Securely connecting new users to a school’s wireless LAN can be troublesome and time-consuming. The alternative — a completely open WLAN that anyone can use with one click — simply isn’t wise. Open WLANs not only leave users vulnerable to eavesdropping, but also leave the network open to misuse and attack. Instead, enable secure connectivity by tapping automated WLAN onboarding tools to enroll, configure and connect new wireless devices. Follow these tips to securely connect users who aren’t as tech-savvy and to eliminate help desk requests.
1. Forget about manual connection configuration
Posting a WLAN WPA2-Personal password on the wall allowing Wi-Fi users to manually configure their own network connection is an error-prone approach that offers little security. Expecting users to correctly configure WPA2-Enterprise settings and unique per-user credentials is unrealistic. Abandon these legacy approaches in favor of fully automated configuration using an open guest WLAN as an “on ramp” to secure connectivity.
2. Empower Wi-Fi users
Implement basic onboarding automation by emailing or texting new users a link to a self-help web portal, accessible from an open guest WLAN or the public Internet. When users visit that portal and enter a password, present a link or QR code to install a connection. This basic approach is easily implemented but requires users to take action and make smart choices.
3. Use fingerprinting and redirection features
Eliminate user decision-making by leveraging features found in many contemporary WLAN controllers and guest access systems. Such features automatically detect previously unseen (or bulk authorized) devices, reroute them to an enrollment server and push the appropriate WLAN connection settings based on criteria such as device or OS type and user or group. This simplifies the user experience and leaves less room for mistakes.
4. Harness Enterprise Mobility Management
EMM products provide fully automated mobile device enrollment and activation. Seek out opportunities to leverage this trend; for example, use your EMM to determine whether a new device should be permitted, and provision user or device certificates and VPN settings before configuring the WLAN connection as appropriate. Integrating WLAN onboarding with EMM provides a path to auto-install further settings and applications and later update or remove installed connections.
5. Move toward context-aware connections
Historically, WLAN access policies have been largely binary: A given Wi-Fi user was configured to access a specific network name or Virtual LAN, or not. Many WLAN products now include context awareness. For example, Wi-Fi connections may be permitted only during certain hours or from specified locations, or may expire after a predetermined period. Incorporating context into an automated WLAN onboarding policy can simplify and strengthen temporary access for visitors, contractors and students.