Help

best practices to prevent wifi psk viewing / sharing

Sebastian0000
New Contributor

Posted on ‎06-18-2023 11:15 PM

Hello,

once again we have the problem, that at one school the wifi key was leaked.

tbh we really don't know how, because the wifi is pushed via jamfschool profile.

So it cannot be viewed with IOS 16.

What other settings in jamf restrictions do you recommend to prevent that?

thanks

0 Kudos
2 REPLIES 2

MIB
New Contributor III

Posted on ‎06-20-2023 12:29 AM

Hey there,

we use the good old MAC Filtering, it has its own problems but it works.

In your Jamf Profile you have the option in "Payloads" for "Security and Dataprotection". There you can uncheck "allow Passwordsharing on nearby devices" and " allow Passwordsharing via Airdrop".

Please dont mind if these are not the exact words for the settings, its a rough translation from german, but you should be able to find it.

____________________________________________________________
A basic principle is the crowbar for everything
0 Kudos

rob1
Contributor

‎06-20-2023 07:14 AM - edited ‎06-20-2023 07:31 AM

Best practices - don't use a pre-shared key unless you really have to and really limit the amount off devices that you push the profile to. Pre-shared keys are a risky option and can be shared, viewed on other macs that the user owns via keychain app.

If you're a school, then you should really be using Radius authentication and active directory for wifi, you can put this into the Jamf School payload along with the certificates to automatically trust.

Here's a how to for that using Windows NPS

0 Kudos