Certificate-Driven Wi-Fi (EAP-TLS)
Implementing a PKI allows organizations to eliminate password-related issues and is a significant step towards a highly secure wireless network. Historically, passwords were favored over certificates, but with the ever-growing threat of credential theft combined with advancements in PKI technology, certificates are now widely used to replace passwords. Certificate-based authentication can be implemented with ease, and now there are turnkey solutions, like JoinNow Connector, that provide everything that is required to deploy EAP-TLS, certificate-based Wi-Fi authentication.
Why Certificate-Driven Wi-Fi?
Prevent Over-the-Air Credential Theft
Wi-Fi is a huge area of vulnerability for a network, and passwords are often the cause. According to the IT and Password Security Survey Report 2018, more than 10 million usernames and password attacks occur every day. Passwords are simply an outdated security mechanism, and certificates are the next-generation of Wi-Fi security. Certificates prevent one of the biggest network security threats, over-the-air credential theft.
Less Support Tickets, Happier Users
Ask any IT helpdesk worker and they’ll laugh at how many support tickets they get for helping users connect to the Wi-Fi. The average college student has up to 7 internet-connected devices, which adds up to an absurd number of devices that need password updates. Certificates eliminate the need to reconfigure devices for years at a time, preventing tons of support tickets. Our customers tend to see a 10-50% drop in Wi-Fi configuration related support tickets after implementing SecureW2.
SecureW2 Provides Everything
Needed for Certificate-Driven Wi-Fi
Starting with a great end user experience, the JoinNow Suite provides customizable and adaptable onboarding clients that set up devices for Wi-Fi, VPN, Web and SSL Inspection security. JoinNow takes the frustration out of delivering secure networks by delivering all turnkey backend services for device enrollment, authentication and management. In an age where BYOD, IoT, and managed devices reign, our technology provides the answers by leveraging the components you currently own.
Best-In-Class Self-Service Client Certificate Installation
Starting with a great end user experience, the JoinNow Suite provides customizable and adaptable onboarding clients that set up devices for Wi-Fi, VPN, Web and SSL Inspection security. JoinNow takes the frustration out of delivering secure networks by delivering all turnkey backend services for device enrollment, authentication and management. During the initial deployment, SecureW2 can support PEAP-MSCHAPv2 alongside EAP-TLS authentication to accommodate already enrolled users. Read how College of William & Mary took advantage of this deployment model. In an age where BYOD, IoT, and managed devices reign, our technology provides the answers by leveraging the components you currently own.
Use our advanced gateway to auto-enroll devices managed by JAMF, Airwatch, G-Suite and any other MDM. Enable AD-Domain joined devices to auto-enroll using simple GPO settings. In one fell swoop, all managed devices will be ready for certificate-driven network security.
Powerful Certificate Management and Configuration Features
Remotely Troubleshoot Devices
SecureW2 software allows you to troubleshoot errors in real-time with individual devices and monitor network connections. View and fingerprint which devices are connecting to the network while they are being onboarded, and simultaneously monitor any connection messages users may encounter. Detailed information about individual devices such as network adapters, MAC addresses, driver versions, and manufacturer and driver dates help network admins begin the troubleshooting process and gather analytics from the cloud. End-user data including device type, operating system/build version, and application version is securely reported back to the cloud and made available for network admins for use in assessing connection patterns and creating network visibility.
Enable Server Certificate Validation
Server certificate validation is one of the most important ways of preventing over-the-air credential theft. Manually configuring server certificate validation isn’t supported by Apple devices, and is very difficult to do on Android and Windows devices. SecureW2’s onboarding client ensures that devices of all operating systems are configured for server certificate validation when they are setup for network access.
Create Robust Certificate Policies
SecureW2 makes it easy to track and manage certificates. Certificate policies allow the administrator to determine the lifecycle and permissions of client certificates, as well as automated notifications to users, administrators, and external systems regarding the issuance, revocation, and expiration of certificates. For example, you could create a policy that gives students certificates with a 4-year expiration, and staff an 8-year expiration.
Auto-Append Users to a CRL After They Leave
SecureW2 comes with a built-in CRL (Certificate Revocation List) and provides mechanisms to validate current user status in the organization. Network administrators can also manually delete certificates from the management portal at any time. You can rest easy knowing that only current members of the organization have access to the network.