. The evolution of cyber threats—from sophisticated malware attacks...
How to Set Up AD CS PKI Certificates with Jamf
As credential-based authentication becomes increasingly insecure, many organizations see the benefit of moving to passwordless security methods such as digital certificates. Implementing certificates, however, requires the implementation of a Public...
What is a Hardware Security Module (HSM)?
Data security has never been more critical. Hardware Security Modules (HSMs) are pivotal in safeguarding the cryptographic infrastructure of numerous global enterprises. HSMs have come a long way, from niche,...
What is a PKI Token?
Today’s world relies heavily on online interactions, such as collaborating with family, friends, and colleagues on social media or checking our bank accounts. However, this ease of use raises security...
Introducing WebAuth Wi-Fi with Cloud IDPs
It’s no secret that open Wi-Fi networks are infamously insecure, and Pre-Shared Key (PSK) networks aren’t much better. If you tie your organization’s Wi-Fi to a single password and more...
2024 Security Analysis of PEAP-MSCHAPv2
These days, wired and wireless (Wi-Fi) networks are ubiquitous. Organizations need these connections to perform critical business functions, but these connections are susceptible to various ever-evolving cyber threats. As a...
Kandji Enterprise Wi-Fi Profile Settings Guide
With a focus on centralized control of Apple devices, Kandji stands out as an innovative leader in modern enterprise management. IT managers can easily automate device deployment, enforce security policies,...
What is an X.509 Digital Certificate?
X.509 certificates are forms of identification that leverage public-private key cryptography. They are a secure replacement for passwords.
What is a Jamf Push Certificate?
Do you use Apple devices in your work infrastructure? Then you’ve probably heard of Jamf. Jamf Pro is one of the most robust and feature-dense solutions for managing Apple devices....
How to Connect to Passpoint Wi-Fi on iOS
In a nutshell, Passpoint is a protocol developed by the Wi-Fi Alliance that allows users to connect securely to a Wi-Fi hotspot. Designed to operate like roaming works for cellular...
How to Fix the “X.509 Certificate Signed by Unknown Authority” Error Code
X.509 digital certificates are a fantastic way to encrypt communication and authenticate into systems, but they require a little more infrastructure to support than your typical username and password credentials....
Passwordless Authentication: Explained
Do you want to move to effective Passwordless authentication solutions? Read to find out how a robust passwordless solution can enhance your network's security.
Securely Eliminate MFA with Azure AD CBA
Hackers acquired the personal data of over 37 million T-Mobile users, including names, dates of birth, Social Security numbers, and driver’s license information, in a recent incident that featured a...
Using Certificates for Granular Application Access with Microsoft Defender
The cloud presents an enticing opportunity for businesses – it makes important resources available anywhere, allows them to offshore the cost of storage, and can even save them on hardware...
Microsoft Network Device Enrollment Service: Do You Need It?
In this article, we will discuss NDES, its importance in network security, and its benefits for managing devices in an enterprise environment.
Implement Microsoft Passwordless Authentication With Azure AD CBA
In this article, we’ll cover precisely what Microsoft Authenticator App is and how you can quickly onboard to digital certificates.
How Digital Certificates Enable Secure Single Sign-On (SSO)
Users in an organization typically need access to many applications to assign and complete their tasks, access email, write code and communicate with each other. Multiple apps require multiple sets...
Configure Client Certificate Authentication with OneLogin
Configure Client Certificate Authentication on OneLogin and enforce Zero Trust Policy and make your network secure.
Configure Client Certificate Authentication with Ping
As many organizations shift to the digital mode in the post-pandemic era, there is an exponential increase in cloud-based network solutions. Surprisingly, numerous cutting-edge wireless technologies, such as 5G, virtual...
Enrolling Devices for Certificate Auth for OneLogin Device Trust
Amidst uncertainties in times of war, hackers have frequently upgraded their attack modes and penetrated almost every industry you can think of. The Australian cyber-security head has admitted reporting one...
What the Windows 11 TPM Requirement Means for Microsoft
Cyberspace is a rapidly evolving world, and in order to keep up with the pace, tech organizations must evolve at a similar speed. The cyber performance enterprise Riverbed recently analyzed...
