decrypting myths
for them to take back
to the office. Wi-Fi
security systems need to
automatically re-classify an
authorised client as a rogue
client the moment it is detected
connected to a malicious AP and
prevent this client from re-associating
to private authorised SSIDs until IT has
confirmed the device is free of malware.
5. Ad-hoc networks
This threat is essentially a peer-to-peer
Wi-Fi connection between clients that lets
two or more devices communicate with
each other directly, circumventing network
security policies and making the traffic
invisible. Any employee could quickly
set up an ad-hoc network between their
colleagues’ devices if they wanted.
Wi-Fi solutions must be capable of
automatically detecting when authorised
clients, managed by corporate IT,
are participating in ad-hoc networks
and prevent this connection, even if
encrypted using cell-splitting techniques
or similar methods.
6. Misconfigured APs
been victimised by a plethora of man-in-
the-middle (MitM) attacks that include
loading ransomworms, malware or
backdoors onto the client. When a rogue
client connects to another network, it
can spread this malware.
Ryan Orsi, Director Product Management,
WatchGuard Technologies
www.intelligentciso.com
|
Issue 14
For instance, take a person that stops by
the same cafe on the way to work every
day. Since they’ve connected to the cafe
Wi-Fi before, their phone automatically
connects once inside. One day, someone
sets up an evil twin AP, tricks this person’s
phone and infects it with ransomware
It can be too easy for network
administrators to accidentally make a
configuration mistake such as making a
private SSID open with no encryption,
potentially exposing sensitive information
to interception over the air. This can
happen any time an access point isn’t
set up properly (for example, by leaving
default settings unchanged).
Wi-Fi management systems need
to include configuration policy
settings where IT admins can specify
details such as minimum encryption
requirements on SSIDs broadcasted
by managed APs, vendor OUIs allowed
to broadcast SSIDs and so on. An AP
on the authorised network that does
not adhere to this policy should be
prevented at layer two from having any
clients connect to it until IT remedies the
configuration error. u
69