Skip to content

Enterprise WiFi Authentication, Explained

Gartner Reviews NAC Tools for 2021

Types of WiFi Authentication

There are several different methods for authenticating wireless clients. Some have fallen out of favor due to security weaknesses, ultimately being replaced with newer, more secure authentication methods. These include :

  • Open authentication to the access point
  • Shared key authentication to the access point
  • EAP authentication to the network
  • MAC address authentication to the network
  • Combining MAC-based, EAP, and open authentication
  • Using CCKM for authenticated clients
  • Using WPA key management

WiFi Authentication Challenges

From its outset, WiFi posed a unique challenge when it came to authenticating identities since users were no longer physically connecting to ethernet ports. Originally, there were several methods used to authenticate users across wireless networks:

  1. Separation: One was to separate the WiFi network and enable it to access the Internet. If you needed to access on-prem applications or resources, you would VPN into the network just as if you were remote. In this case the solution for WiFi authentication was the implementation of the SSID and password which was shared across any users of that particular network. In this case, there wasn’t really a connection to the main network even though the WiFi network was located alongside the internal network. It operated more as a separate network for a variety of reasons.
  2. SSID: Another path is to simply leverage an SSID and passphrase and let anybody on the network that has that. Subsequently the user could authenticate to the directory service, but even if they failed the authentication, they would still have access to the WiFi network.
  3. RADIUS Authentication: Yet, another path was to leverage the RADIUS authentication protocol to auth access to the WiFi network which would subsequently authenticate access with Active Directory. The RADIUS server was the intermediary between the WiFi access point and the core identity provider. RADIUS was able to speak to the WiFi access points and then translate for the directory to authenticate user access. Of course, the downside of this approach was more servers, more integration, and more configuration on end user devices.

WiFi Authentication with Portnox CLEAR

WiFi extends beyond your walls. Employees harmlessly share company WiFi passwords with guests, contractors, business neighbors without ever stopping to think about the network and information security risks this poses to their organization. It’s not just outsiders, however. Today, nearly 20% of SMBs experience a data breach by a former employee who still has WiFi access.

It’s never been easier to secure your WiFi. With Portnox’s WiFi Security-as-a-Service, complex integrations and RADIUS server setups that traditionally required skilled IT staff and extensive training have been eliminated. Now, you can set-up user and device authentication that comply with security regulations in minutes.

Watch How it Works

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

our Castle has No Walls! All Hail, Zero Trust

Gartner Reviews NAC Tools for 2021

Why today’s boundless company networks are like castles without walls being protected by network security systems stuck in the middle ages.

Today, your network is likely comprised of your LAN, MPLS, SD-WAN, employees’ homes, Azure, Starbucks, Marriott, any airport…you get the idea. Your network extends to wherever authorized devices connect to gain access to company resources.

All of this proprietary, confidential or merely sensitive data being accessed across these parts of the network is no longer safe behind your castle walls. Access to everything (from everywhere) has changed the security dynamic.

new network perimeter

How does zero trust factor in?

Enter zero trust, a new – well, maybe not that new – but let’s say in vogue network security model that is focused to address the challenges posed by today’s increasingly complex and extended corporate networks.

The zero trust model does not require or expect you to have walls around your networks. With zero trust, as the name implies, NOTHING inside or outside a company is trusted. That means no devices or systems used by employees is automatically trusted.

Traditional NAC meet zero trust requirements

Now, this security model may seem familiar. Isn’t this just like network access control (NAC)? Well, yes and no. NAC has been around since the early 2000s, and has been primarily focused on ensuring only valid and authorized devices can access your network. Traditionally, however, NAC solutions have only focused on the LAN, as that was what existed within the castle walls of an organization. But as I’ve stressed, the typical network extends far beyond the LAN today.

To truly achieve zero trust, organizations need a NAC solution that can easily and effectively work when your castle has no walls.

NAC for today’s sprawling networks

Since your employees are likely on the move and using several different devices (desktop, laptop, phone, etc.), any NAC would need to have device awareness no matter where the device is geo-locationally. And that means not only when it is joining the LAN, but also when it is connecting from home, from a remote office, from Starbucks – awareness anywhere and everywhere, always.

