Article written by Kirk Jensen, a Senior Product Marketing Manager at WatchGuard Technologies
Complexity is the new normal, which applies equally to businesses’ networks and wireless environments. This is complicated further by the fact that cyberattacks that seek to exploit vulnerabilities in organizations' WLANs (Wireless Local Area Networks) are becoming increasingly sophisticated. On World Wi-Fi Day, we want to offer you security tips to create a safer wireless environment.
The unusual attack on a US financial firm is a case in point. The firm detected abnormal activity on its internal shared workspace portal and realized it originated inside the company's network. The surprise came when they discovered hackers had managed to intercept a user's login credentials and Wi-Fi information using a drone. The drone was equipped with a modified Pineapple Wi-Fi device, which is used for network penetration testing. To finish the job, the cybercriminals sent in a second drone carrying a case containing a Raspberry Pi, several batteries, a GPD mini laptop, a 4G modem, and another Wi-Fi device. They then used these tools to compromise the company's internal website and reach other devices by exploiting the stored credentials. In this sophisticated attack, physical presence within range of the building's wireless network was not even necessary.
5 tips on how to create a more secure wireless environment
Given this complex situation, businesses must carefully plan and execute a cohesive strategy to protect their WLANs against data loss and unauthorized access. As the cyber threat landscape stands, secure access points are imperative for protecting corporate wireless environments. Companies must also ensure their cybersecurity policies are well formulated and adapted to the new working reality, including remote and hybrid employees. To that end, we recommend following these five wireless security tips:
1. Segment Wi-Fi users and devices by SSID:
Each department and each device use wireless networks in different ways, so to protect devices that support WPA-Enterprise from those that only support WPA-Personal, it is best to segment legacy devices into a separate SSID. This means cybersecurity managers can generate access policies around the less secure endpoints.
2. Create a guest Wi-Fi network:
By configuring a separate guest Wi-Fi SSID, access policies can block guest devices from communicating with users or devices within the company network while distributing Internet traffic securely beyond the network edge.
3. Prevent signal strength from reaching unsafe areas:
When access points are installed near outside walls, their power levels need to be adapted to reduce leakage to neighboring spaces. This reduces the likelihood of an unauthorized user successfully connecting to the network.
4. Configure LAN switching ports:
Security must be considered when configuring the ports that connect the wireless access points to the company’s LAN. It is advisable to enter the management IP addresses of the access points in a segmented virtual LAN, allowing only specific VLANs to connect to the access points. We also recommend using port security techniques with fixed MAC addresses to prevent actors from disconnecting an access point and connecting an unauthorized device to the LAN.
5. Employ external security tools that strengthen the security of wireless networks:
Add another layer of protection by deploying other solutions such as MFA, endpoint security, VPN, and firewalls capable of protecting users, devices, and data transported over the WLAN.
Why you need a framework for a trusted wireless environment
To achieve trusted wireless environments, businesses must implement security policies that match their current needs, in conjunction with secure Wi-Fi access points capable of elevating the wireless experience while providing comprehensive security against the top 6 Wi-Fi threats: rogue access point, neighbor access points, "evil twin" access point, rogue client, ad hoc network and misconfigured access point.
This can be complicated, as IT systems do not operate independently, and connections to networks and devices are constantly growing. Standardizing remote and hybrid working practices creates added complexity for securing business networks. WatchGuard's Trusted Wireless Environment provides the guidance businesses need to achieve an optimized Wi-Fi network. Our framework is built on three pillars to ensure optimal functionality, scalable management, and comprehensive WLAN security.
If you want to learn more about trusted wireless environments and secure Wi-Fi hotspots, check out the following products :
Trusted Wireless Environment
Secure Wifi Series
Wifi 6 Cloud Ready Access Points
* Please Note: BlueAlly is the authorized reseller of WatchGuard and this article is authorized by WatchGuard.