Page 62 - Cyber Warnings
P. 62
fear of legal consequences in accidentally shutting down neighboring Wi-Fi networks which may
conduct business critical operations such as hospitals or retail stores over Wi-Fi.
The Missing Piece: True Prevention Through Accurate WIPS Classification
Without complete confidence in their WIPS solution’s ability to differentiate between genuinely
rogue and neighboring devices or APs, businesses have to rely on manual verification and
classification of each connection, which can be a less accurate and more time-intensive
process. Essentially, without classification, WIPS can’t actually prevent much at all.
While no solution can truly guarantee zero false positives and 100 percent accuracy of WIPS
classification, there is an elegant new technique that stands apart from the rest. A very short
rebroadcast packet from known good (authorized) access points or WIPS sensors is sent either
across Ethernet cabling or over the air. Thankfully to the open standard of the IEEE 802.11
protocol, when another 802.11 access point or client device receives this packet, it will
rebroadcast it over the air or across the Ethernet cabling.
This tiny packet can traverse within all areas of a network and get the digital fingerprint of
everything it touches. The MAC address correlation and signature based methods are limited in
that they are performing the detection outside the perimeter of the network meaning the whole
wired and wireless network is more or less a black box.
Through this packet technique, the WIPS system can very accurately classify access points and
clients and do so automatically with no manual intervention. This auto classification can allow
IT administrators to confidently define prevention policies without the fear of accidentally
shutting down neighboring Wi-Fi networks.
It’s safe to say that Wi-Fi provides an incredible convenience and accessibility for businesses
and end users. But along with those benefits come serious security challenges. Wireless attacks
may not be all over the news, but they are often the initial touchpoint bad actors use to access
credentials that enable them to pull off the massive data breaches that steal the headlines. True
prevention is the best way to defend against Wi-Fi attacks, and it all starts with classification.
About the Author
Ryan Orsi - Director, Strategic Alliances at WatchGuard Technologies
A senior network security and wireless technology expert, Ryan has a diverse
background including more than 10 years’ experience in business development,
sales and marketing. He holds a high distinction Electrical Engineering Degree
from the university of Nevada, Reno, as well as a Master’s Degree in Business
Administration.
62 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
