It's been a decade and a half since Wi-Fi first took hold in corporate network environments. Shortly after the...
release of the IEEE 802.11b standard, it was discovered that the implementation of its Wired Equivalent Privacy (WEP) protocol was easily exploited, allowing criminal hackers and tinkerers alike to gain access to the wireless communications that were assumed to be secure.
Fast forward to today and wireless networks are as ubiquitous as smartphones in the average organization. Yet barring some updates to WEP and stronger authentication, we haven't seen a whole lot of changes in terms of improving secure Wi-Fi efforts.
You're probably already familiar with the wireless security technologies that we have at our disposal. As a refresher, here are some key security controls:
- 802.11i, which introduced Wi-Fi Protected Access, and WPA version 2 to solve WEP's problems;
- 802.1x for stronger authentication into the wireless environment using a system such as RADIUS;
- Wireless intrusion prevention systems; and
- Mobile device management systems that allow for granular control of hotspot connectivity.
In the past year, there has been talk regarding the IEEE adding MAC address randomization for additional Wi-Fi security and privacy. Furthermore, the forthcoming MU-MIMO (Multi-User, Multiple Input Multiple Output) technology in 802.11ac can assist with security by encoding communications on downlink connections from the access points to the wireless devices.
Some people might argue that the state of enterprise wireless security is in disarray. I respectfully disagree. I've seen countless wireless environments in recent years that are extremely resilient against the most advanced hacking tools and attacks. With that, there are known vulnerabilities and credible threats against secure Wi-Fi in today's enterprises, including:
- Network sniffing of open guest wireless networks. This is the simplest way for nearby attackers to gain access to guest network traffic -- and potentially more.
- Guest wireless networks with improper configurations that allow users to access the internal corporate network environment.
- Widespread use of consumer-grade wireless routers/access points that may be open (i.e., not using WPA2) and have Wi-Fi Protected Setup enabled by default -- the latter of which can be easily broken using the Reaver Pro device. These devices can also have easily exploitable backdoors that can further increase enterprise wireless security risks.
- Denial-of-service attacks that can be carried out against the network throughput or against the wireless signal itself using relatively low-cost signal jammers.
- Rogue (a.k.a. "evil twin") wireless hotspots that can be set up and used against users in and around main office locations, as well as when they're traveling and using the free Wi-Fi available in hotels and conferences.
- Mobile hotspots that users set up on their cell phones or dedicated MiFi devices in an insecure fashion (i.e., using weak passwords) that are exploited by nearby criminal hackers. This can facilitate attacks against the users' workstations and potentially even the corporate network environment.
Network complexity and the growth of shadow IT further exacerbate each of these issues.
Still, given the potential for such risks on the part of secure Wi-Fi, I'm not convinced that we have a big problem with enterprise wireless security in and of itself right now that cannot be easily solved. The vulnerabilities that are being exploited are typically due to poor implementation of the wireless system -- not unlike the original WEP flaws.
There are also weaknesses in wireless security management -- especially as it involves oversight and alerting. Oftentimes, wireless network environments are excluded from in-depth security assessments and even vulnerability scans, which can further create a false sense of security. Even with the best enterprise-ready wireless network management and security tools available, network admins and security managers are often busy putting out fires on more critical areas of the network and not dedicating time to wireless because it just works.
Practically every enterprise has wireless network connectivity under its umbrella in some capacity. It pays to do what's necessary to find the wireless weaknesses and stay on top of them.
Moving forward, keep your eyes on other things that impact wireless security, such as Passpoint, Voice over LTE and the Open Wireless Router Project. There are some great wireless management products from vendors, such as Cisco and Fluke Networks.
Beyond that, a good dose of common sense is all I believe it takes to have a secure Wi-Fi environment in the enterprise.
About the author:
Kevin Beaver is an information security consultant, writer, professional speaker and expert witness with Principle Logic LLC, based in Atlanta. With over 26 years of experience in the industry, Beaver specializes in performing independent security vulnerability assessments and penetration tests of network systems, as well as Web and mobile applications. He has authored/co-authored 12 books on information security including the best-selling Hacking For Dummies and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, he's the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. You can reach Beaver through his website and follow him on Twitter at @kevinbeaver.
Don't miss SearchSecurity's intro to wireless security