With the growing deployment of wireless LANs in a business environment, the risk of unethical data interceptions increases significantly.
This is a problem that can play a significant role in hurting a company big time in the long run. Hence, proper and credible security steps need to be taken to keep these threats at bay in the best possible manner.
The first step to solving any problem is to know the problem in precise detail. The same thing is more or less applicable here. You must understand the major security threats that your business wireless LAN face from the outside world so that you can pencil out the vulnerable areas as accurately as possible.
In this article, we have listed a few of these threats for your reference. Let’s take a peek at them all without further ado.
#1. Setting up a rogue access point
A rogue access point (AP) is a wireless AP that has been installed on a secured network without any authorization from the network administrator.
The rogue AP is usually set up on business or a government network by a malicious attacker with the possible intention of ruining the organization for his/her own personal benefits.
This is a common security threat that’s often used by attackers to trick businesses into believing that they are connecting to a legitimate AP; whereas, in reality, they are falling into a trap that has been set up by an unethical hacker to intercept confidential and sensitive data from the business in particular.
Businesses can install a WIPS (Wireless intrusion prevention system) to monitor the radio spectrums of unauthorized APs, and take actions accordingly.
#2. Evil twin access points
A rogue access point can easily advertise the same SSID (network name) as that of a legitimate AP.
This can easily trick nearby WiFi users to connect to them because they can’t distinguish between legitimate and rogue APs at a moment’s notice.
It is not too difficult to create an evil twin AP for malicious purposes. In fact, tools like the Karmetasploit have made this as easy as a piece of cake. It allows you to fake APs, capture passwords, gathers data and conducts browser-based attacks against clients.
Server authentication is the only thing that can act as a defense against the Evil Twins AP threats.
#3. Stolen or lost WiFi device threats
This is a lesser known threat, and hence, is ignored the most of the lot.
You might have locked your business WiFi with the most powerful security available in the market, but what happens if you actually lose the device with which you used to get onto the very same network?
The device can be anything ranging from a smartphone to a laptop to a tablet or even a PC.
Whoever recovers the device might get himself/herself in a position to access your network based on the saved data on your device, provided she’s able to crack open the password of the device itself (If there’s no password, it gets a lot easier).
So you can easily see that this is a problem that should never be taken lightly at any possible costs.
- If you lose a device that’s primarily connected to your business, in particular, be it a mobile or a laptop or even a tablet, try to remotely lock or *wipe out the device without any further ado.
- It is also advisable to change all WiFi passwords in your business network as soon as the loss comes to your notice.
#4. Configuration issues
Configuration issues often result in vulnerabilities, and may pose significant security threat on your business WiFi on the whole.
Such issues usually cropped up when standalone APs were managed by individuals in particular. Today, the problem is alleviated down to a certain degree of control; thanks to the deployment of a more centrally-managed WLAN.
Centrally managed WLANs have a number of security benefits. A few of these are:
- Using periodic audits and coordinated updates to reduce TCO.
- Improved reliability.
- Low risk.
The answer’s right there in front of you. DO NOT use individually-managed APs in your business network. A centrally managed WLAN is safer and more effective.
#5. The age-old WPS threat vector
WPS or WiFi protected setup was mainly implemented to make it easier for users to secure their router from major security threats at the simplest click of a button or via the entry of a PIN.
Unfortunately, WPS security came with several loopholes that were easily exploited by the crooks in particular.
These loopholes were discovered several years ago, and hence, I can more or less assume this fact that MOST credible vendors have patched this up in the best possible manner.
You see that I have stressed more on the word “MOST.”Meaning, some did, some didn’t.
It’s simple. Turn WPS off.
*Extra information …
How to remotely delete data on an Android phone
If you want to remotely wipe out your Android phone on account of it being lost or misplaced, you need to do a few things first BEFORE your phone goes missing.
Follow these steps:
- Go to Google settings.
- Go to Security.
- Go to Android Device manager (ADM).
- Find out Allow remote lock and erase and switch it on.
And once your phone gets lost or misplaced follow the following steps,
- Go to Android Device manage. (You can get on it in two ways; either through the ADM ap on another Android device or through the ADM website.)
- Once you log in, the Android Device Manager will automatically try to locate your missing device. If your missing phone is working on a reliable network, you will be able to locate it on your Google maps. You will also be provided with three options:
- Ring it
- Wipe out data.
- Lock it.
Choose the one that you wish to do.
For iOS devices, you may refer to this article in particular.
So that’s basically it then. It’s time to bring this article to an end for now. Hope you had a good and useful read.