Meraki

Community

Wireless Security

AnkitSharma1
Here to help
‎Oct 14 2024 10:35 AM
‎Oct 14 2024 10:35 AM

Wireless Security

I want to improve the wireless security for my company. We currently have guest Wi-Fi and production Wi-Fi, both using PSK (Pre-Shared Key). The guest SSID has no access to the production network.

However, employees sometimes share the production Wi-Fi, and occasionally, the PSK is written on a board. How can we secure the production wireless? Should I use OWE with only AD authentication for the production network, or would setting up a RADIUS server be a better option?

I am currently testing AD authentication but haven't fully set up the RADIUS server yet. I am thinking to go with AD authencation only.

 

AnkitSharma1_0-1728927251650.png

 

 

Please suggest

0 Kudos
2 Replies 2
KarstenI
Kind of a big deal
Kind of a big deal
‎Oct 14 2024 12:45 PM
‎Oct 14 2024 12:45 PM

With the passphrase written on the board, you have no security at all. The only real secure way is to use Enterprise Authentication (802.1X, EAP). But only if done correctly. In between your security and 802.1X is the usage of Passphrase/PSK when they are pushed with an MDM.

OWE is susceptible to MitM attacks and is not meant for corporate WLANs.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Oct 14 2024 12:58 PM
‎Oct 14 2024 12:58 PM

I agree with @KarstenI , 802.1x is the way to go.

 

If your company is relatively small, you can use local Meraki accounts.  This is super easy to deploy.

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring__WPA2-Enterprise_with_...

 

Another option, not as good, but still easy is to use iPSK.  Give each individual user their own PSK.  No more PSK sharing.

https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_Authentication_without_RADIUS

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.