uncategorized

How to Handle Wireless Security Like a Seven-Year-Old

Seven-year-old you was pretty awesome. Rocking your Super NES, listening to your brother’s “Nevermind” CD when he wasn’t around, cackling like crazy to Ren & Stimpy. You were so awesome that you didn’t realize you’d already learned several key elements of wireless security — knowledge that would help you out in the 21st century. Here’s a reminder.

1. Wash your hands

WPA2’s reputation for security sturdiness took a hit when it was revealed in 2017 that Key Reinstallation Attacks — or KRACK — can be used to intercept network data. It managed this by interrupting the third step in a four-way process that creates a key for data that is encrypted.

Companies quickly distributed patches to help thwart such attacks. Here’s the thing, though: patches only work if they’re installed. Unpatched software is a leading reason computers get compromised. With 5,000 or so patches per year, it’s easy to understand how some slip through the cracks and others are simply not patched due to “patch fatigue.”

What you knew by the time you were seven:

Personal hygiene is important. It’s a practice many people don’t take to heart, however. Regular hand washing would reduce respiratory illnesses such as colds in the general population by up to 21%. Digital hygiene is important, as well. Since unpatched devices on other networks can make your data as vulnerable as theirs, make sure your vendors have also installed patches to address matters such as KRACK (the list of available patches for that is here) and many more.

There’s no way to sugarcoat this, though: you might be facing an uphill battle. An audit of the cyber protections at companies with 10,000 or more employees found that most of those companies are still open to 10-year-old vulnerabilities. That’s a lot of hand washing … er, wireless security … to catch up on.

2. Sharing is caring

As the Electronic Frontier Foundation (EFF) pointed out about the KRACK problem, secrecy and protocol development don’t always mix. In fact, those two ingredients may contribute to an environment that allows vulnerabilities to bloom. Here’s why: Since protocol definitions are not readily available to security researchers, fewer critical eyes are scanning them for possible problems.

“This is another clear example of why important protocols like WPA and WPA2 should be open and free to the public: so that security researchers can investigate and catch these sorts of vulnerabilities early in the life of a protocol, before it’s embedded in billions of devices,” the EFF wrote.

Which brings us to the internet of things (IoT). IoT promises to be big. Really big. Like, “a $3 trillion market by 2020” big. What will that sort of opportunity mean for the communication protocols of each connected “thing?” Will companies share everything, or keep certain aspects under wraps?

The landscape right now reveals many IoT devices separate from one another, stranded on deserted islands of unconnected networks thanks to proprietary reasons and incompatible protocols. Any hesitancy to engage in an unequivocal partnership that can produce a more secure future will set a broader range of security problems in motion.

That’s because IoT has already started exponentially increasing the number of devices — and, therefore, points of entry for malicious software — on any one network. What began as a way to connect servers, printers, and desktop computers must now contend with laptops, smartphones, medical devices, wearable devices such as smartwatches, refrigerators, door locks, bike locks, and even trash cans. Endpoint security helps, but the network that connects those endpoints will need to be stronger than it is today.

What you knew by the time you were seven:

Everyone wins when we share and share alike. Communication standards and protocols have often succeeded because a consortium pooled their interests. Will the potential mega-size of the IoT market change the landscape of cooperation? Consider that one of blockchain’s most celebrated characteristics is the availability of data it offers and you have an idea of the sort of reliability shared ideas can generate. It’s a strength that will only come from working together.

3. Don’t talk to strangers

Warding off hackers from can seem like a never-ending game of whack-a-mole. As soon as the hammer comes down on one issue, another pops up. And another. And another. One study found that a hacking attempt is made on a computer with Internet access an average of once every 39 seconds.

It’s difficult to keep a wireless network secure under those circumstances, because you know users will eventually trip up. In today’s BYOD world, the security problems can multiply rapidly.

What you knew by the time you were seven

Bad things can happen if you talk to strangers. Sometimes the ramifications can be enormous; ask former presidential candidate Hillary Clinton or Sony Pictures, to name only two of the more prominent examples. Other times, the worst that will happen is that your PC begins mining bitcoin without your knowledge.

Just like some kids could never quite grasp the importance of washing hands, others don’t quite get the “talking to strangers” issue. This is how you can help them:

  • Weak passwords, failing to lock screens when stepping away: these and similar actions invite the wrong kind of conversations: conversations with hackers. Produce, publish, and promote cybersecurity guidelines to help address this issue. It isn’t enough to give it a big promotional splash when it’s introduced and then forget about it.
  • There’s one more “P” word that you need to consider: “punish.” It may sound extreme to some, but an unenforced rule isn’t a rule. And not enforcing cybersecurity rules can lead to terrible harm to your company.
  • Even if your guidelines discuss secure password development, underscore the importance of good passwords again. Standards for the WPA3 protocol were developed with weak passwords in mind (that is, passwords that don’t meet complexity recommendations), but that’s no excuse for staff to leave their password “A” game at home … especially since it will be years before WPA3 propagates throughout the tech world.
  • Be mindful of strangers lurking around your network — a situation that’s only going to get worse in our IoT world. One study found that 100% of the organizations it examined had rogue consumer IoT wireless devices on the enterprise network. Again: 100%. Now THAT’S “stranger danger.” Investing in even the low-hanging fruit of software patches, password-protected routers and connected devices, and applying a new, non-default password will improve your wireless security landscape.

This Active Intersection Needs Wireless Security

The digital intersection of commerce and crime is a busy one and slated to get busier. But a safer environment, one with effective wireless security, is closer than you think. Just get in touch with the seven-year-old you once were and begin applying the same rules you once lived by. (But don’t pull out the Super NES until all your work is done.)

Based in the U.S., CTC Technologies, Inc. is an IT solutions provider capable of stepping in to support your IT infrastructure needs. We’re available immediately to help your company improve network performance, mitigate risk and operate efficiently. Contact us today for a free consultation about the wireless site survey solution that works best for your business.