Perhaps the most critical factor when assessing your network security needs is having the ability to continuously monitor endpoint risk. After all, you can’t just go around authorizing every company PC to connect if it’s not “trusted.”

Ensuring endpoints are in a company compliant state, minimizing or eliminating the potential for endpoints to be hacked and used to bridge your network is crucial. This requires a NAC that is always aware of endpoint risk and can use that to allow or block access. Today, this mixture give your network the best chance of minimizing such threats.

It’s the control part of NAC that ultimately brings the most added value versus endpoint-only zero trust solutions. The ability to not only allow access to your trusted devices, but also to control that access by placing them on the proper VLAN or under an appropriate access control list (ACL) adds a powerful layer of security.

The answer is in the cloud

Lastly, a NAC for today’s boundless network must be “light weight.” You don’t want to be deploying appliances or software in every remote location, store or office. It takes an immense amount of bandwidth and expertise to properly execute. Can’t that investment be better spent elsewhere?

This is where traditional NAC solutions fall short. Since they were designed for the old castle network model, they simply aren’t equipped to give you the full visibility and control you need over your extended network to prevent breaches.

The answer is NAC delivered as a cloud service. Manageable from anywhere, coverage for everywhere, and with continuous device awareness – a cloud-delivered NAC adhering to the zero trust model can future-proof your increasingly extended network.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

The 5 Key Values of Portnox CLEAR

The problem with most traditional on-premise network access control solutions is their complexity across many fronts, including initial setup, configuration, scalability, and on-going maintenance and upgrades. As a truly cloud-delivered NAC service, Portnox CLEAR delivers SIMPLICITY across all of these critical areas.

VALUE 1: Setup Simplicity

Unlike traditional on-premise solutions that require hardware appliances, software, and other on-premise elements, with Portnox CLEAR, you simply create your dedicated instance in Microsoft Azure using your company email or via SSO (such as Azure AD or GSuite) in a matter of just minutes!

With your dedicated instance of CLEAR created, you simply check the appropriate box(s) to create your RADIUS instance. Dedicated F5 load balancers are spun up as well as auto-scale, so you never have to be concerned with service performance or scalability – it will automatically expand as needed to meet demand.

Portnox CLEAR’s simplicity extends with out-of-box integration and one-click set-up for several common directory services, including:

  • On-premise AD
  • Azure AD
  • G-Suite
  • Okta Universal Directory

SIEM integration is as simple as providing the IP/port, protocol type (TCP, UDP, HTTPS), and data format (JSON/CEF).

VALUE 2: Configuration Simplicity

The complexity of traditional on-premise NAC does not stop at the initial set-up of the local appliance(s), load balancing, RADIUS, and other on-premise components. As shown in the sample policy screenshots below, the complexity of traditional NAC extends to policy configuration that is often layered with multiple and nested interdependencies.

From inception, the focus with CLEAR has been to simplify policy configuration, allowing CLEAR to be fully deployed and operational in a measure of hours/days vs. traditional NAC, which typically can take weeks, or in many cases, months to roll out. Intuitive, easy-to-configure access control, risk, and remediation policies are at the foundation of Portnox CLEAR as reflected in the sample screenshots below.

Risk Policies

Easily configure risk-based access controls for all devices or different groups of devices (i.e. accounting, engineering, etc.), by simply assigning a risk value to each group’s relevant compliance checks.

A simple slide bar easily turns risk values into action (allow, alert, block). It’s that SIMPLE! Unlike traditional NAC that monitors a device risk ONLY when it is on or connected to the network, Portnox CLEAR will monitor risk all the time regardless of if the device is on or off-network.

Remediation Policies

While it is important to continuously be aware of the current risk posture of a device and to be able to use that awareness as part of access control. The ability to proactively take action on the endpoint to help assure a minimum level of compliance is always maintained can be equally important. As with all other policy configurations, setting group-specific remediation policies in CLEAR is as simple as a few clicks.

Unlike traditional NAC that will take remediation actions ONLY if the device is on the network, Portnox CLEAR proactively enforces remediation actions all the time regardless if the device is on or off-network.

VALUE 3: On-Demand Auto-Scale

Delivered as a cloud service, Portnox CLEAR eliminates the need for the capacity planning of on-premise software or appliances. Eliminates the need to expand capacity or upgrade appliances to meet future growth needs. Portnox CLEAR services will automatically expand on-demand to meet any demand spikes and future growth.

