Page 61 - Cyber Warnings
P. 61
realm of “must have been a Wi-Fi glitch” and the victim’s traffic is now unknowingly flowing
through the MitM.
Impractical Wi-Fi Hotspot Security Advice
The wireless security threats discussed above have been talked about often throughout the past
decade amongst the information security community. That being said, the advice on how to
protect ourselves hasn’t really changed during that time and isn’t very practical for the world at
large. Some common Wi-Fi security tips include:
1. Use a VPN client to encrypt your traffic over public hotspots
2. Check for the “lock” symbol in the web browser to verify the connection is HTTPS (S for
secured and encrypted) when connected to public hotspots
3. Don’t use public hotspots
First, although technically sound, the VPN client advice isn’t practical for the droves of everyday
public Wi-Fi users who probably aren’t familiar with that acronym and aren’t equipped for this
kind of setup. Next, far as HTTPS goes, I’m confident that someday the masses will understand
what it is and even how to verify SSL certificate authorities, but right now, this just isn’t a
practical method of protecting the world of public Wi-Fi users. Additionally, at the time of this
writing, there is at least one well-known method of easily bypassing HTTPS during a MitM
attack. And lastly, simply advising the public to not use public Wi-Fi just sounds like giving up.
So naturally, a good portion of responsibility for the security of public Wi-Fi rests on the
shoulders of businesses that provide it. Luckily, there are Wi-Fi security solutions that
companies can use to provide quality Wi-Fi access for customers and users while making
security a priority. First developed in the early 2000’s, Wireless Intrusion Prevention Systems
(WIPS) are a common network security solution designed to control Wi-Fi radios and mitigate
wireless attacks and rogue access points.
The Problem with WIPS
WIPS solutions were originally meant to defend airspace through detection, classification and
prevention. WIPS “prevention” is a setting that, when enabled, shuts down attacks by sending
standard IEEE 802.11 de-authentication packets to the rogue access point, telling it to
disconnect from any connected clients and to any connected clients telling them to disconnect
from the rogue access point.
But the full promise of WIPS hasn’t been realized in the mass Wi-Fi market because of one
serious technical flaw: the method used to classify access points and clients as good or bad
(authorized or rogue) is plagued with false positives and negatives. The result is that industry IT
leaders, service providers and technologists often disable the “prevention” piece of WIPS for
61 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
