There is no doubt that your wireless network is a critical component of business operations. Strong wireless connectivity enhances productivity and flexibility, especially for organizations that have a Bring Your Own Device (BYOD) policy, IoT infrastructure components, contractors, guest users, and so forth. A wireless network is also inherently scalable, making it ideal for companies undergoing rapid growth. There are a number of daily usage scenarios, however, that can put your wireless network at risk.
Scenario 1: Rogue Devices
It’s inevitable…employees will bring their personal devices (smartphones, wearable watches, etc.) to the office, and a percentage of those will attempt to connect to your wireless network (some automatically). While they may only be connected briefly, they are nonetheless connected. If you can’t see them on the wireless network, you can’t control them – and that’s an unnecessary and avoidable risk to take.
Scenario 2: Guests
Occasionally, an employee might bring their kids to work. Kids being kids these days, they will likely want internet access to play a game or watch YouTube videos on their smartphones or tablets. If you’re lucky, they’ll simply rely on their cellular network to load this content, but if not…guess what? They will try to connect to the corporate wireless network. In this scenario, let’s hope you’ve set up some sort of accessible, internet-only, wireless network, designed to remain separate from the professional corporate network.
Scenario 3: Contractors
Many businesses hire contractors or consultancies to tackle specific projects. These individuals and groups will need network access for extended periods of time and will need to be granted access to company resources and sensitive, proprietary data. In this instance, you should be employing NAC across your wireless network in order to dictate and enforce the level of access these types of individuals receive based on internal policies.
How to Protect Your Wireless Network
Of course, these scenarios will mostly be harmless. Mostly. They could, however, serve as an additional attack surface against your network or a base-station from which to launch a wider DDOS attack. In the past few years, there have been several DDOS attacks on corporate networks via hacked IoT devices that were used as a springboard to dive into networks, such as the 2016 Dyn cyber-attack.
Considering all of these potential risks to your enterprise network, here are a few security focus points to keep your operations safe:
100% coverage and awareness of all access scenarios to your wireless network (via simplified 802.1x based authentication and authorization services). This way you will have full awareness of all connecting devices on your networks at all times.
Auto-segmentation – automatically push unmanaged/unwanted devices from your wireless network to a different network (e.g. internet-only). You should be able to automatically classify and place every device connecting to your network in its correct segment based on your own classification. The right technology affords micro-segmentation by diving deeper and fine-tuning the segmentation options in your internal network and offers automated actions to enforce it.
Immediate disconnect options – you should be able to remove devices from your wireless network, both automatically and manually, no matter where the devices are connecting from.
WiFi provides fast and reliable connectivity for employees and visitors and enhances productivity but if you do not know (or have technology that keeps track) of devices as they attempt to connect to your network, there is not much that you can do to stop it, or to make sure that they are connecting to a harmless section of it. Awareness combined with automated protective actions will allow you to effectively navigate all scenarios while at the same time handling a large number of wireless devices in the enterprise.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。