Posts

4 Ways the WhatsApp Exploit Could Use Employees to Infiltrate Your Network

The recent WhatsApp breach was very sophisticated and clever in the manner it was delivered. And that should be expected considering who was reported as being behind the zero-day attack against the popular messaging application.

But the attack against the WhatsApp app is not just a concern for its millions of global customers. There’s a very real and imminent threat to businesses and enterprises, too.

For example, let’s assume one of your employees has WhatsApp installed on their device and it is subsequently compromised via the latest WhatsApp exploit. In many situations, this employee will, at some point, connect their device to the corporate network.

This legitimate access could be via VPN, cloud applications (e.g., Office 365, Dropbox, etc.), corporate Wi-Fi or, my personal “favorite,” plugging the device into the USB port of a corporate laptop so the phone can charge. Understanding how and where users connect to the corporate network is critical.

In most cases, organizations can’t prevent personal BYOD phones from being compromised — particularly when outside the network perimeter. They can, however, protect the network from exploits delivered via the compromised phone. Here are the four most common ways the WhatsApp vulnerability could be leveraged to infiltrate a corporate network and, more importantly, how SonicWall can prevent it:

  1. Via VPN. If an employee connects to corporate over VPN, SonicWall, for example, would be the endpoint where they establish the VPN Threat prevention (e.g., firewalls, Capture ATP) and access control (e.g., Secure Mobile Access) would prevent the WhatsApp breach from spreading any further than the compromised phone.
  2. Via Wi-Fi. In this scenario, next-generation firewalls and secure wireless access points should be in place to inspect all internal traffic and prevent the exploit from going further than the phone.
  3. Via compromised credentials. Because the WhatsApp exploit enabled attackers to steal credentials to cloud services and apps, organizations with Cloud Access Security Broker (CASB) solutions, like SonicWall Cloud App Security, would mitigate account takeovers (ATO), unauthorized access and any related data leakage.
  4. Via USB port. Users often forget that a powered USB port on their laptop is an entry point for attackers — even when doing something as innocent as charging a phone. A sound endpoint protection solution (see diagram), such as Capture Client, would monitor the connection to the laptop and inspect any malicious activity attempting to leverage the USB port to deliver malware payloads.

Top 7 Wireless Best Practices for Better Wi-Fi Coverage & User Experiences

Many of us face slow Wi-Fi and connectivity issues on wireless networks. Just the other day, I was in a café having coffee and browsing the internet. Suddenly, my connectivity dropped. I tried to reconnect, but the signal strength was too low. In the end, I gave up.

I am sure you have faced the same issue. Usually, at this point, you might blame the wireless network and question the capability of the access point (AP). But did you know often this is not the case? Mostly, the AP is not to blame. Connectivity problems arise due to improper designing and planning of the wireless network. Below are some of the best practices that you can follow to provide the best user experience from your wireless network.

  • Perform a site survey before installing access points

Before deploying your AP, it is critical you understand your environment and the type of deployment you require. Would you prefer coverage over density, or vice versa? To ensure the café scenario doesn’t happen, plan your network based on density. This ensures you are prepared for data traffic during peak hours on your wireless network.

Performing a site survey before deploying your wireless network can help with determining how many access points are required, and what type of coverage you can expect with your APs. Advanced site survey tools, such as SonicWall’s Wi-Fi Planner, will be able to predict the coverage automatically. This tool also lets you choose the coverage zones, and identifies what type of obstacles and areas are present in your location.

Wifi Planner

SonicWall’s Wi-Fi Planner uses heat maps to help you accurately design a dense, secure and reliable wireless environment.

  • Before plugging in your AP, check if it requires 802.3af or 802.3at

It is essential to check the power compliance of your AP before connecting it to your network. The maximum power from an 802.3af source is 15.4W, whereas 802.3at is 50W. If you are plugging an 802.3af-complaint AP into an 802.3at power source, make sure that your power supply is backward compatible with 802.3af devices. If not, your AP could be fried.

