Meraki

Community

Security vulnerability of open authentication when using Splash page?

Snika
Getting noticed
‎Jun 3 2024 1:25 AM
‎Jun 3 2024 1:25 AM

Security vulnerability of open authentication when using Splash page?

We are using Active directory combined with Splash page.
I must use open authentication to use Splash pages.
Open authentication does not allow the use of WPA encryption between the PC client and the AP.
Is this a security vulnerability?
What steps do we need to take to ensure that we meet the requirements of wireless security?

2024-06-03 17 23 13.png

2024-06-03 17 23 26.png

Labels:
0 Kudos
3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jun 3 2024 2:54 AM
‎Jun 3 2024 2:54 AM

It is not necessarily a security risk, as despite being an "open" network you will be requiring authentication. Of course, you won't have encryption, which is exactly why this is a type of network most suitable for Guest users.

 

https://documentation.meraki.com/MR/MR_Splash_Page/Integrating_Active_Directory_with_Sign-On_Splash_...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
ConnorL
Meraki Employee
Meraki Employee
‎Jun 3 2024 9:32 AM
‎Jun 3 2024 9:32 AM

Whilst your wireless traffic isn't encrypted, the HTTPS session between your client and the Splash Page server is.

 

If the SSID is primarily for employees/staff/trusted users, I would leverage 802.1X RADIUS instead. Yes the user won't get a pretty splash page, but it would then ensure the wireless traffic is encrypted. 

PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jun 4 2024 1:28 AM
‎Jun 4 2024 1:28 AM

You can use a PSK when using AD splash page authentication.

 

PhilipDAth_0-1717489565350.png

 

You could also get adventurous if you have WiFi6 APs and try our OWE encryption.
https://documentation.meraki.com/MR/Wi-Fi_Basics_and_Best_Practices/WPA3_Encryption_and_Configuratio...

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.