EAP-TTLS/PAP is the most insecure 802.1x Authentication Protocol because credentials are sent over the air in plaintext. This means that every time someone connects to your organization’s Wi-Fi, they can be stolen over the air. According to the 2018 Credential Spill Report, an average of 1 million credentials were exposed daily in 2017, with no indication that this number will decrease.
“79% of hacking breaches leveraged stolen credentials.”2020 Verizon Data Breach Investigations Report
Server certificate validation prevents over-the-air credential theft by configuring devices to validate the identity of the SSID’s server before sending credentials. It has to be configured on end-user devices, so misconfiguration is a possibility. Manual configuration, shown in video, takes 14 steps, far too many for the average user. That’s why our onboarding software includes an automatic server certificate validation configuration package.
Certificates don’t have to be difficult. We provide everything an organization needs to deploy EAP-TLS, certificate-based 802.1X for Wi-Fi security:
And more! All our products are vendor neutral and can be integrated into your existing network infrastructure. Don’t settle for less than the best in authentication technology.
The JoinNow Suite provides customizable and adaptable onboarding clients that set up devices for Wi-Fi, VPN, Web and SSL Inspection security. JoinNow takes the frustration out of delivering secure networks by delivering turnkey backend services for device enrollment, authentication and management. In an age where BYOD, IoT, and managed devices reign, our technology provides the answers by leveraging the components you currently own.
Your network works while you sleep, so employ a set of eyes that doesn’t sleep either. Our AI will alert you of unusual network usage and allow you to monitor network connections and troubleshoot errors in real-time with individual devices. A bevy of end-user data including device type, operating system/build version, and application version is securely reported back to the cloud and made available for network admins for use in assessing connection patterns and creating network visibility.
An area of vulnerability for over-the-air credential theft is when users manually configure their devices for WPA2-Enterprise. When users omit a few difficult-to-configure settings, such as RADIUS certificate installation, they lose all the security benefits of WPA2-Enterprise and are susceptible to over-the-air credential theft. Providing onboarding/configuration technology to network users not only creates a better user experience, but it also significantly reduces the risk of over-the-air credential theft.
While utilizing onboarding/configuration technology can minimize risks for over-the-air credential theft, they are not foolproof since users can choose not to utilize them. Using certificate-driven security guarantees that users go through an enrollment process that ensures their devices are properly configured and organizations can rest assured that privacy is protected.