Meraki Community

AnkitSharma1

I want to improve the wireless security for my company. We currently have guest Wi-Fi and production Wi-Fi, both using PSK (Pre-Shared Key). The guest SSID has no access to the production network.

However, employees sometimes share the production Wi-Fi, and occasionally, the PSK is written on a board. How can we secure the production wireless? Should I use OWE with only AD authentication for the production network, or would setting up a RADIUS server be a better option?

I am currently testing AD authentication but haven't fully set up the RADIUS server yet. I am thinking to go with AD authencation only.

Please suggest

KarstenI

With the passphrase written on the board, you have no security at all. The only real secure way is to use Enterprise Authentication (802.1X, EAP). But only if done correctly. In between your security and 802.1X is the usage of Passphrase/PSK when they are pushed with an MDM.

OWE is susceptible to MitM attacks and is not meant for corporate WLANs.

PhilipDAth

I agree with @KarstenI , 802.1x is the way to go.

If your company is relatively small, you can use local Meraki accounts. This is super easy to deploy.

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring__WPA2-Enterprise_with_...

Another option, not as good, but still easy is to use iPSK. Give each individual user their own PSK. No more PSK sharing.

https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_Authentication_without_RADIUS

Meraki Community

Wireless Security

Wireless Security