Wi-Fi has become an essential business tool, capable of enabling greater flexibility, operational efficiency and customer service. But because Wi-Fi transports data over radio frequencies, it is vulnerable to six threats that don’t impact the wired network.
Attackers can set up “rogue” (unauthorized) access points (APs) that bypass perimeter security and provide unfettered access to the corporate network. “Evil twin” APs spoof the SSIDs and MAC addresses of legitimate APs on the network, giving criminals the ability to intercept traffic, steal user credentials, distribute malware and more. Ad hoc networks are peer-to-peer connections between two or more endpoints that circumvent security policies.
An endpoint that connects to a rogue or evil twin AP becomes a “rogue client” because it may have been infected with malware or a backdoor into the network. Similarly, endpoints that connect to neighbor APs have bypassed network security and can no longer trusted. Finally, misconfigured APs can expose sensitive information to interception — Garter has found that most wireless-related security incidents occur because of misconfigured APs.
Your existing Wi-Fi solution likely can’t detect and block these six threats. You need a wireless intrusion prevention system (WIPS) that continuously monitors the Wi-Fi network and provides comprehensive protection against Wi-Fi attacks.
How WIPS Blocks These Threats
A WIPS uses sensors to collect and analyze Wi-Fi traffic. The sensors send this information to a server that correlates and validates it against network security policies. If the activity is identified as a threat, the WIPS automatically blocks the threat and/or notifies the network administrator.
There are two primary ways to implement a WIPS. Some APs have built-in WIPS sensors, but this approach forces you to rip and replace your existing APs if they aren’t WIPS-capable. Also, using APs to both provide wireless connectivity and perform WIPS functions can impact network performance.
Best-in-class WIPS solutions have separate sensors deployed in an overlay architecture that works with your existing Wi-Fi infrastructure. Dedicated sensors are better able to detect threats and ensure optimal network performance.
Automated detection capabilities are a key consideration in selecting a WIPS platform. If a network administrator must monitor the system, threat response will be delayed. Look for a solution that is proven to automatically identify rogue APs and prevent unauthorized or dangerous connections. The WIPS should also allow administrators to define minimum configuration requirements to ensure that misconfigured APs are automatically detected.
WatchGuard’s WIPS Solution
WatchGuard offers a cloud-managed WIPS solution that makes it easy to protect any Wi-Fi network from the most common hacks. WatchGuard APs are used as dedicated WIPS sensors, and a browser-based management interface allows you to set Wi-Fi security policies with a few simple clicks. Behind the scenes is a powerful solution that provides robust protection while maintaining network performance.
Miercom, an independent network and security testing company, recently compared the threat detection and prevention capabilities of four WIPS solutions. Only WatchGuard supports automatic detection and blocking of rogue APs and clients, prevents connections to evil twin APs, ad hoc networks and misconfigured APs, and protects against all six Wi-Fi threat categories simultaneously.
On June 18, Verteks is hosting a live web briefing and security demo in which we’ll review the six threats and show you how to protect your network with the WatchGuard WIPS solution. Register now so you can learn how to create a trusted wireless environment without having to replace your existing infrastructure.
