A wireless network can pose a threat to any company. WiFi signals extend way farther than the walls of our offices, and thus a hacker with simply a strong antenna can easily connect to a company’s WiFi from the outside. Once a hacker finds a way into the company’s network, file shares without protection or computer accounts that have easy to figure out passwords become an easy pathway for access to other sensitive information.
As more Internet of Things (IoT) smart devices are introduced into company networks, it’s becoming increasingly difficult to assure the security of those devices and the network where the company’s most precious information is sited.
For example, a rather unusual and recent case involved a Las Vegas casino whose database was hacked via a smart thermometer monitoring water in a tropical aquarium located in the casino’s lobby. Once the system had been breached, the hackers were able to pull the database back through the thermometer and into the cloud…very simply.
To help safeguard the network, a company’s best bet is to use enterprise WPA2 and 802.1X (or as a fallback WPA2) protocols rather than the traditional WEP or WPA 10, which were cracked 15 years ago. As recently as last year, vulnerabilities in WPA2-PSK required all the major wireless vendors to offer emergency patches. As previously mentioned security protocols use a shared key, which can easily be shared with users outside of an organization, WPA2-Enterprise is really the only viable security option for enterprise customers. If a shared key protocol is required to support legacy devices, the network and application access of those devices must be strictly controlled. With BYOD, and new innovations like the IoT, wireless systems have become a lot more complex to design, deploy, support and secure.
In protecting a company’s precious digital assets, the following are key points to keep in mind when deploying or upgrading security for an existing network:
1: Network Performance & Scalability
Wireless networks were originally planned for coverage only, but with all the smartphones, tablets, laptops and other smart devices out there, today’s wireless networks must be planned for high capacity. As the use of new wireless devices will only continue to increase, the network should be set up in a way that it can expand in terms of coverage and capacity as needed--without having to overhaul or build an entirely new network. In 2016, the WiFi Alliance approved a new standard known as AC Wave 2 to support, among other considerations, more connected devices. Gartner Research Vice President Tim Zimmerman said it is: "The ability for the access point to communicate simultaneously with multiple mobile devices in a single coverage area." The access point will be able to talk to up to four, single stream devices at one time going downstream. One of the biggest updates that comes with 802.11ac Wave 2 is that it supports additional 5 GHz channels. If these channels are designated for WiFi use, it could help support more users and devices overall. Most devices (65% according to the WiFi Alliance) now are dual-band, meaning they can operate in both the 2.4 and 5 GHz frequencies. These new standards will help organizations as they move to a more connected arena in their day-to-day business dealings with both internal and external clients.
Performance issues can arise from bottlenecks or choke points caused by using underperforming wired networks or from outdated network equipment. When updating your current wireless system or deploying wireless for the first time, you can’t ignore or forget about your wired switching backbone.
2: Making Proper Network Assessments:
This means having the ability to understand your environment, see end-users in real time, what type of devices they are using, what types of applications they are using, and the status of the different networking components that may affect the use of those devices. You should also have the ability to run proactive testing to help avoid potential problems before they happen.
In computer systems security, role-based access control (RBAC) is an approach to restricting system access to authorized users. It is used by the majority of enterprises with more than 500 employees and allows you to assign roles based on who, what, where, when and how a user device is trying to access your network.
More than ever, network security must become application aware in order to alleviate threats. This was certainly the case for the casino hack. The smart thermometer had no reason to have access to the database, but it did. The application wasn’t screened for its intended use. Application filtering should be in place in order to protect users from content that might contain malicious threats as well as to prevent possible performance issues.
Of course, your firewall(s) should be the backbone of your security system but be aware that a traditional firewall is no longer enough.
3: Network Security:
Network security is an ever-evolving mission as intruders find new ways of breaching systems and smart devices get smarter, more graphic intensive and more mobile. People are looking for good coverage as well as capacity, which can be a challenge. Engaging with a strong, strategic security partner with deep levels of expertise in all facets of protection, you can successfully manage the complex lifecycle of expanding technology systems.
4: Mobile Device Management:
Mobile device management can provide control of how you will manage access to applications and programs. Plan for a secure method for registering and securing the devices that you don’t own. You can even remotely wipe the device if it’s lost or stolen.
5: Track User Behavior to Detect Anomalies or Threats:
User Behavior/Entity Analytics (UBEA) goes beyond security event analysis to track employee/user behavior. Essentially UBEA looks at your network as a ‘living thing’ both people and devices. Generally, people tend to do the same things every day/week/month. They check their email, check the internet, talk to this server or that server. UBEA builds a profile of the person/device so if one day that device starts doing things it’s never done before, i.e., deleting or transferring large numbers of files, an alert triggers an event. In modern UEBA systems, machine learning can also be used to correlate individual network and systems events that, in and of themselves, may appear innocent with events happening outside the network (i.e. the termination of an employee) to prevent data loss or compromise. Depending on the severity of the anomaly, a warning is sent and may result in quarantining the user, the device, or both
Don’t put all of your eggs in one basket. The level or amount of redundancy your WiFi system requires depends on your specific environment and needs. Many businesses today require or desire their wireless networks be a reliable as their wired networks so plan/design for the proper level of redundancy to support those requirements.
In summary, approaching the deployment of a complex wireless network, or updating an existing one, requires the right expertise to drive thoughtful and comprehensive planning. Its ultimate success will be based on an understanding of requirements and expectations, proper product selection, accurate implementation and the recognition that the network needs to be flexible and scalable to accommodate an ever-evolving technology environment.
Our partner, Aruba Networks, has wireless solutions that deliver the flexibility and high performance to meet the needs of any midsize business or high-density enterprise. Learn more about Aruba's networking products.
© 2018 Versatile. All Rights Reserved