WPA2: WiFi Previous Access, WiFi Past Access
Or “how to simply and securely manage access on your WiFi network”. This blog comes from David Tajuelo, our Senior Channel Manager Iberia & UK.
The other day, a friend of mine was visiting the office of a potential client to present a product. His presentation slides were in his email, so he asked to connect to the office WiFi. They attempted to give him access to their (non-existent) guest network, but it never ended up happening because of “technical problems”.
This office just happened to be located near (same building) that of another client he had visited a while back (more than a year ago). He still had their WiFi password (they scribbled id down for him on a Post-it note), and he wondered if it would still work. So, he tried it and… SURPRISE! The password still worked, and he was able to open up his email and do his presentation for his potential clients. It went well, and now they’re doing business together.
Good story, right? Well, just like all good stories, there’s a moral to it – so let’s get right to it because there are actually two lessons here.
WiFi Present Access: What’s happening today
An internal or external person tries to connect to a company’s WiFi network. In theory, this connection is something that should happen almost automatically given the daily activities of a salesperson, external consultant, delivery person, security guard, restaurant server, or really any type of employee. There’s no point in making it painful or inconvenient to connect to a WiFi network just for the sake of it. WiFi fears aside, despite the complications many administrators experience regularly, controlling the who, what, when, and how of WiFi access can actually be made quite simple. At Fontech, we can help you avoid some of these headaches, but more on that later…
WiFi Previous Access: What comes from the past
Someone who hasn’t stepped foot in an office for over a year can still access the company’s WiFi network (from a different, nearby office!), thus giving him/her free range to meander around the network (in most cases, without any type of control). In other words, this person found the keys to the house still in the door and went in. This lack of control in a corporate network is unacceptable and is often blamed on the insecurity of WiFi networks. But I think the problem is actually something else and not the network itself.
You’re likely to believe that applying WPA2 Personal (what us “low-tech” people have at home) at the corporate level should be a thing of the past. And then reality hits: We find this presumption to be incorrect, especially when it comes to businesses with fewer than 500 employees. In Spain, more than 65% of them continue to use this shared password system.
The question is, why do they? Maybe it’s because WPA2 Personal seems easier when deploying a network: “I’ll just put the SSID and password up on the wall where everyone can see and violà! Everyone will be able to connect – nice and easy.” Sure, and if the sign falls down, you can just use a little more double-sided tape, problem solved.
Jokes aside, what about real security risks? Take my friend, for example. All he wanted was an internet connection for professional purposes and he had no intentions to do anything malicious. But just because my friend didn’t, doesn’t mean an ex-employee wouldn’t… I think you get the point.
On the other hand, WPA2 Enterprise is meant to increase security in companies. It includes features like dynamic VLAN assignation, AAA management via RADIUS, authentication against a user database, and many others. It’s “only” been around for 12 years, which is why it’s shocking, at least to me, that companies still haven’t generally implemented it.
Improving the security of WiFi network access
In the market, there’s a simple system for automating WPA2 Enterprise adoption by way of easy management of the access of employees, subcontractors, and visitors to the WiFi network. With it, you can establish different access policies for users, groups of users, device operating systems, and even time periods. This system lets you control and monitor any WiFi connections (or attempts) by any wireless devices at all times, meaning you can optimize costs (both resources and equipment) that the company must incur in order to speed up adoption and increment real WiFi network security.
Hmmm… This simple and (very) nicely priced solution, could it be… ours? Now, at the risk of erring on the side of optimism, let’s just say it is.
I hope all of this has made you reflect a little bit (and that a potential client is reading this!) because we’d love to help that 65% of companies I mentioned drop significantly.
By the way, in January of this very year, WPA3 was announced as the natural replacement for WPA2… I’ll just go ahead and save this article just in case I have to publish it again in another 12 years… But I have faith that at this point, both you and your clients might want to know more about what we have to offer!
What’s your opinion on all of this? We’d love to hear what you think!
Want to know more about how Fontech can help you implement WPA2 Enterprise? Don’t hesitate to get in touch! And make sure to follow us on Twitter and LinkedIn for all the latest WiFi and corporate news.