Deployment Timeline
At the beginning of the 2013 semester, this University was preparing for a massive proliferation of smartphones, laptops, and tablets to the company’s network. As the Bring Your Own Device (BYOD) phenomenon continued to spread, students were requesting instantaneous network connection that was secure and easily accessible.
The university was in the middle of migrating everyone to secure Wi-Fi when they decided to deploy SecureW2’s JoinNow. The deployment was successful and the university was ready for their students to start logging in the following semester.
Challenges
Allowing BYOD devices onto the network brought several inherent risks to the table, including the potential for widespread security vulnerabilities.
They needed to figure out how to make the network as easy to access as possible without compromising over-the-air device security. Prior to implementing JoinNow, The university did not have an automated onboarding solution and instead relied on manual device configuration. However, they quickly determined this wouldn’t work as IT staff continued to face an influx of support tickets from end users misconfiguring their devices.
Simon, the University Network Analyst noticed many problems when onboarding BYODs, especially inconsistencies across devices and operating systems. “We noticed that, for example, Apple iOS devices show the RADIUS server certificate ‘Not Verified’ message even when the server certificate is issued by a trusted Certificate Authority (CA),” Simon says.
Configuring devices effectively is one of the most challenging components of deploying WPA, WPA2, and 802.1X. Since manually configuring a device properly for 802.1X involves a convoluted series of steps that can confuse end-users, there is plenty of room to err during setup.
Skipping one step in the process can leave students susceptible to a ‘man-in-the-middle’ (MITM) attack. Just one misconfigured device can leave the entire network vulnerable to over-the-air credential theft. The school needed a solution for onboarding misconfiguration, and they needed it fast.
Solutions
By integrating JoinNow into the guest/onboarding web portal, users are automatically configured with all of the proper settings required for WPA2-Enterprise level encryption with no additional IT help.
The university configured their implementation of JoinNow to only allow devices to accept pre-defined server certificates; users are no longer prompted to authorize new or unknown certificates. After the user enters their university credentials, the device is automatically configured with the proper settings and trusted certificates are installed.
JoinNow’s sophisticated reporting capabilities, including full network visibility and device monitoring, proved to be a win for the university. The solution delivers a plethora of data such as connection and error logs for user devices. According to the University Network Analyst, the lack of Java requirement in the product proved to be very beneficial.
Evaluating Success
The university began to see results immediately. The number of users correctly configured for the WPA2-Enterprise campus network steadily increased.
With the onboarding challenge resolved, calls to the help desk have been less frequent, saving IT teams valuable time and resources. JoinNow’s capability of showing crucial device data makes the jobs of network administrators much easier. Complimenting SecureW2’s comprehensive onboarding solution is our technical support and their extensive knowledge of WPA2-Enterprise.
As the BYOD movement continues to grow, the number of Wi-Fi-enabled devices connecting to WPA2-Enterprise networks has increased exponentially. With JoinNow, device onboarding doesn’t have to be a support and end user nightmare. SecureW2’s automated solution, JoinNow MultiOS, streamlines the user experience to deliver secure wireless with the click of a button. Check out our pricing page to see why SecureW2 is a cost-effective solution.