Google Cloud Certificate Authorities Service Alternative
The digital world has been on a growth spurt for the past few years as more and more devices have come into being. An average user has at least two...
MFA Options for Cyber Insurance Requirements
More cyber insurance providers require MFA. But why, and what other cyber insurance requirements should you prepare for?
Configuration Guide: Windows RADIUS Server 2012
Anytime there’s a discussion about a wired or wireless authentication, it’s probable that the word “RADIUS server” will come up sooner or later. RADIUS, also known as a “AAA server,”...
Azure AD Conditional Access with 802.1X
The post-pandemic world is witnessing an exponential surge in cloud-based network solutions as many businesses transition into digital mode. Interestingly, many cutting-edge wireless technologies like 5G, virtual reality, and AI...
Digital Signatures: Explained
An effective Zero Trust architecture is built on a foundation of identity context. Digital signatures support a Zero Trust initiative by cryptographically assuring the identity of the signee, answering questions...
[Solved] Okta Sign-in Error
Okta is one of the leading identity and authentication platforms compatible with both cloud and on-premise directories. They provide a great user experience and support, but you may still run...
Cloud 802.1x Explained
What Is Cloud 802.1x? An 802.1x network is unique in one major way; it uses a Cloud RADIUS server as a means of authenticating users. The Cloud RADIUS checks a...
Code Signing with Digital Certificates: Explained
Imagine you’re installing an application and a pop-up like the screenshot above comes up. How can you be sure that the application you’re about to download is really safe? The...
Intune vs. Workspace ONE: The Best MDM for Windows Devices
The technological advancements in the last decade have evolved the use of mobile devices such as smartphones and laptops in the corporate world. Before the pandemic, some organizations were skeptical...
Cloud-Hosted LDAP is Vulnerable with Credentials
Organizations are always looking for a new strategy to increase the convenience of using their network without compromising security. As a result, many have sought out cloud solutions. Read here...
Can I Use Google Secure LDAP for Wi-Fi?
LDAP’s importance cannot be denied. As a protocol, it has greatly simplified the directory search process. Unfortunately, as time goes on, LDAP has begun to grow outdated, especially given its...
Why a Managed PKI (MPKI) is Probably Right for You
If you’ve decided to make the move to secure certificate-based authentication, one of the first things you need to figure out is whether you’re going to build your own Public...
Can PKI Replace Passwords?
There is a new trend that’s taking the IT world by storm: Passwordless Authentication. NordPass estimates that the average user has between 70 and 80 passwords. That’s why people so...
Combining FIDO2 and PKI: Supporting All Your Applications
The world of IT is constantly evolving. This is true due to both advancements in technology and the emerging remote work landscape of the world. Remote work is now commonplace...
What is a Hardware Security Module?
More than ever, businesses and organizations have a responsibility to secure their data. Highly adaptable organizations have begun to implement a PKI as a means to upgrade network security. According...
How To Utilize PKI Certificates
Using a Public Key Infrastructure (PKI) is a great step for any organization choosing to prioritize their network’s security. The primary purpose of a PKI is to manage the public...
5 Reasons AD CS Is Not A Complete PKI
Credential-based authentication is the most common form of authentication that everyone is accustomed to. But with most decades-old technologies, credentials are woefully ill-equipped to face modern security threats. While multi-factor...
Comparing: OAuth, OpenID Connect, and SAML
Properly protecting a network requires administrators to make numerous decisions about their security. Knowing what protocol or system to implement at what stage is paramount to network safety. With Cybercrime...
Using Object Identifiers In PKI Management
Management of a PKI can be a full-time task for an IT team. Ensuring network users are able to authenticate to a secure network, easily maintaining their network identity, providing...
Tying IP Addresses to Azure Active Directory Users
Effectively tracking and managing identity context is one of the most important aspects of a secure Azure-based network. Without accurate identity context, it’s near impossible to determine if someone is...
Everything You Need to Know About FIDO2
Security Keys are a method of authentication that is becoming increasingly more commonplace due to the additional layer of security they provide. They are a versatile security component that can...
I Have Active Directory, How do I Move to the Cloud?
It’s no secret that organizations are making the transition to cloud-based network environments. This is especially true considering the dramatic increase in remote work due to the global pandemic. Network...
