Cyber security is critical. Secure your wireless network via 802.1X RADIUS using Office 365 with Azure AD for password authentication delegation with directory sync. Implement 802.1x RADIUS on almost any access point in minutes and for free.
Security is paramount for any business, especially given the rise in cyber attacks, data thefts and major network breaches. I won’t list the major names, as that’s been done, but you can read the Cyber Security Breaches Survey 2016. Much of that research was aimed at larger organisations, even though it’s far easier for enterprise-level companies to secure their resources. But what about the rest of us, Startups, Micro-Businesses and Small to Medium sized organisations?
We ourselves use Foxpass for network access control and cyber security, and have deployed this service for our customers. Foxpass has a mission to foster better identity management in the workplace, whilst being easy to deploy and cost effective to acquire. It’s a service organisations of any size will be able to use to get the exact same level of infrastructure security that large enterprises enjoy.
Why is wireless a cyber security issue?
In many of the companies I talk to, employees, contractors and one time visitors share the same login credentials when it comes to accessing the Internet via wireless. So far so good, however, virtually every startup or small business uses that same wireless access point to connect to internal systems. Be that a file server or individual user computers. In all honesty, I’m by no means an authority on 802.1X Radius, but my opinion is the benefits of using 802.1X RADIUS security with Office 365 and Azure AD for authentication far outweigh the disadvantages.
Why should we use 802.1x RADIUS for security?
- When a user authenticates to an SSID using 802.1X RADIUS that session is encrypted between the user and the access point.This means that another user connected to the same SSID cannot sniff the traffic and acquire information as they have a unique encryption key for their connection. With a Pre-Shared Key (PSK) network, every device is connected with “shared encryption”, meaning they can all see each other’s traffic.
- If you need to remove or disable a specific user or device, 802.1x RADIUS makes this far simpler as you disconnect a single user or device.This means you will not need to change the key for everyone, or all devices, closing the security risk of that user or device joining the network again.
- You can assign specific network permissions and policies such as VLAN, firewall, QoS, tunneling, schedules, access control lists.This means everything within a user profile can be dynamically assigned to users based on their identity or groups where users are members. With a Pre-Shared Key, you get a single profile that is shared. Using 802.1X RADIUS, different permissions based on the attribute returned from the RADIUS server are assigned.
- With 802.1X RADIUS each user gets a new unique key every time the user authenticates. This key continuously changes while the user is authenticated to the wireless network.This means If it takes a cracker one hour to crack the key, but the key is regenerating every thirty minutes, by the time the cracker has the key it is useless.
Why use Office 365 and Azure Multi-Factor Authentication?
The geo-distributed, high availability design of Azure AD means that you can rely on it for your most critical business needs. With the prevalence of smart phones, tablets, laptops, and PCs, people have far too many different options on how they are going to connect, and stay connected, at any time. Azure Multi-Factor Authentication is an easy to use, scalable, and reliable solution that provides a second method of authentication so your users are always correctly authenticated.
People can access their accounts and applications from anywhere, which means that they can get more work done and serve customers better.
- Two-step verification, which requires more than one method of authentication.This means a critical second layer of security is added when a user signs-in. It works by requiring two or more of the following:Something you know, a password for example
Something you have, typically a trusted device that is not easily duplicated, like a phone
Something you are, such as biometrics
- It’s easy to use with a range of verification methods including text message, phone call, mobile app or email to alternate account.This means, due to the extra protection that comes with Azure Multi-Factor Authentication, users are able to manage their own devices and authenticate in the way they prefer based upon where they are.
- Azure Multi-Factor Authentication is simple to set up and use. Once enabled, in many instances it can be set up with just a few simple clicks by the user.This means the burden of implementation is reduced and users are keen to adopt.
- Verification with Azure Multi-Factor Authentication is scalable, using the power of the cloud whilst also optionally integrating with your on-premises Active Directory (AD) and custom applications.This means that protection is can be extended to your high-volume, mission-critical services.
- Azure Multi-Factor Authentication provides strong authentication using the highest possible industry standards.This means you are not just secure, but also compliant. You can monitor application usage and protect your business from advanced threats with security reporting and monitoring.
- With a guaranteed 99.9% Service Level Agreement (SLA) for availability, Azure Multi-Factor Authentication is reliable.This means you will always be able to authenticate. The service is considered unavailable when it is unable to receive or process verification requests for the two-step verification.
In a future post I’ll add some instructions of how to enable 802.1X RADIUS in a wireless network using Foxpass. In order to offer our clients complete peace of mind regarding cyber security, we’re a Silver Productivity Partner with Microsoft. We partner with select providers, such as Foxpass, targeting our customers specific cyber security needs.