When a user logs onto a traditional WiFi network which uses WPA-PSK or WPA2-PSK network (PSK standing for ‘pre-shared key’), authentication occurs when the user enters the correct security key, they’re then able to connect to the wireless network.
This scenario becomes problematic for larger businesses. Knowing exactly who uses your network (or who knows the password) becomes virtually impossible and frequently changing the password to remove unwanted users from the network is not ideal for larger networks with a high volume of users.
This is where 802.1x authentication has some huge advantages for businesses.
By combining 802.1x Enterprise Authentication with a RADIUS server, we use the Authentication, Authorisation, and Accounting (AAA or Triple A) system, which is a far more intelligent and secure method of controlling access to networks. 802.1x requires that the data provided by the authenticator is authenticated against a back-end infrastructure such as Microsoft Active Directory containing the individual user credentials required for authentication.
Once the credentials are approved by the RADIUS server, the user is granted permission to join the network.
The difficulties surrounding user management and scalability of PSK protected networks are nonexistent. Users who join networks using 802.1x authentication go through two levels of data encryption and their secure sessions within particular networks are monitored by the RADIUS server.
Unlike with password protected PSK networks, authenticated users can be individually tracked and removed from a network, for example – if a user looses a device or leaves a business, their WiFi access can be easily disabled without affecting any other users.
The use of enterprise WiFi security should be considered regardless of the size of network. This can help better secure the network by giving each device or user unique login credentials. The setup process doesn’t have to be costly or time consuming either.