What is the Android Trusted Credentials Store?
Similar to Windows and macOS, Android devices need a system in place in order to determine if a certificate issued by a particular Certificate Authority (CA) is trusted. How does...
MacOS Smart Card Services
Smart Card usage has been on the rise for a variety of different reasons, but undoubtedly the most prominent is for their identity management capabilities. Cybersecurity-oriented organizations are taking advantage...
3 Hidden Costs of an On-Prem CA
A certificate authority is a requirement for many organizations, whether for customer-facing products or internal security protocols. One of the first decisions to make regarding a Public Key Infrastructure (PKI),...
A PKI is the Foundation for Zero Trust Network Security
The IT industry is evolving rapidly, with new technologies, devices, and systems introduced regularly. Organizations are regularly having to update and upgrade their environments regularly to keep up with the...
Top 3 Pitfalls of Authenticating with OAuth
What is OAuth? Let’s demystify OAuth by starting with a definition. At its core, OAuth provides clients secure access to a server’s resources on behalf of a resource owner. OAuth...
Maximizing an Internal Windows Certificate Authority
Maintaining a secure network that is easily accessible for users within an organization is more difficult than ever. As cybersecurity technologies improve to address current threats, malicious attackers continue to...
Can I Use Group Policy Objects with Azure?
As technology continues to migrate to cloud-based networking, many organizations have sought to take advantage of efficient cloud solutions. As a result, Microsoft-based organizations have been transitioning to Azure for...
SSL vs. TLS Certificates
One of the most important security precautions for any customer-facing organization is to ensure data sent between the two parties is protected from outside attacks. Without data integrity, customers or...
Problems Facing IT Departments
No one can deny that the IT department is tasked with monumentally important functions. Without an efficient and secure network, nearly every organization would fall apart. IT has to find...
What is a TPM?
A TPM, also known as a Trusted Platform Module, is an international standard for a secure cryptoprocessor and is a chip found on the computer’s motherboard. The function of a...
How to Choose a Managed Cloud PKI
As cloud technology and reliability continue to surpass their on-premise counterparts, more than 50% of organizations have made the switch to managed cloud PKI or plan to soon. If your...
Active Directory: Explained
Directory servers make it easy for admins to store and access resources including user and device information, computers, files, server, and much more. Back in the old days, in order...
Okta Smartcard Authentication Expanded
Okta is a popular choice for organizations that want top-of-the-line cloud identity management. It’s one of the largest identity providers with a modern cloud directory and a plethora of handy...
LDAP vs SAML, Access Protocol Comparison
LDAP and SAML are major authentication protocols that securely authenticate users to a network. They determine how users interact with a resource by connecting them to the respective directory services,...
AD DS: Explained
The purpose of online directories is to store resources on the network in a way that it’s simple to access. Microsoft’s Active Directory (AD) has risen through the ranks to...
YubiKey PIN/PUK Configuration at Scale
Yubikeys are an all-in-one MFA device. In addition to serving as a physical authentication token, they can generate one-time-passwords (OTP) and require users to input a PIN. It’s quite difficult...
Strong Network Security with Azure
Azure AD is a highly effective IDP that was built as a successor to Active Directory (AD) to accommodate newer, cloud-centric organizations. AD does not work natively in the cloud,...
Enhanced Azure Authentication with Yubikey
The cross section of organizations that use Azure AD (Microsoft Entra ID) for identity management and Yubikeys for MFA is already sizable and growing by the day. Recent advancements in...
Secure Authentication for Azure Networks
Wireless security is crucial now that most sensitive data can be accessed online. It’s imperative for network administrators to dictate who can access the network and how much they’re allowed...
Use Azure AD B2C for 802.1x Authentication
Microsoft employs a myriad of acronyms for their product names, so it’s often difficult to tell them apart or to guess their function. “Azure AD (Microsoft Entra ID) B2C” is...
What Is RADIUS Redundancy?
In all manner of security, redundancy is strength. It’s a way to ensure that no matter what goes wrong, there is a backup plan in action that can certify safety....
Multi-Factor Authentication for Okta VPN
When it comes to authentication security, one of the simplest upgrades you can make that will drastically improve your network’s safety is to implement Multi-Factor Authentication (MFA). Simply put, MFA...
