The growing adoption of Wireless LAN (WLAN) has given rise to a number of threats that are increasingly complex and harder to prevent.
An intruder may attempt to eavesdrop, collect passwords and render your IT systems and data vulnerable. They may also establish themselves as a trusted party by spoofing an internal IP address and duping users into sharing critical business information. If they obtain a broadcast name or SSID, they may create a WLAN AP with similar name and mislead users to their “evil twin” AP and steal their passwords.
Even without logging onto the network, an attacker may launch denial of service (DoS) by flooding the airwaves with a stronger WLAN signal of random traffic and preventing legitimate users from accessing your WLAN.
Organisations deploy WLAN to enjoy the convenience of anytime, anywhere access to the internet and corporate data. However, a lot of the WLAN AP installed depends upon firewall and VPN solutions for protection. These solutions lack strong encryption and authentication to adequately protect the network against misuse and eavesdropping.
Mind your weakest link
A challenge of managing WLAN is making users aware of how they unwittingly expose corporate networks to attacks. How many of them, for instance, would attempt to connect to unrecognised WLAN SSIDs in public spaces, unaware that an open network could compromise user’s data? Below are some best practices an organisation should apply to guarantee safe WLAN access:
- Ensure laptops accessing WLAN have firewalls enabled and anti-virus software updated. When accessing the network over the WLAN, notebooks must always connect to VPNs.
- Implement security policies and penalties for unauthorised action such as installing personal WLAN access points on the office window to access the WLAN network of a nearby café.
- Modify default SSID and password and hide SSID as much as possible to prevent “evil twin” attack.
- Use stronger and more reliable encryption. Since WEP encryption has been proven vulnerable, organisations should investigate more reliable methods such WPA2 with AES WLAN encryption.
- Separate internal WAN traffic from that of business partners and office guests. Trusted users should access the corporate network over VPN to prevent others from spying on internal traffic.
- Create more network segments to increase security and prevent break-ins. This can be achieved by dividing the workforce into segments.
Wireless Intrusion Prevention System (WIPS) represents one of the best technologies available for organisations to protect their LAN and wired security investments from wireless attacks. WIPS works like a wired firewall, but is focused on the corporate airwaves instead of packets. It is designed to automatically identify and prevent attacks, provide real-time network audits, assist in performance troubleshooting, and monitor the overall health of the wireless LAN.
To make the most of your investments, be sure that the WIPS you buy and deploy has the following capabilities:
- Efficient auto classification: Many solutions can detect rogue APs but are unable to determine whether AP discovered is on the internal network or a neighboring network. To minimise false positives, WIPS must automatically classify and ignore external devices and immediately block those that pose a threat to the network.
- Robust WLAN threat prevention: WIPS must be able to handle multiple attacks.
- Simplified compliance reporting: WIPS must be able to generate customisable security violation summary that can be easily accessed by IT managers.
- Scalability and manageability: WIPS should have the capability to control multiple levels of security policy and enforce those policies consistently across globally distributed WLANs.
- Easy web-based deployment: Creating a distributed and secure WLAN system across an enterprise should be simple. It should be able to define security and access policy once, and then have it rolled out across all the WLAN APs in a corporate network, with everything managed through a web-based interface.
Most WLANs have inherent security issues, but the benefits can still be enjoyed safely. With strong authentication and encryption, effective intrusion prevention and clear and precise security policies, organisations can still obtain the full benefit of secure anytime, anywhere access to corporate network.