One person, one device, one password: Ruijie Flexible Office provides Lujia Paint with a "Wi-Fi Security Key"

Since the advent of Wi-Fi, users have had to face the risk of passwords being cracked by others, especially today when "freeloading tools" are popular. Although there are some advanced security protection measures, they are not suitable for small and medium-sized enterprises due to their very high construction costs. As a result, many small and medium-sized enterprises' wireless networks use "home-grade" PSK authentication, which not only cannot prevent "illegal freeloading" incidents, but is also likely to bring security risks of data leakage. Faced with this situation, the Lujia Paint Office Building, which deployed Ruijie's flexible office solution, brought many inspirations to the security application of corporate wireless office networks through the "one person, one machine, one password" approach.

Is there really a "neighbor Wang" on the office network?

Lujia Paint (Fujian) Co., Ltd. is a large-scale coating and coating integrated enterprise, headquartered in Fuzhou, Fujian, with several well-known brands. In order to make the product structure more reasonable, more technologically advanced and more competitive in the market, the company also rebuilt the office network while establishing the ERP system: on the basis of the wired network, the company purchased a home router and deployed a wireless network that supports mobile office applications. However, the company's leaders have always been worried about whether the company's wireless network is secure enough and whether it will threaten the ERP system? In addition, after continuously upgrading the bandwidth, this wireless network is "sometimes good and sometimes bad", which also makes people wonder if someone is using it for free.

[[197444]]

Image: Lujia Paint Office Building

Indeed, from a wireless professional perspective, Lujia's early wireless network was not secure. Generally, companies that purchase home routers use home-grade PSK (one network, one password) for wireless access. However, the large number of Wi-Fi sharing apps that have emerged has already made PSK security meaningless. As long as there is an employee who has no network security awareness, installs apps such as "Master Key" on his mobile phone, or shares the password casually, "Mr. Wang next door" can easily access the internal network through wireless, not only downloading videos and playing games, but also endangering product formulas, financial data, sales data, and employee personal information is also very easy to leak.

Secondly, the office building of Lujia Paint has three floors, each floor is about 300 square meters, and high-power home APs are deployed. After repeated debugging, the administrator uses a signal name (SSID) for each floor to ensure that each floor can access the AP with the best signal. However, if people move across floors, they need to disconnect from the original network and associate with the new floor signal. At this time, if the terminal is not associated with the nearby AP but connected to the remote AP, the Internet access rate will drop significantly.

Flexible office with unique “one person, one computer, one password”

The company leaders believe that network security risks must be completely eliminated. Although wireless is small, it involves a wide range of issues. A wireless construction that takes into account experience, operation and maintenance, and security requires access to various components such as AP, controller AC, authentication system, operation and maintenance management system, and requires professional technicians. For Lujia Paint, this will lead to high investment costs. For this reason, Ruijie Networks recommended a wireless flexible office solution for Lujia Paint, which includes Ruijie's original P-PSK (Personal Pre-Shared Key) access authentication, which can achieve high-security wireless protection of "one person, one machine, one password".

However, Chen, who is also in charge of the network at Lujia, was worried whether the deployment of P-PSK would cause troubles in subsequent maintenance. In response, Ruijie engineers had in-depth communication and explained in detail how to implement P-PSK.

First, Ruijie P-PSK authentication has the security of 802.1x level and the usability of traditional PSK. For Lujia users, the usage habits remain unchanged, which is consistent with traditional PSK authentication, but eliminates the disadvantages of Wi-Fi shared keys. Secondly, P-PSK can be implemented with only one AC, without adding authentication server equipment. Finally, account addition and recovery are very easy, and can be operated without network management experience. In addition, the "Cybersecurity Law of the People's Republic of China" that will be officially implemented soon requires that all network access must provide identity information, and P-PSK is the best practice for small and medium-sized enterprises to comply with this regulation.

The characteristics of Ruijie's flexible office solution are flexibility and simplicity. Lujia Paint uses Ruijie RG-AP520-I to achieve full coverage of the office area in the entire building, and uses WIS to optimize and adjust the wireless access signal to ensure that there are no dead spots in the signal, so that every employee can experience the feeling of extremely fast Internet access after access. It is worth mentioning that this network adjustment, from deployment to optimization, took only one hour for Ruijie's wireless flexible office solution to be implemented.

After the program upgrade, employees are satisfied and bosses are relieved

After deployment, Chen, who is in charge of the network, assigned P-PSK accounts to all employees on the EWEB page of the controller for employee access authentication. After the employee accesses for the first time, the background automatically records the corresponding relationship between the terminal's MAC address and password, as shown in the figure below.

Figure: Automatically record the correspondence between "terminal + MAC address + password"

The redeployed Wi-Fi network enables simple and easy high-security access, while completely solving the problem of poor Internet experience.

Regarding the newly deployed Ruijie flexible office solution, Xiao Chen said: "Through testing, when a mobile phone shares the password using 'Universal Wi-Fi', other mobile phones that obtain the password cannot access the Internet. Now our boss will not always ask me whether the wireless network is secure enough."

Xiao Sun, assistant to the general manager, also said: "This solution is indeed much easier to use than the previous one. When I move between floors, the network always maintains a smooth connection, which is especially convenient for me to communicate with colleagues on WeChat at any time. Since I only need to enter the password once, it is also very convenient to use."

"The current network has solved the wireless security problem that has been plaguing the company. I can rest assured to put my business on the wireless network, and the experience has also improved a lot. The overall deployment cost is not high, the construction period is fast, and there is no subsequent operation and maintenance cost. This solution is really good." Mr. Tong, general manager of Lujia Company, gave a fair evaluation of the application experience and gave the most valuable "thumbs-up" to Ruijie Network's new solution.