How to Use VPN With Azure AD
As cloud-based solutions are gaining popularity, many organizations are having trouble transitioning to their on-prem servers. To help alleviate some stress, Microsoft created Azure AD (Microsoft Entra ID) to aid...
Okta SSO With Certificate Authentication
A major issue that organizations face for authentication is managing different credentials for various web applications. Traditionally, web app authentication requires a unique and complex set of credentials to ensure...
Okta Vs. LDAP
For many years, LDAP has been the dominant protocol for secure user authentication for on-premise directories. Organizations have used LDAP to store and retrieve data from directory services and it...
User Lookup With Certificate-Based Authentication
Traditionally, the process of authenticating certificates for network access is independent of the user directory. And in a normally-functioning network environment, this is perfectly acceptable. Certificate-based authentication is ironclad and...
Dynamic RADIUS Policy Enforcement with Static Certificates
Certificate-based WPA2-Enterprise networks are extremely secure, but x.509 digital certificates can be a hassle to manage. Although SecureW2 has one of the best certificate management platforms in the industry, we’re...
A Cloud PKI Solution for Azure AD
Azure AD (Microsoft Entra ID) customers can ditch password-based authentication and switch to x.509 certificate-based authentication. Digital certificates offer vast improvements to network security, efficiency, and user experience. But in...
Active Directory Vs. LDAP
Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) are two terms frequently used regarding directory services. These solutions are essential frameworks for managing user identities, resources, and network configurations...
How to Use Google for 802.1x Wi-Fi
Organizations are making the much-needed transition to cloud-based network solutions and Google is a forerunner in getting people’s devices and networks in the cloud. However, for some, getting your devices...
What is Dynamic RADIUS?
SecureW2 is pleased to announce the invention of a whole new kind of AAA server – Dynamic (Cloud) RADIUS. It will revolutionize the way you authenticate users and enforce policies...
Generate x.509 Certificates with Okta
A major challenge that organizations face in regards to certificates is enrolling users without Active Directory. In response, SecureW2 has developed a solution that can provide a certificate-based network regardless...
Are Passwords Secure?
Credential-based authentication is the method nearly all network users are used to and has been a common tool for decades. But unlike other decades-old technology, passwords have not been phased...
Mobile Authentication with 802.11u
As mobile device users continue to expect stronger roaming connections and faster data speeds, Wi-Fi Alliance developed PassPoint to meet these high standards. It allows users to easily transfer from...
PKI Delivery Software for Every Device
While the advantages of certificate-based authentication over credential-based are well documented, many still experience the barrier to entry of provisioning devices with certificates. This is certainly a valid concern for...
YubiKey PIV Certificate Management
Many organizations purchase security keys like the YubiKey to streamline and secure access to various applications, but they can be used for much more. The YubiKey in particular has the...
Enabling 802.1x with AD CS
Keeping your network secure from unwanted intruders is increasingly difficult with the advancements in technology. It’s relatively easy for malicious actors to obtain network access and steal all the data...
How to Set Up RADIUS Authentication with Okta
As the internet continues its trend toward ubiquity, the dangers of lackluster network security have become increasingly apparent. With 10 million attacks targeting usernames and passwords occur every day it’s...
How to Issue GeoTrust Certificates
How to Issue GeoTrust Certificates to Devices GeoTrust is one of the world’s largest digital certificate providers with more than 100,000 customers in over 150 countries. GeoTrust offers a variety...
Enable Secure Wi-Fi with AD CS
In an age where people have migrated to conducting business online, organizations must ensure their Wi-Fi networks are protected from outside threats. Cyber attacks, including the infamous man-in-the-middle attack, prey...
The Risk of Expiring Web Certificates
Certificate use in a variety of mediums continues to grow, but your certificate provider cannot protect against a common certificate mistake: missing expiration dates. This isn’t a major issue if...
How to Issue Sectigo Certificates
Sectigo, formerly known as Comodo, is a leading provider of digital identity solutions. One of their main products are SSL/TLS certificates and Public Key Infrastructures (PKI), which allows the client...
How to Issue Digicert Certificates to Devices
Digicert offers a variety of SSL certificates to accommodate any organizational structure and fulfill their specific needs. They supply you with the tools to configure any Platform/OS combination, giving the...
