Limerick Institute of Technology
The Need for WPA2
Limerick Institute of Technology sought to improve their overall network security after experiencing inefficiencies and security vulnerabilities on their network. They attempted to use an open SSID with captive portal authentication to authenticate network users, but found that user fatigue and open network-related security risks were threatening security.
They decided on implementing eduroam across the board as the campus’ secure network. Eduroam is an encrypted, WPA2-Enterprise network that allows students, researchers, and staff from eduroam institutions to obtain a network connection when visiting participating institutions.
Faculty, staff, and students often travel inside and outside the Limerick system. All of these users rely on the secure eduroam network, so Limerick elected to use that network across their entire campus. This requires each user to authenticate using a fully qualified domain name (e.g. email@example.com) and then they will be securely connected to their secure network.
Hundreds of hours would be gone configuring devices if we weren’t using SecureW2 JoinNow. But more importantly, we are back to a very secure network, where all of our devices are now properly connecting using 802.1X
Challenges of Deployment
Mark Curtin, Senior Technical Officer of the Network Support Group, oversaw the campus-wide deployment of the Eduroam network at Limerick. They began with a handful of devices that were designated for staff and configured by the IT department. They had no issue configuring the devices for the WPA2-Enterprise network, but the vast majority of users did not experience a streamlined process.
BYOD and other mobile devices, such as laptops, tablets, and smartphones, are used by nearly every student and staff member. These unmanaged BYOD devices are naturally much more difficult to reliably onboard due to the variety of operating systems, drivers, wireless utilities, and other unique features that complicate the configuration and troubleshooting process. The steps to configure differ between devices, but one similarity is shared by them all; manually configuring a device for WPA2-Enterprise is a complex process.
On top of the difficulty during configuration, the risk of an incorrectly configured device can leave users and the network vulnerable to over-the-air attacks. The Limerick team tried to combat this by publishing detailed configuration instructions for network users, but the IT support team was still overwhelmed by support ticket requests. If Limerick’s network was to be easily accessible and secure, they would need to find a solution for their eduroam network configuration.
The Right Solution
To accomplish the goal of offering a network that is secure, efficient, and cost effective, Limerick began researching network onboarding solutions. With an exceptional onboarding client in place, they could offer a much more efficient method for users to configure their devices.
After considering a few onboarding solutions, Limerick engineers ultimately judged that JoinNow MultiOS from SecureW2 would be a sound solution. The JoinNow solution fits the Limerick issue perfectly due to its vendor-neutral support, streamlined user experience, intuitive management interface, and professional technical support.
“JoinNow is just a complete package,” Curtin says. “When you’re using free open source software, if you have a question you can only send an email to the community and somebody might get back to you. But with SecureW2, the support is excellent. When you need support, it’s handled very professionally.”
Curtin also recognized the value of JoinNow’s unique reporting functionality, which delivers detailed device and connection reports as users are onboarding to the network. This feature gives the helpdesk all the information they need to help resolve an issue before the student or staff member creates a support ticket.
Curtin also recognized the value of JoinNow’s unique reporting functionality, which delivers detailed device and connection reports as users are onboarding to the network. This feature gives the helpdesk all the information they need to help resolve an issue for the user, before the students or staff member even creates a support ticket.
“It gives you great visibility into what’s happening on the client end,” Curtin says.
It’s no good just saying: ‘the wireless network is there, this is how you connect’. You have to make it as easy as possible for your users or else they won’t be interested in using it
Saving Time, Maximizing Security
WPA2-Enterprise is considered the gold standard for network security today, but Limerick witnessed firsthand the necessity to plan and prepare for launching this network type. Allowing manual configuration is not a viable option, so combining WPA2-Enterprise with an onboarding solution is the most effective deployment method.
“It’s no good just saying: ‘the wireless network is there, this is how you connect’. You have to make it as easy as possible for your users or else they won’t be interested in using it,” Curtin says.
JoinNow removes the complexities of onboarding to WPA2-Enterprise while maintaining straightforward user experience and maximum security. Users simply choose the network they wish to connect to (in Limerick’s case eduroam), complete the onboarding client, and they are equipped with a digital certificate that automatically connects them to the secure network.
Once the process is complete, users should never have to file a connection support ticket because their certificate can be configured for years of authentication. The situation is ideal for IT support as well. Not only will they experience a marked decline in support ticket requests, they’ll also be assured that the network is secured by WPA2-Enterprise and EAP-TLS authentication.
“JoinNow saves us countless hours of labor and time, hundreds of hours would be gone configuring devices if we weren’t using JoinNow. But more importantly, we’re back to a very secure wireless network, where all of our students are now properly connecting using 802.1X,” reports Curtin.
“I definitely wouldn’t be implementing 802.1X for students without JoinNow,” Curtin says.