Can we protect our wifi network with Duo?


#1

I see no mention of this, but is it possible? We use Meraki currently.


#2

Hey Sparrowhawk,

Almost definitely. Especially if your APs support RADIUS, LDAP, or supports a captive portal that you can customize. (WebSDK).

Most commonly we see people that express an interest in this not actually moving forward with it for a few reasons:

  1. Can be a poor user experience - easiest to implement is Auto Push with RADIUS, this can cause additional verification prompts via Push when a user wakes up a sleeping laptop, moves to a new AP, changes network configuration, etc. This leads to a user being desensitized to authentication requests and they will end up approving anything and everything.

  2. Wifi isn’t a terribly secure medium, an attacker with physical access has many tools at their disposal to attack wifi networks, even when they are encrypted. Network segmentation and VPNs can be helpful in this regard.

  3. Most APs offer very minimal configurability when using authetnication like RADIUS - hard coded authenticaition timeouts, retry intervals, etc.

All of that being said, I have definitely worked with customers to do exaclty what you propose - maybe some can chime in here and share their experiences.

Cheers