How to Prevent VPN Phishing Attacks
What is a Phishing Attack A phishing attack is a type of social engineering attack that is used to steal an unsuspecting user’s data by masquerading as a trusted platform....
Enabling Double Encryption for Zscaler with SecureW2’s PKI
Double encryption adds an extra layer of security to ensure that the connections between the Z App, Connectors, and ZPA ZENs stay protected. Although Zscaler already comes with a layer...
PKI-Supported CMS for Yubikey
A CMS (Credential Management System) or SCMS (Smart Card Management System) is an invaluable tool for organizations using smart cards and security keys. They have many functions to control credentials...
Configuring a PKI for Wi-Fi
Wi-Fi security and availability is imperative for businesses now that online communication is the standard. Many organizations use passwords to authenticate user devices, but that is no longer a viable...
How to Automate Certificate Management and Provisioning
One of the biggest hurdles in certificate management is the lack of experience in finding the proper certificate management solutions. Often, administrators are of the notion that their only option...
The Best Way to Manage Microsoft Certificates
A primary weakness of password-based authentication is the human element. Passwords can be forgotten, shared, or stolen, making them a nightmare for IT admins. Forgotten passwords can lead to service...
Top 3 Mistakes Setting Up AD CS Certificate Templates
In order to use certificates for authentication, a security trend caused by the inadequacies of password-based authentication, a public key infrastructure (PKI) must be in place. Active Directory Certificates Services...
Creating Private Certificates Authorities for Internal Use
What is a Certificate Authority? A certificate authority (CA) is an entity that distributes digital certificates to devices. These certificates cryptographically tie an identity to a public key, ensuring that...
List of Passpoint-Supported Operating Systems
Passpoint is a great tool to enable your network users to have continued access to the internet – whether they’re roaming around the city or moving from building to building...
Yubikey Certificate Attestation Improved
Cyber security is ever-evolving to counter the attacks that are getting more aggressive by the day. One-step authentication is no longer enough to establish identity with absolute certainty. 2FA (two-factor...
Enterprise PKI Management in the Cloud
As the importance of secure authentication continues to rise, many organizations are looking for lightweight, cost-efficient solutions to their cybersecurity concerns. This has caused many to question the efficacy of...
3 Security Advantages of a Cloud RADIUS Server
In order to successfully configure a WPA2-Enterprise network you must have a RADIUS server. The RADIUS authorizes and authenticates users signing into the network and eliminates any speculation into who...
Why ECC is the Solution for IoT Security
ECC, or Eliptical Curve Cryptography, isn’t a new technology – it’s relatively old, actually, Despite being around since 1985, it has just recently begun to gain popularity as an alternative,...
Using VPN for Remote Work? Don’t Make this VPN Security Mistake
We have never been more connected with others than we are today. The workforce is quickly moving to mobile devices. Remote work has picked up dramatically due to the COVID-19...
3 Best Practices for Onboarding BYODs
Bring Your Own Device (BYOD) systems can be an amazing tool for businesses or schools looking to increase productivity and reduce cost. According to a study by Forbes, 42 percent...
Why Most Are Leaving LDAP With WPA2-Enterprise Behind
For years, the credential-based network authentication standard was the Lightweight Directory Access Protocol (LDAP). The security and efficiency offered by LDAP provided the necessary protection levels for everyday WPA2-Enterprise operations....
Managed PKI VS Private PKI
Deciding between a managed PKI and a private PKI is a difficult decision. Each method of PKI management has advantages and disadvantages, and if you’re coming from a place of...
Phishing Scams Are Now Capitalizing on Coronavirus
COVID-19, better known as the Coronavirus, is spreading throughout the world right now and has a lot of people concerned. This has led to scammers incorporating the virus into their...
How To Address America’s Ransomware Threats
Over the course of the 2010s, ransomware attacks on city and state governments have increased in number and effectiveness. The lack of proper cybersecurity measures has highlighted a weakness in...
PPSK Is Not an Alternative to 802.1x
Believe it or not, the aging WPA-Personal protocol has seen some innovation in the past few years. Several companies have developed unique PSK authentication protocols with varying names, though “Private...
