Apogee Wi-Fi includes several security features designed to safeguard user data:

  • All Wi-Fi connections are secured with industry-standard WPA2 encryption and each user is given a unique pre-shared key (PSK). This provides greater security compared to a common PSK shared by all users, which can be used by anyone to easily decrypt other users’ data. In addition, WPA2 PSKs are never transmitted over the air unencrypted, unlike other standards such as 802.1x EAP-PEAP where password credentials are transmitted without encryption and can be intercepted. Furthermore, on Apogee Wi-Fi, users have the ability to change their PSK at any time in the event that it becomes compromised.
  • On Apogee networks, each Wi-Fi user is assigned to a unique virtual local area network (VLAN), which fully isolates each user’s traffic on the network from that of all other users. Less secure Wi-Fi networks typically do not provide VLAN isolation. Without VLAN isolation, nefarious users on the network would have the ability to directly communicate with, and potentially compromise, any other user’s devices.

iOS and Android include a feature that advertises a random, private media access control (MAC) address when devices identify to a new wireless network. This is a privacy feature designed to prevent unknown Wi-Fi networks from tracking users, however it does not provide an enhancement to the security of data that is transmitted over Wi-Fi networks once a connection is made. On Apogee networks, the MAC address is used to associate a Wi-Fi device to a user account so that the device can be authorized to use the network and the encryption can be configured correctly. Disabling the random MAC address option for Apogee networks ensures that no unknown devices are allowed onto the network, and that each device gets assigned to the correct VLAN for the user.