Our Azure services are scaling up (and down) automatically based on usage and load. We can automatically control the VM size and the scale-up / down rules.

For the RADIUS component, we use Azure Kubernetes to manage the instances and allow scaling based on demand. We use F5 load balancer to channel the traffic to the right instances and make sure the scaling is transparent to the end-user.

VALUE 4: Ease of Integration

Portnox CLEAR continues to expand native integrations and simplified out-of-band integration through and included restAPI.

Current integrations include:
  • Active Directory
  • Azure AD
  • GSuite
  • MS Intune
  • OKTA
  • Palo Alto
  • SIEM (any/all leading vendors)
Portnox CLEAR also integrates with all leading anti-virus providers to validate and remediate (update) as part of CLEAR compliance and remediation capabilities. Portnox CLEAR also includes a REST-full API over HTTPS that can be used in any programming language that supports REST calls or invoked directly through any HTTPS client such as cURL.

VALUE 5: Zero-Touch Maintenance

As a true SaaS solution, Portnox CLEAR is truly zero-touch!

  • No on-going software updates/patching
  • No management of scheduled downtime
  • No hardware or software end-of-life issues

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Portnox Achieves a Microsoft Gold Cloud Platform Competency

Portnox demonstrates best-in-class capability and market leadership through demonstrated technology success and customer commitment.

NEW YORK, NY – November 4, 2020 – Portnox, a fully cloud-delivered network access control (NAC) provider, today announced it has attained a Gold Cloud Platform competency, demonstrating a “best-in-class” ability and commitment to meet Microsoft Corp. customers’ evolving needs in today’s mobile-first, cloud-first world and distinguishing itself within Microsoft’s partner ecosystem.

To earn a Microsoft Gold competency, partners must successfully complete exams (resulting in Microsoft Certified Professionals) to prove their level of technology expertise, and then designate these certified professionals uniquely to one Microsoft competency, ensuring a certain level of staffing capacity. They also must submit customer references that demonstrate successful projects, meet a performance (revenue and or consumption/usage) commitment (for most Gold competencies), and pass technology and/or sales assessments.

The cloud-delivered CLEAR NAC platform from Portnox is designed to help partners capitalize on the growing demand for infrastructure and software-as-a-service (SaaS) solutions built on Microsoft Azure. With built-in scalability, no on-site hardware, multitenancy and other benefits, the platform allows Microsoft partners to empower their customers by eliminating the traditional complexities associated with on-premises NAC.

“This Microsoft Gold Cloud Platform competency showcases our expertise in and commitment to today’s technology market and demonstrates our deep knowledge of Microsoft’s products and services,” said Ofer Amitai, CEO at Portnox “We plan to accelerate our customers’ success by serving as technology advisors for their business demands.”

“By achieving a Gold competency, partners have demonstrated the highest, most consistent capability and commitment to the latest Microsoft technology,” said Gavriella Schuster, corporate vice president, One Commercial Partner (OCP) at Microsoft Corp. “These partners have a deep expertise that puts them in the top of our partner ecosystem, and their proficiency will help customers drive innovative solutions.”

Cloud Platform

The Cloud Platform competency is designed for partners to capitalize on the growing demand for infrastructure and software-as-a-service (SaaS) solutions built on Microsoft Azure. Differentiate your company with the Cloud Platform competency, and you will be eligible for Signature Cloud Support, Azure deployment planning services, Azure sponsored credit, direct partner support, eligibility to deploy certain on-premises, internal use software on Microsoft Azure, and access to the cloud platform roadmap.

The Microsoft Partner Network helps partners strengthen their capabilities to showcase leadership in the marketplace on the latest technology, to better serve customers and to easily connect with one of the most active, diverse networks in the world.

Author Michael Marvin

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

WEBINAR: Network Access Control: A Must-Have in the Cybersecurity Arsenal

In this webinar, co-hosted by Portnox and CyberTEK, we examine how Portnox CLEAR – the first and only cloud-delivered NAC-as-a-Service – is helping organizations gain actionable network visibility and continuous risk monitoring of all endpoints across all access layers – no matter device type or geo-location.