It's 2017, and we're not any further along with Wi-Fi security than we were 10 years ago. There are Intrusion Detection Systems and 2nd generation antivirus apps to protect us from some vulnerabilities but the simple fact that some people and businesses still don't set their network up well in the first place.
Installing WiFi is like running Ethernet to your parking lot. It's a cliche thing to say, but it is often true.
If I can attack your network sitting in my car from the parking lot, what chance do you have? And 99% of the time I'm successful.
Lots of companies are moving to new offices that have wide open office layouts. Some may not have BYOD policies or wireless security plans in place, and anyone can bring their own device to work that you may not know about.
I've even seen some companies installing IoT devices like smart led light bulbs and thermostats. Even some security camera systems which are always running unsecured and default passwords.
So what can you do to protect people like me from exploiting weaknesses in your wireless security networks and PWNing your company?
We're sorry, but your new password must contain an upper case letter, a number, a punctuation mark and a gang sign 😳🤔— Pwnie Express (@PwnieExpress) January 16, 2017
- Be sure WEP does not exist in your infrastructure. WEP is the weakest of the weak for encryption but was a reaction to open networks early on. If enough packets are observed the key can be brute forced easily. Remember doing that like 15 years ago?
- WPA/WPA2 PSK can be your friend. It's mostly secure, but there are still things you need to lock down to be sure.
- Create a plan on what to do when an attack happens. Develop and implement a wireless security policy. Be ready when you do detect a rogue device or when someone's banging on your network from the parking lot.
Zero Trust + Deception: Learn How to Outsmart Attackers!
Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!Save My Seat!
Want to watch us talk about penetration testing and hear stories from 200 clients I've been hired to hack into their network?
We're running a webinar tomorrow with Pwnie Express and Larry Pesce.
You can sign up here, and I'll send you the link to watch us as well as a guide for 2017 on how you can lock down wireless networks and keep people like me out of your company's networks.
Note: It's a guest post written by Ken Savage from Pwnie Express for The Hacker News.