Blog

Enterprise Wireless network Security

Protect Your Enterprise Wireless Network

Industry Insight

Protect Your Enterprise Wireless Network

What is Enterprise Wireless network Security?

Enterprise Wireless Network Security is securing multiple networks in the infrastructure that connects systems, mainframes, and devices within an enterprise. Businesses, the education sector, the government sector, and others use enterprise wireless networks to connect their users with information and people.

What threats does Enterprise Wireless Network face?

Wifi provides over-the-air bridging to your corporate infrastructure and for that, needs to be secured accordingly. The weak link in WIFI security is usually a lack of strong authentication: access is granted either with a pre-shared key or at best, with a simple username and password.

Before starting, let us understand the components in enterprise wireless networks which are vulnerable to attack and will result in compromised data- 

-The transmission of data using radio frequencies

-Access points that provide a connection to the organizational network  and/or the Client devices (laptops, tablets, etc.)

-Users

 

Enterprise Wireless Networking Component
Enterprise Wireless Networking Components

 

 

 

The 5 most common Enterprise Wireless Network Security threats are:

1) Identity theft (MAC Spoofing)

Identity theft(MAC Spoofing) crops up if a hacker manages to listen in on network traffic and identify the MAC address of a computer. Generally, wireless systems support some kind of MAC filtering to allow authorized computers with distinct MAC IDs to gain access and utilize the network. Yet, a number of programs exist that have network “sniffing” capabilities. Combine these programs with other software that allows a computer to pretend it has any MAC address that the cracker desires and the cracker can easily get around that hurdle. 

2) Denial of service 

A Denial-of-Service attack (DoS) appears when an attacker constantly bombards a targeted AP (Access Point) or network with bogus requests, premature successful connection messages, failure messages, and/or other commands. This results in genuine users not being able to get on the network and may also end with the network crashing. These attacks confide in the abuse of protocols such as the Extensible Authentication Protocol (EAP). 

3)Accidental association

It occurs when a user turns on a computer and it latches onto a wireless access point from a neighboring company’s overlapping network, the user might be unaware of what has happened. Nonetheless, it is a security breach in that proprietary company as information is exposed and now there could exist a link from one company to the other. This occurs specifically if the laptop is also hooked to a wired network. 

4)Malicious association 

“Malicious associations” are when wireless devices can be actively made by attackers to connect to a company network through their cracking laptop instead of a company access point (AP). These types of laptops are known as “soft APs” and are created when a cracker runs some software that makes his/her wireless network card look like a legitimate access point. Once the cracker has gained access, he/she can steal passwords, launch attacks on the wired network, or plant trojans. Since wireless networks operate at the Layer 2 level, Layer 3 protections such as network authentication and virtual private networks (VPNs) offer no barrier. Wireless 802.1x authentications do help with protection but are still vulnerable to cracking. The idea behind this type of attack may not be to break into a VPN or other security measures. Most likely the cracker is just trying to take over the client at the Layer 2 level. 

5)Man-in-the-middle attacks 

A man-in-the-middle attacker entices computers to log into a computer that is set up as a soft AP (Access Point). Once this is done, the hacker connects to a real access point through another wireless card offering a steady flow of traffic through the transparent hacking computer to the real network. The hacker can then sniff the traffic. 

How can you minimize the risks to enterprise Wi-Fi networks?

There are many things to start with like – having hard-to-guess passwords, Changing your default network name, Keeping your antivirus software updated, Changing those default admin logins in the router, etc. But the weak link in WIFI security is usually a lack of strong authentication: access is granted either with a pre-shared key or at best, with a simple username and password.

The most secure way is to grant access on a per-user basis, using IEEE 802.1X, and Multi-Factor Authentication (MFA).

The employees can authenticate via MFA to corporate WIFI with:

1)X.509 Certificates

Generally, employees can self-enroll certificates which are protected with one-time URLs and/or one-time codes, delivered via a preferred method like SMS.

X.509 Certificates
2)One-Time Passwords

Users can concatenate passwords with a one-time code from their preferred token provider.

3)Push Login

Users with OpenOTP Token App can authenticate to WIFI by simply pressing “Accept” on the login that was pushed to their mobile.

How to install OpenOTP/ MFA solution for your Enterprise Wifi for Free

RCDevs Security Solution is the only solution that supports OTP for WIFI.

It is compatible with:

  • Cisco Wifi using the EAP-GTC technology
  • Wifi devices supporting Enterprise RADIUS with EAP-TTLS-PAP

RCDevs has made a document– Check how simple it is to integrate OpenOTP with WIfi.

The key features include:

-Supported on Enterprise Wifi with EAP-GTC and EAP-TTLS-PAP

-Supports LDAP, OTP, and LDAP+OTP login modes

-Convenient Two-Factor with password concatenation

-Authentication policies per client application or group of users

-Supports any OpenOTP method (Tokens, Yubikey, SMSOTP, MailOTP…)

-Supports Contextual authentication with MAC addresses

-Per-user and group reply attributes for Wifi role-based access

Conclusion

In today’s threat-ridden world, although it is impossible to completely remove all risks associated with wireless networks, it is possible to achieve a reasonable level of overall security by adopting a systematic approach to assessing and managing risk as discussed above.

Secure your Enterprise Wifi today, for any queries contact RCDevs Security Solutions.

EN