Jamf Nation Community

discounteggroll · ‎12-14-2016

In an effort to increase the security of our WiFI Network, we are looking to rotate SSID's and WPA2 passwords. While I'm not sure how much more secure this will make our WiFi, but am unsure if this can be done through our JSS. Any ideas or experience with kind of approach?

alexjdale · ‎12-14-2016

That is certainly an odd choice. Moving to certificate-based authentication would be more secure. This just creates a moving target that is still just as vulnerable at any given point in time.

I imagine you would just push the wifi settings with a configuration profile, and then remove it/reinstall the new one with the new SSID when you want to rotate. You might need to add a script to move the new SSID to the top of their preferred network order.

bburdeaux · ‎12-14-2016

Rotating the SSID should work fine from an automation stand point, as long as you install the new before removing the old. Rotating just the password, however, would be impossible to automate on iOS, as the remove command must complete before the new profile is sent. For OSX it should be possible to cache the new profile, then send a script to uninstall the old profile and install the new one, but there may be an issue with that workflow I'm not seeing.

From a security stand point, this doesn't really accomplish much, especially given the ease of install and increased security of cert-based auth.

ron_bledsoe · ‎12-15-2016

Keep in mind that the pre-shared key is easily viewable in keychain.

bentoms · ‎12-17-2016

@discounteggroll You can update the password in the profile, & repush it out.

This removes the old SSID then installs the new, which can be painful on iOS if wireless only.

Jamf Nation Community

Anyone have experience with rotating SSIDs/passwords?