With more than 17 years experience in WiFi security audit, and as a World-recognised authority in WiFi security education, we have unique credentials, including many years of work for Government wireless security agencies and notable contracts for major names in Commercial, Health, Manufacturing and Education sectors.
Most organisations don’t have a comprehensive written Wireless Security Policy.
Even fewer have their systems independently audited and verified against the wide range of wireless intrusions and attacks.
With the rise of the Internet of Things (IoT) – every organisation needs a properly written and implemented wireless security policy which covers all wireless technologies – not just Wi-Fi.
Security standards such as the Payment Card Industry (PCI) Data Security Standard, created by major credit card companies to safeguard customer information, mean that it is now mandatory that companies deploying Wi-Fi wireless networks have a clearly-defined, stated and documented wireless network security policy.
The National Institute of Standards and Technology in the USA advises that “companies should be aware that maintaining a secure wireless network is an ongoing process that requires greater effort than that required for other networks and systems“.
Moreover, “it is important that companies assess risks more frequently and that they test and evaluate system security controls when wireless technologies are deployed“.
Clearly, your organisation’s wireless network security policy should be be created by a team with in-depth experience in the field.
Authoritative training in Wireless Security is available for IT staff needing the skills to perform this task.
As NIST advises, it is important that your wireless network installations are regularly audited and evaluated for compliance with your stated wireless security policy. Ideally, these audits should be performed independently, by an external organisation with in-depth skills in wireless network security auditing.
As with wired networks, companies need to be aware of liability issues for the loss of
sensitive information or for any attacks launched from a compromised network.
Specific threats and vulnerabilities to wireless networks and devices include:
- All the vulnerabilities that exist in a conventional wired network apply to wireless technologies.
- Malicious entities may gain unauthorised access to an agency’s computer network through wireless connections, bypassing any firewall protections.
- Sensitive information that is not encrypted (or that is encrypted with poor cryptographic techniques) and that is transmitted between two wireless devices may be intercepted and disclosed.
- DoS attacks may be directed at wireless connections or devices.
- Malicious entities may steal the identity of legitimate users and masquerade as them on internal or external corporate networks.
- Sensitive data may be corrupted during improper synchronisation.
- Malicious entities may be able to violate the privacy of legitimate users and be able to track their movements..
- Malicious entities may deploy unauthorised equipment (e.g., client devices and access points) to surreptitiously gain access to sensitive information.
- Handheld devices are easily stolen and can reveal sensitive information.
- Data may be extracted without detection from improperly configured devices.
- Viruses or other malicious code may corrupt data on a wireless device and subsequently be introduced to a wired network connection.
- Malicious entities may, through wireless connections, connect to other agencies or organisations for the purposes of launching attacks and concealing their activities.
- Interlopers, from inside or out, may be able to gain connectivity to network management controls and thereby disable or disrupt operations.
- Malicious entities may use third-party, un-trusted wireless network services to gain access to an agency’s or other organisation’s network resources.
- Internal attacks may be possible via ad hoc transmissions.
LEVER are the UK’s leading Wireless security experts for Enterprise-grade WiFi wireless networks (WLANs) – with some unique credentials:
- A World-recognised authority on Wi-Fi network Security
- The World’s first CWNP GOLD Learning Partner
- Certified Wireless Security Professionals (CWSP) since 2003
- We write the books and teach the industry through our World-leading CWSP and Certified Wireless Systems Security Auditor (CWSSA™) courses
- Our Blue-chip client list which includes the World’s major Wireless Security Agencies
- We perform comprehensive vendor-neutral Wireless Security Assessments for networks built using equipment from Cisco, HPE / Aruba, Meraki, Aerohive, Ubiquiti, Xirrus and many more.
We provide advice at every level on wireless network security, along with a complete range of services to organisations wanting to secure their wireless networks.
Our services include:
- Strategic Briefings and Seminars
- World-leading raining in Wireles Security
- Wireless Security Policy Planning and Definition
- Writing of Wireless Security Policies
- Wireless Security Health Checks
- Wireless Security Audit
- Assessment of existing Wireless Network Security
- Advice on Wireless Authentication, Wireless Authorisation, Wireless Accounting (AAA), Wireless Encryption, Wireless session control, and Wireless Billing
- Wireless Threat Detection
- Wireless Intrusion Detection Systems (Wireless IDS, WIDS) and Wireless Intrusion Protection Systems (WIPS)
- Recommendations on Wireless Security Tools
- Wireless Site Survey
- In-depth Wireless Network Troubleshooting
- Wireless network Installation and Commissioning