With smartphones and tablets a permanent part of people’s lives, wireless connectivity is a mainstay for most corporate networks. BYOD (Bring Your Own Devices) is standard but it puts a new wrench in the cogs of your security. Traditional security for a local network behind a firewall isn’t enough to properly protect a wireless network open to several devices and guests. You may think that your wireless access point is secure, but without a professional to review and test, you could be giving access to attackers.
Leaving Default Factory Settings is More Common than You Think
In 2016, the world saw the biggest DDoS attack in history that slowed down Internet access for the entire East Coast of the United States. The attack stemmed from tens of thousands of hacked IoT devices and wireless routers with default factory settings including the manufacturer’s default password. The result was that the attackers were able to bring a French telecom to its knees along with Dyn, one of the major DNS providers that host much of the Internet’s DNS traffic. By taking down Dyn, services from the US to Europe were affected.
The attack was a new and innovative malware called Mirai. Mirai scans the Internet for IoT devices using default factory settings including wireless routers. What made it even more potent is that it actively attacked its predecessor and competing for malware, Qbot, which had been traditionally used to infect the same devices. It removed Qbot and stayed active on the device until a reboot. After a reboot, however, the device would be re-infected and become a part of the zombie network controlled by the attackers.
Any security professional will tell you that leaving a public wireless access point with default settings is a big mistake, but most people — including executives, administrators, and the average user — don’t understand the implications of leaving wireless security open on their devices. Even worse, most people don’t know the signs of a poorly secured router and what happens when their device becomes a part of a massive attack on the Internet itself or how to stop it.
Mirai creators have even made the source code public, and it’s behind the latest 100,000-device botnet locked and loaded and ready to attack at any time.
Endpoint Security and Your Own Wireless Access Points
In many security incidents, the local administrators and security are competent. The weakness is in the users who have unfettered access to data. Phishing emails sent directly to key personnel leave the local machine open to attackers who then use the employee’s own credentials to access the network.
With BYOD policies, it becomes especially tricky for security administrators to protect the network. Take smartphones, for instance. Just about every user has a smartphone or tablet. Users bring theirs to work and have complete control of what apps are installed. It’s their personal device, so network administrators are unable to control applications installed. Take a look at search results for Google Play and the massive amount of malware that sneaks into the network. Some apps filled with malware have been downloaded millions of times. This malware could potentially scan your local network when users connect to a wireless device and drop a copy of itself on a network drive.
Some corporations segment wireless access points from the rest of the network. With public access points, the wireless network should always be separated from the local network by a firewall. Never allow public access to a router within the local network. This means that users won’t be able to access local data, but it also means malware can’t silently copy itself to a corporate drive that could later be used by an unsuspecting corporate user.
Encryption, Passcodes, and SSIDs
Many ISPs provide wireless routers with WPS (Wi-Fi protected setup). WPS is supposed to make it easy for the average consumer to install their router and set up security without any of the manual configurations. As most security people will tell you, security has the inherent problem of providing secure access when needed without inhibiting productivity. Unfortunately, to secure a network often means that security procedures are not convenient.
WPS creates its own vulnerabilities. These devices have an 8-digit pin security password attached to them that allows users to conveniently set up WPA wireless encryption. The issue is that known password lengths are a security vulnerability. It tells an attacker that a finite number of digits are used to protect the router, so they can use combinations with a limited data set using brute force attacks.
Just like many users leave default passwords active, they also don’t encrypt their wireless connection. If no password is active on your router, it creates a large security threat. Another option is to stop broadcasting your wireless access point’s SSID, which will hide it when a user browses available connections, but a crafty attacker can use tools that find hidden SSIDs. These tools can be used by attackers, but you can also use them to assess your own wireless security. Some insider threats include an attacker connecting a wireless router to the network and hiding it by disabling SSID broadcasting.
For years, security experts told users to set up WPA2 wireless encryption, but it’s recently been cracked. Routers with wireless access using WPS and WPA2 security are especially vulnerable because a tool named Reaver cracks passwords on them. The solution is to remove WPS and use long passwords for your WPA2 security.
Auditing and Logging
For healthcare businesses and any organization that stores credit card data, you should be familiar with HIPAA and PCI compliance. Both guidelines require auditing and logging. Your router should provide even standard logging to backtrack and review suspicious behavior. If you don’t have logging set up, you could be out of compliance. Logging helps you identify attacks. Without it, you could be a victim in the dark unknowingly a target for an attacker that has been scanning your wireless network security.
Logging also helps you audit previous attacks. With logging, you can review what went wrong, how the attacker got through, and provide better filters in the future.
In many cases, logging helps you identify open unused ports. These ports are usually unmonitored because you don’t offer any services for them. However, they can be used by attackers that can connect to the wireless router and then access the local network based on router settings. Always close unused ports, and doing an audit of the logs can tell you which ones are used even though you have no services running.
Wireless Networks Should Be a Priority for a Security Review
If you haven’t reviewed wireless security and have a BYOD policy, it’s time to have professionals review your security. It could be that you need additional infrastructure, or you could just need a few better security configurations to make your wireless security airtight in case of an attack.
Security incidents cost billions every year in reparations, legal fees, and brand damage. It should be a priority for any organization. Coranet can help.
Coranet is a certified Woman-Owned Information Technology Organization that has been meeting the requirements of Enterprise and Government entities for over 30 years. Network Engineering and Technical Support is part of our foundation and we continue this proud tradition with a 360-degree approach to technology solutions and services in the areas of Audio Visual, Network & Physical Security, Wireless/Copper Infrastructure, and Consulting/Project Management. Coranet is ISO 9001 registered, Lean Six Sigma and WBENC certified.
Please contact us at Sales@coranet.com for more information