You have secured your wireless network. You use WPA2-Enterprise for encryption, with 802.1X to authenticate your users. Each user has a strong, unique password and knows better than to write it on a sticky note next to his or her monitor. Everything is encrypted, so nobody can listen in on your conversations or read your data while it is being broadcast over the airwaves. Your network is secure, right?
Not so fast. Attackers can steal your users’ credentials with ease. Without proper precautionary steps, all an attacker needs to do is set up and broadcast an imitation SSID and wait for your users to connect to it. Before they realize anything is amiss, they may connect to this phony SSID and send their username and password straight to the attacker. Even encrypted passwords can be cracked in a matter of minutes, using publicly available tools. Now, the culprit of the man-in-the-middle attack has access to your network, and may also tap into the sensitive data that your trusted student or employee has been granted access to.
How can you prevent a man-in-the-middle attack?
This requires the use of a public key infrastructure (PKI) certificate to identify your RADIUS authentication server. Public key certificates are available from well-known certificate authorities like Verisign, Thawte, and GoDaddy. Another option involves creating a self-signed or private certificate, created by the network administrator, and placing this certificate on your RADIUS server. With either a public or private RADIUS server certificate, you can rest easy knowing that virtually no man-in-the-middle attacker can masquerade as your enterprise network.
Challenge of Server Certificate Validation
Client or end-user configuration becomes more complex under this approach. The process requires manually configuring the certificate authority or installing the certificate, setting options to verify the certificate, entering the domain of the trusted RADIUS server, and more. The steps to accomplish all this will be different for every type of device you need to support, from company laptops to BYOD hardware like tablets and smartphones. Many devices, including those running Android, do not expose certificate settings to the user, making them very difficult to configure.
The JoinNow Solution
Fortunately, there is a solution. SecureW2’s JoinNow MultiOS technology greatly reduces the headaches involved in enabling and configuring server certificate validation for BYOD devices. With the ability to recognize nearly any device on the market and automatically configure it to your network’s specifications, JoinNow MultiOS will allow you to secure your network with public or private RADIUS server certificates while providing a quick and painless user experience. The people in your organization will be hard at work, not waiting in line for tech support. The IT and Help Desk staff will be able to focus on the next big project, not working overtime trying to get everyone onto the network. Between the savings to your bottom line and the added security to your network, implementing RADIUS server certificate validation along with JoinNow MultiOS is a win-win solution.