When did you last change your office WiFi password?

…(and how RADIUS can help)

The age old proverb, “A chain is only as strong as its weakest link”, certainly applies to network security. With so much attention spent on encryption, securing user endpoints, anti-phising software, can you remember the last time you changed your office WiFi password? And come to think of it, how many staff members have joined and left since then, not to mention your various guests and clients that might have joined your network during meetings and visits etc.

Ideally, one would change the password on a regular basis; and especially after a member of staff leaves the company. However, the reality is that is this far to impractical and labour intensive. And here at LeftBrain, we prefer to work smarter, not harder.

This is where RADIUS comes in (As industry acronyms go, this one isn’t bad). Wikipedia defines it as: Remote Authentication Dial-in User Service. Put simply, it’s a protocol designed to provide centralised network authentication of your users.

How does this help network security?

Let’s imagine every staff member has their own unique WiFi password to join the company network. Now, not only can you account for when (and where) a user joins your network (this is useful for auditing and a host of all other benefits), when they leave, you can deauthenticate their specific credentials without affecting the rest of the office. RADIUS allows you to do this. Since most companies already create user accounts to access an on-premise server, or cloud storage accounts (Microsoft’s ActiveDirectory being one of the most popular), RADIUS can automagically use these accounts for authentication to the network.

This sounds complicated and expensive.

It can be, but it also doesn’t have to be. We’ve helped our clients roll out RAIDUS authentication with very little additional investment, more often than not, the equipment and software required is already built into the existing network infrastructure (one of the perks of having your IT support partners handle everything). Once setup, everything works like normal WiFi. In fact, it’s completely transparent to the end user as all macOS and iOS devices support RADIUS and will auto join the network.

Within the UniFi controller, enabling RADIUS is as simple as turning it on and defining an authentication server.

For a typical office, we’ll normally deploy three wireless networks:

1. The main company WiFi. This can only be logged on via RADIUS authentication. Access to company data is only available via this network.
2. Infrastructure WiFi. Can be a hidden SSID, but protected by WPA2 Passcode. This is reserved for WiFi devices used in and around the office, such as the office Sonos or wireless printer. Only administrators or senior management should know this password.
3. Guest WiFi. A segregated, restricted network.

Now when a staff member is off-boarded, their user account is normally archived and disabled. With RADIUS implemented, their WiFi access will also be revoked at the same time, this closing off the loop.

For more information and to see how we can implement RADIUS (and tighten up your network security), get in touch.

Can you NetBoot/NetInstall into El Capitan from Snow Leopard Server?

Short answer: Yes.

You may have an Snow Leopard Server and you run your business on it. Your client Macs may also connect to it for File Sharing, VPN, or other services that are available on this full featured server operating system.

You also want to make sure that your client Macs use up to date operating systems and you’ve made the decision to upgrade them all to El Capitan.

If you have only a few Macs then it makes sense to just use the App Store to upgrade. If you have more than a few you could create a USB key with the El Capitan installer on it and visit each Mac and upgrade them - may you want to make copied of the installer key to give to your support team so the upgrade can be done in less time.

What if you have a lot of Macs to upgrade? You could use the NetBoot/NetInstall service to make this job much easier for. Great, but you have a 10.6 Server operating system, you have no idea whether you can achieve this using a 7 year old server and you don’t want to test using your production server. Just in case things go wrong due to configuration changes you will make.

Thankfully, we at LeftBrain have tested this and we can confidently say that it works! If you want to test this yourself then read the rest of this blog post.

Read more →

Server Health Checks 😍

We’ve recently implemented a new strategy for our clients so we can proactively automate the reporting of their server infrastructure with scheduled Server Health Checks.

By deeply embedding tools like Server Density into our workflow and directly integrating them with Zendesk and our Slack comms, our automated Server Health Checks allow us to deal with potential errors in running server updates, dealing with failed backups and or corrupt data before things get nasty!

We all like a break from being at our desks regularly, but a break in realising an idea because of system downtime sucks, so we usually aim to be in touch and alert our clients of developing issues long before they happen, but when snags do occur, one of our braincells is almost certainly already working on a fix remotely or on their way to sort things out onsite.

We understand and care that your systems are at the heart of your ambitions as a business, school or enterprise, therefore we’re always quietly doing digital Tai chi to ensure that nothing interrupts or hinders your team and their workflow.

If you’d like to know more about our proactive approach towards infrastructure management or you could use our help, please do give us a nudge via help@leftbrain.it!