cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7812
Views
0
Helpful
2
Replies

Can we protect our wifi network with Duo?

sparrowhawk
Level 1
Level 1

I see no mention of this, but is it possible? We use Meraki currently.

1 Accepted Solution

Accepted Solutions

gleezy1
Level 1
Level 1

Hey Sparrowhawk,

Almost definitely. Especially if your APs support RADIUS, LDAP, or supports a captive portal that you can customize. (WebSDK).

Most commonly we see people that express an interest in this not actually moving forward with it for a few reasons:

  1. Can be a poor user experience - easiest to implement is Auto Push with RADIUS, this can cause additional verification prompts via Push when a user wakes up a sleeping laptop, moves to a new AP, changes network configuration, etc. This leads to a user being desensitized to authentication requests and they will end up approving anything and everything.

  2. Wifi isn’t a terribly secure medium, an attacker with physical access has many tools at their disposal to attack wifi networks, even when they are encrypted. Network segmentation and VPNs can be helpful in this regard.

  3. Most APs offer very minimal configurability when using authetnication like RADIUS - hard coded authenticaition timeouts, retry intervals, etc.

All of that being said, I have definitely worked with customers to do exaclty what you propose - maybe some can chime in here and share their experiences.

Cheers

View solution in original post

2 Replies 2

gleezy1
Level 1
Level 1

Hey Sparrowhawk,

Almost definitely. Especially if your APs support RADIUS, LDAP, or supports a captive portal that you can customize. (WebSDK).

Most commonly we see people that express an interest in this not actually moving forward with it for a few reasons:

  1. Can be a poor user experience - easiest to implement is Auto Push with RADIUS, this can cause additional verification prompts via Push when a user wakes up a sleeping laptop, moves to a new AP, changes network configuration, etc. This leads to a user being desensitized to authentication requests and they will end up approving anything and everything.

  2. Wifi isn’t a terribly secure medium, an attacker with physical access has many tools at their disposal to attack wifi networks, even when they are encrypted. Network segmentation and VPNs can be helpful in this regard.

  3. Most APs offer very minimal configurability when using authetnication like RADIUS - hard coded authenticaition timeouts, retry intervals, etc.

All of that being said, I have definitely worked with customers to do exaclty what you propose - maybe some can chime in here and share their experiences.

Cheers

I am looking for the very easiest way to stand up access to our small office WiFi authentication using 2FA. For the lass than 10 people who will be accessing, If I can simply have a wireless access point to deliver the WiFi and then a simple service like DUO to provide the 2FA with using google authenticator, that would be great. I don’t know if the DUO service has a simple directory so we can upload the 10 users max into some sort of list that we control . Simple administration is preferred. We do not need to control any apps or anything… only the access to our WiFi access point

Quick Links