Help

Anyone have experience with rotating SSIDs/passwords?

discounteggroll
New Contributor III

Posted on ‎12-14-2016 11:40 AM

In an effort to increase the security of our WiFI Network, we are looking to rotate SSID's and WPA2 passwords. While I'm not sure how much more secure this will make our WiFi, but am unsure if this can be done through our JSS. Any ideas or experience with kind of approach?

0 Kudos
4 REPLIES 4

alexjdale
Valued Contributor III

Posted on ‎12-14-2016 11:50 AM

That is certainly an odd choice. Moving to certificate-based authentication would be more secure. This just creates a moving target that is still just as vulnerable at any given point in time.

I imagine you would just push the wifi settings with a configuration profile, and then remove it/reinstall the new one with the new SSID when you want to rotate. You might need to add a script to move the new SSID to the top of their preferred network order.

0 Kudos

bburdeaux
Contributor II

Posted on ‎12-14-2016 02:37 PM

Rotating the SSID should work fine from an automation stand point, as long as you install the new before removing the old. Rotating just the password, however, would be impossible to automate on iOS, as the remove command must complete before the new profile is sent. For OSX it should be possible to cache the new profile, then send a script to uninstall the old profile and install the new one, but there may be an issue with that workflow I'm not seeing.

From a security stand point, this doesn't really accomplish much, especially given the ease of install and increased security of cert-based auth.

0 Kudos

ron_bledsoe
New Contributor

Posted on ‎12-15-2016 11:36 AM

Keep in mind that the pre-shared key is easily viewable in keychain.

0 Kudos

bentoms
Release Candidate Programs Tester

Posted on ‎12-17-2016 04:26 AM

@discounteggroll You can update the password in the profile, & repush it out.

This removes the old SSID then installs the new, which can be painful on iOS if wireless only.

0 Kudos