Best Practices For IoT Security
The explosion of Internet of Things devices (IoT) onto the technology market has revolutionized how businesses operate. The endless possible applications of these incredibly diverse devices has led to a...
Cloud vs. On-Prem RADIUS: Which is Better?
A requirement for all WPA2-Enterprise networks is the use of a RADIUS server. A vital part of the network, the function of a RADIUS is to authenticate the user and...
Update Your Browser to TLS 1.2 to Support 802.1x WPA2-Enterprise
Organizations should be aware of an important update to TLS. TLS 1.2 is the most recent update that builds on top of TLS 1.0 and TLS 1.1 to increase network...
Reduce the Risks of a Certificate Authority
Recently, cybercriminals have begun targeting public Certificate Authorities (CA) to obtain legitimate certificates and then sell them on the black market. Because these are verified and signed certificates obtained by...
Using Digital Certificates on Yubikey
Yubikeys are an incredibly secure method of protecting yourself from data theft, but you’re probably not using them to their full potential. Natively, Yubikeys only support credential-based authentication through keypairs...
Certificate-Based Authentication for Okta PIV Cards
Efficiency is the name of the game when operating a wireless network. Designing every facet of the network with the user experience in mind will result in a streamlined system...
What is Public Key Cryptography?
Public key cryptography, a synonym for asymmetric cryptography, is a clever cryptographic system that allows two parties to exchange encrypted information publicly without worry of interception. Many cryptographic systems are...
Configuring Yubikey Desktop Login on Jamf-Managed Devices
Yubikeys represent an exciting opportunity to merge two features that are often at odds: security and convenience. Many organizations have purchased Yubikeys and distributed them to their employees for that...
Unlock the Potential of Security Keys
Security keys, also called hardware security keys, are a method of authentication that offers an additional layer of hardened security. They can be used to login to desktops, Wi-Fi, and...
Use WPA-2 Enterprise To Efficiently Onboard Thousands of Devices
Each year, college campuses must navigate the trials associated with successfully onboarding thousands of new students to the wireless network. This may have been moderately challenging 10 years ago, but...
iOS 9.x Wi-Fi Connectivity Issue with EAP-TTLS and EAP-PEAP: Explained
The iOS 9+ bug: Why do PEAP or TTLS users get locked out of Wi-Fi when their password is updated? Why and how does TLS authentication still work? Should you...
Buried Under a Mountain of Support Tickets? We Can Help!
Support tickets are an inescapable burden that many IT departments wish they could reduce. Resolving technical issues is a vital function of any IT department, but they amount to a...
Streamline Your Network with a Single Sign-On Policy
Organizations that seek out opportunities to improve the efficiency of their network should consider using SAML authentication to implement a Single Sign-On (SSO) policy. First and foremost, SAML is an...
Effective Cybersecurity in Banking Starts With People
Large banking institutions like Capital One are among the most targeted organizations by cyber-criminals looking to profit through data theft. Banks are responsible for protecting heaps of personal information about...
What’s In Store With WPA3-Enterprise?
The network type WPA has been upgraded once since its inception in 1999. In 2004, it was replaced by WPA2, which has stood as the standard for highly secure wireless...
Addressing Credential Theft Threats From Every Angle
The looming threat of a data breach has influenced many organizations to step up the security protecting their wireless network. Organizations with personnel files, financial information, and other types of...
How Vulnerabilities Put Sensitive Data at Risk
Cybersecurity is one of the most dynamic and complex industries in the world today. A business that provides cybersecurity software or products is not just competing against other companies; they’re...
Equifax’s Story: The Risks of Lax Security
On July 29th, 2017, Equifax discovered that data was leaking out of the credit bureau’s databases and had been since approximately mid-May of that year. They publicly reported the incident...
Implementing SSL Inspection
The proliferation of HTTPS websites has been a benefit and a challenge for network administrators. Overall, HTTPS enhances the overall security of websites because it encrypts the communications between the...
Using a SCEP Gateway to Distribute Certificates to Managed Devices
The Simple Certificate Enrollment Protocol (SCEP) automates the distribution of certificates at scale. Instead of manual provisioning, SCEP allows devices to request certificates directly from a Certificate Authority (CA) using...