topic Re: Security vulnerability of open authentication when using Splash page? in Wireless

Security vulnerability of open authentication when using Splash page?

JustTakeTheFirstStep — Mon, 03 Jun 2024 08:25:07 GMT

We are using Active directory combined with Splash page.
I must use open authentication to use Splash pages.
Open authentication does not allow the use of WPA encryption between the PC client and the AP.
Is this a security vulnerability?
What steps do we need to take to ensure that we meet the requirements of wireless security?

Re: Security vulnerability of open authentication when using Splash page?

aleabrahao — Mon, 03 Jun 2024 09:54:37 GMT

It is not necessarily a security risk, as despite being an "open" network you will be requiring authentication. Of course, you won't have encryption, which is exactly why this is a type of network most suitable for Guest users.

https://documentation.meraki.com/MR/MR_Splash_Page/Integrating_Active_Directory_with_Sign-On_Splash_Page_For_MR_Access_Points

Re: Security vulnerability of open authentication when using Splash page?

ConnorL1 — Mon, 03 Jun 2024 16:32:16 GMT

Whilst your wireless traffic isn't encrypted, the HTTPS session between your client and the Splash Page server is.

If the SSID is primarily for employees/staff/trusted users, I would leverage 802.1X RADIUS instead. Yes the user won't get a pretty splash page, but it would then ensure the wireless traffic is encrypted.

Re: Security vulnerability of open authentication when using Splash page?

Philip D'Ath — Tue, 04 Jun 2024 08:28:01 GMT

You can use a PSK when using AD splash page authentication.

You could also get adventurous if you have WiFi6 APs and try our OWE encryption.
https://documentation.meraki.com/MR/Wi-Fi_Basics_and_Best_Practices/WPA3_Encryption_and_Configuration_Guide