Story image

Best practices for WLAN

01 Jul 08

The growing adoption of Wireless LAN (WLAN) has given rise to a number of threats that are increasingly complex and harder to prevent.

An intruder may attempt to eavesdrop, collect passwords and render your IT systems and data vulnerable. They may also establish themselves as a trusted party by spoofing an internal IP address and duping users into sharing critical business information. If they obtain a broadcast name or SSID, they may create a WLAN AP with similar name and mislead users to their “evil twin” AP and steal their passwords.

Even without logging onto the network, an attacker may launch denial of service (DoS) by flooding the airwaves with a stronger WLAN signal of random traffic and preventing legitimate users from accessing your WLAN.

Organisations deploy WLAN to enjoy the convenience of anytime, anywhere access to the internet and corporate data. However, a lot of the WLAN AP installed depends upon firewall and VPN solutions for protection. These solutions lack strong encryption and authentication to adequately protect the network against misuse and eavesdropping.

Mind your weakest link

A challenge of managing WLAN is making users aware of how they unwittingly expose corporate networks to attacks. How many of them, for instance, would attempt to connect to unrecognised WLAN SSIDs in public spaces, unaware that an open network could compromise user’s data? Below are some best practices an organisation should apply to guarantee safe WLAN access:

  •     Ensure laptops accessing WLAN have firewalls enabled and anti-virus software updated.  When accessing the network over the WLAN, notebooks must always connect to VPNs.

  •     Implement security policies and penalties for unauthorised action such as installing personal WLAN access points on the office window to access the WLAN network of a nearby café.

  •     Modify default SSID and password and hide SSID as much as possible to prevent “evil twin” attack. 

  •     Use stronger and more reliable encryption. Since WEP encryption has been proven vulnerable, organisations should investigate more reliable methods such WPA2 with AES WLAN encryption.

  •     Separate internal WAN traffic from that of business partners and office guests. Trusted users should access the corporate network over VPN to prevent others from spying on internal traffic.

  •     Create more network segments to increase security and prevent break-ins. This can be achieved by dividing the workforce into segments.

Consider WISP

Wireless Intrusion Prevention System (WIPS) represents one of the best technologies available for organisations to protect their LAN and wired security investments from wireless attacks.  WIPS works like a wired firewall, but is focused on the corporate airwaves instead of packets. It is designed to automatically identify and prevent attacks, provide real-time network audits, assist in performance troubleshooting, and monitor the overall health of the wireless LAN.

To make the most of your investments, be sure that the WIPS you buy and deploy has the following capabilities:

  •     Efficient auto classification: Many solutions can detect rogue APs but are unable to determine whether AP discovered is on the internal network or a neighboring network. To minimise false positives, WIPS must automatically classify and ignore external devices and immediately block those that pose a threat to the network.

  •     Robust WLAN threat prevention: WIPS must be able to handle multiple attacks.

  •     Simplified compliance reporting: WIPS must be able to generate customisable security violation summary that can be easily accessed by IT managers.

  •     Scalability and manageability: WIPS should have the capability to control multiple levels of security policy and enforce those policies consistently across globally distributed WLANs.

  •     Easy web-based deployment: Creating a distributed and secure WLAN system across an enterprise should be simple. It should be able to define security and access policy once, and then have it rolled out across all the WLAN APs in a corporate network, with everything managed through a web-based interface.

Most WLANs have inherent security issues, but the benefits can still be enjoyed safely. With strong authentication and encryption, effective intrusion prevention and clear and precise security policies, organisations can still obtain the full benefit of secure anytime, anywhere access to corporate network.  

Kiwis make waves in IoT World Cup
A New Zealand company, KotahiNet, has been named as a finalist in the IoT World Cup for its River Pollution Monitoring solution.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
How SMBs can use data to drive business outcomes
With the right technology, companies can capture consumer, sales, and expense data, and use it to evaluate and construct future plans.
Survey shows that IoT is RoI across Asia Pacific
A recent Frost & Sullivan survey across Australia, Hong Kong and Singapore shows that IoT deployment improves business metrics by around 12%.
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.