There is no doubt that your wireless network is a critical component of business operations. Strong wireless connectivity enhances productivity and flexibility, especially for organizations that have a Bring Your Own Device (BYOD) policy, IoT infrastructure components, contractors, guest users, and so forth. A wireless network is also inherently scalable, making it ideal for companies undergoing rapid growth. There are a number of daily usage scenarios, however, that can put your wireless network at risk.
Scenario 1: Rogue Devices
It’s inevitable…employees will bring their personal devices (smartphones, wearable watches, etc.) to the office, and a percentage of those will attempt to connect to your wireless network (some automatically). While they may only be connected briefly, they are nonetheless connected. If you can’t see them on the wireless network, you can’t control them – and that’s an unnecessary and avoidable risk to take.
Scenario 2: Guests
Occasionally, an employee might bring their kids to work. Kids being kids these days, they will likely want internet access to play a game or watch YouTube videos on their smartphones or tablets. If you’re lucky, they’ll simply rely on their cellular network to load this content, but if not…guess what? They will try to connect to the corporate wireless network. In this scenario, let’s hope you’ve set up some sort of accessible, internet-only, wireless network, designed to remain separate from the professional corporate network.
Scenario 3: Contractors
Many businesses hire contractors or consultancies to tackle specific projects. These individuals and groups will need network access for extended periods of time and will need to be granted access to company resources and sensitive, proprietary data. In this instance, you should be employing NAC across your wireless network in order to dictate and enforce the level of access these types of individuals receive based on internal policies.
How to Protect Your Wireless Network
Of course, these scenarios will mostly be harmless. Mostly. They could, however, serve as an additional attack surface against your network or a base-station from which to launch a wider DDOS attack. In the past few years, there have been several DDOS attacks on corporate networks via hacked IoT devices that were used as a springboard to dive into networks, such as the 2016 Dyn cyber-attack.
Considering all of these potential risks to your enterprise network, here are a few security focus points to keep your operations safe:
- 100% coverage and awareness of all access scenarios to your wireless network (via simplified 802.1x based authentication and authorization services). This way you will have full awareness of all connecting devices on your networks at all times.
- Auto-segmentation – automatically push unmanaged/unwanted devices from your wireless network to a different network (e.g. internet-only). You should be able to automatically classify and place every device connecting to your network in its correct segment based on your own classification. The right technology affords micro-segmentation by diving deeper and fine-tuning the segmentation options in your internal network and offers automated actions to enforce it.
- Immediate disconnect options – you should be able to remove devices from your wireless network, both automatically and manually, no matter where the devices are connecting from.
WiFi provides fast and reliable connectivity for employees and visitors and enhances productivity but if you do not know (or have technology that keeps track) of devices as they attempt to connect to your network, there is not much that you can do to stop it, or to make sure that they are connecting to a harmless section of it. Awareness combined with automated protective actions will allow you to effectively navigate all scenarios while at the same time handling a large number of wireless devices in the enterprise.
Try Portnox Cloud for Free Today
Gain access to all of Portnox's powerful zero trust access control free capabilities for 30 days!