Role Based Access Control (RBAC) is the process of being able to assign a specific security policy to users or groups of users that connect to the network. School wireless networks, hospital wireless networks and even enterprises should use Role Based Access Control to solve wireless security concerns.
What Can Role Based Access Control Do?
When a user logs onto the wireless network, the system assign a Security Policy to them based upon their login creditentials. If it is an employee computer, the Security Policy will assign them under the "Employee" user access group, giving them access to specific network features that have already been preassigned (such as email server, web gateway and a limited set of internal servers). Same goes for hospitals -- if the user trying to connect is on the guest wifi and is a patient, they will be automatically assigned specific access to the internet or other allowed features. Many wireless networks do not automatically do this.
3 Ways Role Based Access Control Helps Network Security
1. Assigns Roles and Policies To UsersThe first rule of data security is that you only allow people access to the systems they need to access. For example, an Executive Role would include a Security Policy that allows them access to the financial servers, while an Employee Role would have limited access to sensitive servers. Role Based Access control will do this.
2. Directory Services Integration
Directory Services Integration is a critical step to provide wireless security by being able to authenticate each user connecting to the network. The credentials created for each person inside your directory services should also be used to authenticate the user on the wireless infrastructure. This means you're only maintaining one database of users accessing the network.
This also works to secure someone not in directory services. If they don't have credentials, they don't get access, or you can allow them in a "guest" user role.
3. Wireless Firewalls
Your system needs to be able to segment traffic by user groups similar to the way a LAN firewall segments VLANS. For example, a guest user should be denied all internal servers and only be able to access the internet gateway to surf the web and check email.
Each user group you’ve defined should have a Role on the network which correlates to a Security Policy for the network. If the user doesn’t have network credentials, they don't get access, or they get a guess role. Either way, you’re system is secure.
At SecurEdge WiFi, we can help design a complete, secure wireless network for your school, hospital or enterprise. By using advanced Next-Generation Firewall techniques, updated systems and role based access control, we can help establish a wireless network that will not just support the many devices on the network, but also provide security and network control.
Contact us here for a free consultation or download our free wireless design guide below!