More Related Content
Similar to Top 5 wi fi security threats
Similar to Top 5 wi fi security threats (20)
Top 5 wi fi security threats
- 1. Top 5 Wi-Fi Security Threats
Dr. Pravin Bhagwat
CTO, AirTight Networks
© 2013 AirTight Networks, Inc. All rights reserved.
- 2. Wave of Wireless Consumerization
Uncontrolled increase in Wi-Fi
devices
Most client Wi-Fi devices can
operate in multiple modes
Do you know what’s happening
on your network and premises?
© 2013 AirTight Networks, Inc. All rights reserved.
2
- 3. TJX Breach – The Tip of the Iceberg
Additional breaches
© 2013 AirTight Networks, Inc. All rights reserved.
3
- 4. Rogue APs
• APs attached to the enterprise
LAN without permission
• Backdoor to the enterprise LAN
© 2013 AirTight Networks, Inc. All rights reserved.
4
- 5. Soft Rogue APs
Network interface bridging
Internet connection sharing (ICS)
Add-on devices (e.g., Windy31)
Windows 7 Virtual Wi-Fi
© 2013 AirTight Networks, Inc. All rights reserved.
5
- 6. Client Misbehavior and Man-in-the-middle Attacks
•
•
•
•
Ad-hoc connections
Connections to external APs
Probing for vulnerable SSIDs
Honeypot/Evil Twin target
© 2013 AirTight Networks, Inc. All rights reserved.
6
- 7. Bring Your Own Device (BYOD)
WPA2/802.1x alone cannot prevent unauthorized
devices from accessing the enterprise network
© 2013 AirTight Networks, Inc. All rights reserved.
7
- 8. Recap of Common Intrusion and Extrusion Threats
© 2013 AirTight Networks, Inc. All rights reserved.
8
- 9. Wireless Security Strategies That Don’t Work!
A “No Wi-Fi” policy without enforcement
We don’t have “that” problem because…
© 2013 AirTight Networks, Inc. All rights reserved.
9
- 10. MDM ≠ Network Security
No visibility into Rogue APs, Soft Rogues,
Mobile Wi-Fi Hotspots
Scope limited to “managed” devices
that run MDM agent
What is the incentive to install MDM
agents on personal devices?
© 2013 AirTight Networks, Inc. All rights reserved.
10
- 11. NAC ≠ Wireless Security
Scope limited to BYOD on “managed” WLAN
Cannot block Rogue APs, Soft Rogues,
Mobile Wi-Fi Hotspots
Suffers from “blind spots” – unauthorized Wi-Fi
devices connecting via authorized devices
© 2013 AirTight Networks, Inc. All rights reserved.
11
- 12. Wireless Intrusion Prevention System (WIPS)
Automatic
Device Classification
Comprehensive
Threat Coverage
Accurate
Location Tracking
Reliable
Threat Prevention
BYOD
Policy Enforcement
© 2013 AirTight Networks, Inc. All rights reserved.
12
- 13. Wireless Security Enforcement using WIPS
AP Classification
Authorized
APs
Mis-config
Policy
GO
DoS
Client Classification
Authorized
Clients
STOP
Rogue APs
(On Network)
STOP
Rogue
Clients
External Clients
External APs
IGNORE
AUTOMATICALLY DETECT AND BLOCK RED PATHS!
With this in place, your network is protected from all types of
wireless threats, vulnerabilities and attack tools!
© 2013 AirTight Networks, Inc. All rights reserved.
13
- 14. Identifying a True WIPS: WIDS vs. WIPS
Prevalent
WIDS Approach
Cat and mouse
chase of exploits,
tools and signatures
True WIPS Approach
Protects against the
fundamental wireless threat
building blocks
© 2013 AirTight Networks, Inc. All rights reserved.
14
- 15. Thank You!
Cloud Managed Secure Wi-Fi Solutions
www.airtightnetworks.com
info@airtightnetworks.com
@AirTight
+1 877 424 7844
US DoD Approved
© 2013 AirTight Networks, Inc. All rights reserved.
15