How To Avoid Getting Hacked On Wireless Networks

Dror Liwer Blog

In every public venue, people use Wi-Fi accessible smartphones, tablets and laptops for both work and leisurely activities. The workplace has expanded beyond the four walls of the office to anywhere its network can be accessed via a Wi-Fi signal. Of course, this is a double-edged sword, due to the numerous methods by which cyber criminals can manipulate the wireless network to gain entry to the company’s network via the device. So, the question remains, how can employees continue their work and play without worrying about the safety of the device and network? After all it is not like the wireless genie can be shoved back in the bottle. And by wireless, we are of course referring to Wi-Fi and cell networks.

Yes, Hotspots can be Safe

Since 2013, we have seen an explosive 888% growth in hotspots with now over 250 million setups worldwide. From café’s, hotels, malls, public transportation in many cities, trains, airports and now even on planes, employees on the go are plugging in everywhere. However, it is impossible to know how many hotspots are legitimate and how many are rogue; Keeping in mind that even the legitimate ones are easily hackable.

This creates a tremendous hazard for IT teams, CSOs and CISOs, especially considering that over 60% of people believe that their data is safe while on public Wi-Fi. From evil-twins to improperly configured settings and from insecure WLAN antennas to hacked WEP keys, there are many ways that the network, data link, physical and controls (i.e. Lower levels) can be hijacked and company data unknowingly compromised.

Companies require a solution that can not only detect a rogue access point, but also study the Wi-Fi parameters and track network connectivity. This would provide control over when and where the device can connect to wireless networks.   

A Safe VPN is all about Policy

While it is true that VPNs successfully encrypt data to connected data centers and offices on different physical networks, they are not always safe.  

There are a few reasons for this vulnerability. First, many VPNs are designed with a split tunnel, so the security team can separate corporate activity from personal activity. On the surface, this would seemingly be a good thing, however, it too comes with its set of challenges. Cybercriminals will take advantage of the non-corporate tunnel to infect say a laptop with malware, so that when the user returns to the office environment and connects the device the internal network, the malware spreads.

Additional issues with the safety of VPNs include Port Forwarding, SSLstrip attacks, logging issues and shadow IT. But there is an effective solution; corporations could enforce a policy that would automatically switch to a VPN from split to full mode upon the detection of a wireless attack. Upon thwarting the threat, the VPN would resume regular functionality.   

The Hole in HTTPS Encryption Can be Fixed

While browsing the internet from any location many are often put at ease by the little icon next to the https, which indicates a secured version of the Hypertext Transfer Protocol. Cybercriminals have discovered how to take advantage of the WPAD (Web Proxy Autodiscovery) in order to command the URL to download a tainted file, which creates a web browser proxy. The cyberattacks, which are conducted from any type of network and can affect all browsers including, Chrome, Firefox, Safari and Microsoft Edge equally. Even those individuals who have a knowledge of cyber threats see the secure icon next the HTTPs, as the fallback protector even when the LAN or Wi-Fi is compromised.

The only solution is to adopt a software that would be able to automatically recognize when the user is under threat and act by cloaking the endpoint from the attacker’s site.

The Bottom Line

Coronet enterprise solution enables security teams to manage, control and enforce security policies on wireless devices at any time. Users are allowed the freedom to connect any device from any location, access any service, and maintain privacy without any inconvenience.