Every day more users and IoT devices connect to Wi-Fi networks. Ubiquitous Wi-Fi access is something we all take for granted, whether at work, in hotels, airports, coffee shops, or hospitals. We search for the available Wi-Fi network, connect and carry on with our connected lives, rarely pausing to think about security.
Is our sense of trust justified? How secure are enterprise Wi-Fi networks today? What are common types of Wi-Fi attacks and what level of protection does a typical enterprise Wi-Fi solution provide?
To help answer these questions, I reached out to Extreme’s Senior Director of Product Management and leader of Extreme’s Smart OmniEdge solution Mike Leibovitz, to get his thoughts on Wi-Fi security in 2019 and beyond. Here is a glimpse of our Q&A:
Question #1: How concerned should enterprises be regarding Wi-Fi security?
Enterprises need to be concerned with all types of network security – and Wi-Fi security is no exception. Every day, we read about new breaches – IoT attacks, personal data compromised, credit card information stolen over Wi-Fi.
The reality is Wi-Fi is how we connect today. Consider, for example, Super Bowl LIII that took place in February 2019. Over 40 thousand fans connected to the stadium Wi-Fi, a 10% increase over the previous year. Also, it’s not just users we need to think about; billions of Wi-Fi enabled IoT devices will make their way onto retail networks, school networks, hospital networks, and manufacturing environments over the next several years.
Every Wi-Fi connection has the potential to be the next security breach, so it is essential that enterprises are vigilant and take Wi-Fi security seriously.
Question #2: What are some common Wi-Fi security attacks?
There are many different types of Wi-Fi security attacks. New attacks appear on a regular basis and old Wi-Fi security attacks re-surface. The biggest challenge with Wi-Fi is there isn’t a physical network boundary – it is airwaves – which makes it particularly hard to secure.
Common attacks include:
The bottom line is there are many different types of Wi-Fi attacks that you need to consider. To complicate things further, it is not only Wi-Fi devices that need to be secured; many IoT devices use BLE to connect, so you also need to monitor and secure these devices.
Question #3: To what extent does a typical Enterprise Wi-Fi solution protect against attacks?
Enterprise Wi-Fi solutions are inherently secure today, offering layers of security such as encryption (e.g. WPA2) and role-based access control capabilities for users and guests.
What isn’t secure is the air. Users can quickly and easily be tricked to connect to a rogue or impersonating AP — meaning an AP in the parking lot that is broadcasting the same or similar SSID name to the one inside your building.
To protect against these types of attacks, companies need wireless intrusion prevention solutions (WIPS). These advanced solutions continuously monitor the air and are capable of detecting and neutralizing rogue devices; and can enforce policies, prevent intrusion and ensure regulatory compliance.
Advanced forensics is another important aspect of security that you don’t get with basic Wi-Fi solutions. In the event of an audit, the IT staff needs the ability to analyze and extract detailed information on devices – when they connected, where, for how long, and more. This analysis helps organizations determine a window of exposure to a targeted attack and provide factual data to support an audit.
Question #4: Do all businesses need advanced security capabilities like WIPS?
That’s a great question and there is no definitive answer. Ultimately, it depends on the business. Every business needs to consider the impact of what a breach would mean to them.
For some verticals, such as retail, a point-of-sale breach where customer’s credit card data is compromised, can be catastrophic. It is for this very reason most large retailers have, or should have, WIPS; the risk is too high otherwise.
Similarly, protecting patient data and medical systems is crucial in healthcare. Protecting financial data is crucial in banking and financial institutions. Protecting intellectual property is key in high tech companies. No business or vertical is immune to breaches, and WIPS provides that extra layer of wireless security and peace of mind that many businesses need.
Advanced security capabilities are also needed where compliance is a requirement – PCI-DSS in retail, HIPAA in healthcare or Sarbanes-Oxley in finance. WIPS solutions can provide the detailed, historical data required by many regulations to prove compliance.
Question #5: What is Extreme’s WIPS offering?
Extreme AirDefense is our premium Wireless Intrusion Prevention Solution (WIPS). It has been securing some of the world’s largest retail, financial, technology, and transportation companies’ networks for years. It protects from external threats like rogue APs, provides policy enforcement, mitigation, and enables regulatory compliance. It supports twice as many signatures than other WIPS solutions.
We recently revamped the architecture to make it Wi-Fi 6 ready and highly scalable. Some of our Fortune 500 customers have extremely large Wi-Fi networks. The new distributed WIPS architecture can easily monitor the millions of devices seen over the airwaves in these networks. We also revamped the UI to make it more intuitive and easier to use and provided support for BLE devices.
Question #6: What do you see on the horizon when it comes to Wi-Fi security?
I see a lot of exciting, innovative technology coming to market that impacts security in general. Some of this I talked to in the 2019 Network Edge Predictions blog earlier this year.
Machine Learning and Artificial Intelligence (ML/AI) will have a huge impact on security; a specific example is IoT behavioral monitoring. This is where a system leverages ML to learn the expected behavior of network endpoints, and automatically trigger alerts and take action, when an endpoint acts in an unusual way.
Let’s consider a real-life example – the casino that was hacked via a thermostat in the fish tank. The fish tank had sensors that regulated the temperature, food, and cleanliness of the tank. A hacker was able to use the thermostat as an entry point into the network and then moved around to other areas of the network, gaining access to the personal information of the casino’s high roller clients. During the attack, 10 GB of data was sent to a device in Finland.
Pause and think about this. Is it ‘normal behavior’ for a thermostat in a fish tank in the U.S. to be communicating to a device in Finland? Probably not. This is the value of behavioral monitoring; learning what is normal and acting when things are outside the norm.
Extreme recently showcased this solution at Networking Field Day #20. What is particularly powerful about the solution is it uses an unsupervised approach to enforce network security. The system continuously learns and automatically responds to and mitigate threats – without any human intervention. It is this type of intelligence and autonomy that will be crucial as we embark on the era of the Autonomous Enterprise. Expect to see more of these type of solutions in the future.
Question #7: Any final thoughts?
I want to remind enterprises that Wi-Fi security is important, but so is network security in its entirety. It is vital enterprises take a multi-layered approach to security; one that includes policy, segmentation/ isolation, application telemetry, compliance, and more. The key to bolstering security in any network is to understand where you’re starting from, so start with a risk assessment.
Here at Extreme Networks, we offer a full range of security solutions including:
All our security solutions and more will be showcased at Extreme Connect 2019 so it is a great opportunity to see them in action. We also have a Can You Hack It? Fabric Connect Hack-A-Thon at the show; which speaks to the confidence we have in our security solutions.
To learn more about network security and Extreme Networks, view the resources below: