Enterprise WIFI Security

Protect your Enterprise Wireless Network

The weak link in WIFI security is usually lack of strong authentication

Most companies are equipped with an Enterprise WIFI from Cisco or similar network device vendor. WIFI provides over-the-air bridging to your corporate infrastructure and for that, needs to be secured accordingly. The weak link in WIFI security is usually lack of strong authentication: access is granted either with a pre-shared key, or at best, with simple username and password.

RCDevs provide you

The only solution which supports OTP/MFA for WIFI

Solution

RCDevs’ Enterprise WIFI security is a more secure way to grant access on a per-user basis, using IEEE 802.1X protocol family, Multi-Factor Authentication (MFA) and X.509 Client Certificates (PKI).

OpenOTP supports the major IEEE 802.1X standards, including EAP-GTC (commonly used with Cisco devices), EAP-TTLS-PAP and EAP-TLS authentication over RADIUS (see RCDevs RADIUS Bridge). This means that your employees can authenticate to corporate WIFI with:

– X.509 Certificates – Employees self-enroll certificates through an easy-to-use web-UI that’s protected with one-time URLs and/or one-time codes, delivered via SMS for example. The same convenient way of self-service continues on certificate renewals, with users being automatically notified to re-enroll their certificate and are provided with a one-time URL to do that.

– One-Time Passwords – Users can concatenate passwords with a one-time code from their preferred token provider, like OpenOTP Token App, RC200/300/400, Google Authenticator, or from any OATH compliant Hardware or Software Token.

– Push Login (aka one-tap login) – Users with OpenOTP Token App can authenticate to WIFI by simply pressing “Accept” on the login that was pushed to their mobile.

– Application Passwords – Users provide a personal, Wifi-specific and time-limited application password which has been pre-registered via the self-services.

– Voice Biometrics – Users are required to speak their security passphrase on their Mobile Token to start the WIFI connection.

Features

Main features

The only solution which supports OTP/MFA for WIFI

OpenOTP Two-Factor for Wifi access does not support the challenged OTP mode. It also requires password concatenation where the OTP password is concatenated with the domain password. Its usage is simple: Users select the network SSID and are prompted for their password(s). A WebADM client policy for your OpenOTP Wifi will let you decide if the users should log in with domain password only, the OTP password only, or both passwords concatenated.

More about EAP

EAP-TLS (EAP Transport Layer Security) was subsequently defined by IETF RFC 5216. The protocol was created as an open standard leveraging the TLS (Transport Layer Security) protocol and has found wide-spread support with the various wireless vendors on the market. It primarily consists of the original EAP authentication protocol and is still considered to be one of the most secure EAP standards on the market.

Enforce WebADM Client Policies per Wifi Network (SSID)

RCDevs 802.1X for Wifi is fully compatible with WebADM client policies. This means you can define access control policies for each of your Wifi SSIDs. Client policies allow controlling which groups of users can access the network, at what time and even based on LDAP metadata filtering.

Wifi Access with Client Certificates

WebADM includes a PKI service and some very simple certificate management interfaces. A user certificate can also be used to transparently provide access to the Wifi network. Revoking Wifi access is as simple as removing the certificate from the user object.