Cease and desist

A rogue, according to the Oxford dictionary, is a person who is dishonest and unprincipled.

In the wireless industry Rogue Access Points (APs) are unauthorised wireless devices that are either connected to your internal network infrastructure (this is the part where you go white) or are performing some malicious activity against your network.

Since a rogue is a security threat to the business, how do we find them?  And if we find them, how do we stop them?

Enter the Wireless Intrusion Detection System (WIDS) or Intrusion Prevention System (WIPS).  A WIDS/WIPS takes time to setup and burn in but done right it can be a valuable asset to minimise the threat of Rogue APs.

WIDS and WIPS are easy to explain.  WIDS is a monitor, detect-only system; basically it will discover a problem and alert you to it.  WIPS will go a step further and depending on how it is configured, either begin an automated or a manual action to contain the threat.

Most enterprise wireless security offerings these days provide a combined WIDS/WIPS solution.  These commercial solutions provide reporting and an audit trail than can be useful for management and if required, legal purposes.

It is worth considering installing dedicated sensors in your network. Sensor Access Points are normal APs, but configured as ‘listen-only’ or ‘monitor-mode’.  This way they can spend 100% of their time scanning for threats (or mitigating them) and they do not interfere with the production wireless network.

Sensor APs provide a great service to the production WiFi system in two areas: they offload the task of scanning and they offload the task of containment/mitigation.  Relieving your primary, production wireless system of these tasks means it can be left alone to fulfil its primary purpose in life: service the user community.

One other useful advantage to sensor APs is that if they are of the same model as the production APs; they can be rapidly converted to production use should a production Access Point fail.

To finish up, which would you believe to be the most common Rogue AP threat to businesses out of:
a) Hackers
b) Internal staff
c) Contractors

The answer is, overwhelmingly, internal staff.  Who have no malicious intent and are probably trying to be more productive when they connect a personal AP to the internal network.

But when this happens, out the window goes the company security policies and you are left with another entry/exit point to your internal network. One that for potentially months at a time, no-one will be any the wiser.

Are you using protection?

I don’t think anybody wants an infection.  The consequences are hard to clean up, it may be expensive to fix and public knowledge of the fact will damage your image.

Remember when the only protection you needed (in the network) was a firewall because the only access to your internal network was the cabled connection from outside the building? Those were the days.

Wi-Fi has brought us welcome flexibility at work.  However, wireless signals from your network can extend outside the walls of your building meaning your network is outside the building.  If that data is important, we should protect it. An attacker can intercept and capture these wireless signals for analysis and have specialised software run attacks against the data looking for weaknesses in order to gain network access or decrypt the data.

What are the business risks?

  1. Data Theft/Loss/Corruption due to hackers accessing internal data.
  2. Denial of Service, where the ability to work over Wi-Fi is compromised.
  3. External brand damage – following public knowledge of data theft.
  4. Reputational Risk – amongst business partners, suppliers…

What is weak security?

Well, WEP has been around the longest and it is basically an open gate so please don’t use that.  WPA-Personal and WPA2-Personal are what most of us use at home these days and it consists of using the one shared Wi-Fi password for the network.  Utilised by everyone.  If used in business, this poses opportunities for a determined hacker who can try to reverse-engineer or gain the static password through social engineering.  Once the password is obtained, the business risks identified above are all possible.

What is strong security?

Strong network security relies on protocols that secure your data using authorised, authenticated network access and dynamic (not static) encryption of your data over the network.  These protocols are an industry standard and are likely built into the devices already present on your network.  Leverage this built-in security.  Its Wi-Fi Alliance name is ‘WPA2-Enterprise’ and it is often more secure than your wired LAN.

The first step to securing your data is…

Maintain the paranoia.  Worry enough about the consequences of a security breach and a plan for remedial action usually follows.

An audit is a good start.  A focused security review of your networks by internal or external specialists.  It may also uncover unknown (and undesired) equipment or operations.

In addition, the creation of a living corporate policy document that outlines the security policy of the company is recommended.  One that is updated as technology changes and new threats are identified.  A clear document that protects a company from it’s own staff making errors of judgement and one that defines procedures for dealing with “events”.

We know that installing security measures after the fact is common, but often its too late to repair the damage or to keep your reputation i.e. your brand, intact.  Let’s encourage prevention.  Check your WiFi now and stay safe.

Enterprise Wi-Fi differences

Although not obvious, there are substantial differences to Enterprise or Corporate-grade Wi-Fi to those systems for Home/SOHO use.

For a user, these differences can be transparent.  For them it is business as usual: a password gets entered and their devices are able to connect to the Wi-Fi network.  For a business, there are valid features in enterprise grade equipment that are of important, if not essential, operational use.

To many mid-size to large organisations, requirements are usually more demanding to those of the SOHO/SMB market. The most common needs for wireless services in a corporate environment typically include the following.

  1. Coverage, Capacity and Density – servicing many clients in a contained area or vice versa.
  2. Differentiated services experience – to support critical business applications, BYOD or Guest-only WiFi for visitors.
  3. Performance and reliability – an exemplary user experience regardless of numbers and loading on the network.
  4. Advanced security – leveraging centralised authentication and dynamic data encryption for users, plus network-wide protection through wireless intrusion detection systems.
  5. Network Integration – a seamless service across wired & wireless networks.
  6. Support – the supported environment is consistent with existing operations.
  7. Centralised Management and Reporting – global visibility from one portal; leveraging common toolsets, processes and metrics to produce business performance objectives.

Most of these deliverables can only be achieved with enterprise-grade wireless solutions.  SOHO devices, as the name suggests, are otherwise perfect for a single instance of a small or home office, but do not have the ability to scale or to offer enterprise features.

In the end, its worth considering your business requirements from a different perspective.  It’s possible that you may arrive at a solution that was not expected.