Secure WiFi access

Many wifi access points are only secured by a static password. This static password was usually distributed to multiple users and devices. If the wifi is breached, the password must be changed which will affect all users and devices.

To increase security of wifi access point, there is a number of security standards in the market. Radius EAP-TLS is such a standard (EAP=Extensible Authentication Protocol, TLS=Transport Layer Security). Radius EAP-TLS use PKI certificates to secure the wifi.

 

Using Radius EAP-TLS and PKI standards you will get:

  • Device authentication. A certificate installed on the device will authenticate the device. Every device is uniquely identified and the device certificate can easily be revoked to prevent wifi access – which increases the security. Device activity can be monitored which enables greater control.
  • User authentication. A user certificate authenticates the user. Every user certificate is uniquely identified and can easily be revoked to prevent wifi access – which increases the security. User activity can be monitored which enables greater control.

PhenixID Multi-Factor Authentication (MFA) server will act as a Radius EAP-TLS server and validate the device certificate during the authentication process.

When combined with PhenixID One Touch as an authentication method for the user, certificates are validate for both device and user. Validating both the device and user certificate strengthen security exponentially!

Additionally, to strengthen security even more, geo-fencing will make sure wifi access is only allowed from a specific geographical area.
Devices and users can easily be revoked using the PhenixID MFA administration UI.

Radius EAP-TLS together with PhenixID MFA is a great solution to secure WiFi access.