  • Max AP power does not mean max performance

Blasting your AP at full power does not ensure maximum performance. While it would showcase more coverage, the user experience may be impacted.

Think about two people in a room. They are in close proximity to each other, trying to have a conversation, and both of them are screaming at the top of their voices at the same time. Neither of the two would be able to understand each other and carry out a meaningful conversation. Similarly, based on your environment, it is essential to tweak the transmit power of the AP.

  • AP mounting is critical for ubiquitous coverage

APs are built to work in certain use cases or environments. For instance, an indoor, integrated-antenna AP is designed to work as a ceiling-mount AP in spaces like indoor office environments. This is because the APs with integrated, omni-directional antennas have a 360 degree radiation pattern. Much like the sun radiating rays, the omni-directional access points radiate RF signals. Barriers like walls, concrete and metal partitions can cause RF blockage.

  • Use 20 MHz or 40 MHz channels for high-density deployments

For high-density deployments, it is essential to choose lower channel widths, such as 20 MHz and 40 MHz. With 80MHz channels, there are just five non-overlapping channels, while for 160 MHz, there are only two non-overlapping channels. This makes it hard to deploy the higher channel widths without causing co-channel interference. Higher channel widths are ideal for low-density, high-performance requirements.

  • Deploy indoor APs every 60 feet for high-density deployments

APs should be deployed based upon your coverage or density requirements. For high-density, high-bandwidth requirements, deploy your APs every 60 feet. Make sure your Received Signal Strength Indicator (RSSI) stays above -65 dBm. Up to -65 dBm is recommended for VOIP and streaming.

  • Disable lower data rates

Based on your coverage design, it is advisable to turn off lower data rates below 24 Mbps. This ensures that the AP and client do not communicate at, say, 6 Mbps, which could result in low performance and lead to a poor user experience.

To learn more about wireless networking best practices, read our solution brief, “Best Practices for Wired, Wireless and Mobile Security.”

Six Steps to Securing WiFi in a Small Business

In my job at SonicWall, I talk to a lot of people about IT security. One thing I hear a lot of the time from small business owners is something along the lines of “Why would anybody target me? I am just a small company. They would much rather go after big companies.” While this is very true for highly targeted attacks, where a highly motivated and funded attacker is going after a well-known entity, it is simply not true for the majority of attacks which are much more opportunistic in nature.

Let me give you an example. Let’s say you own a local insurance agency in a retail complex. You rely heavily on your computer system to connect to the insurance company and share information about the policies that you need to write. In the business, we call that “private customer information” and it is what you need to protect. Now, let’s assume you have a broadband connection and a consultant who has helped install and maintain your network including the security component. So far, so good.

Next, you decide you would like to add WiFi to your network so you and clients can connect more easily. You decide to go down to the local box store and purchase an off the shelf consumer class wireless access point and connect it to an open port in your office. You skip quickly through the startup menu choosing “quick start” and are up and running in a few minutes. Great, right? Not so fast. Most likely some of the steps you skipped over had to do with securing the wireless traffic, but that is difficult and requires some thought so you decided to do it later, which never happened.

At this point, you have a very secure wired network and an unsecured wireless network. Now, next door is a fast food restaurant with a lot of teenage kids who rotate in and out based on the season. One of them happens to be a wanna-be hacker, who notices a wide open wireless network and decides to investigate. She finds that she can connect to the wireless network and not only get wireless access, but also see the files on your computer, because you allow file sharing! And worse, she can see the private customer information that is so important to not only your local agency but also the nationwide company. And in a fit of teenage rebellion or altruism, she decides to download the customer data and then sends it to the nationwide agency to show them that one of their agents is not being responsible with their customer’s data. That is known as white hat hacking, and she is actually doing your insurance company a favor. Imagine if a neighbor with less noble intentions had been able to extract the data.

This is just an example, illustrating why wireless security is so important. Here are some tips to help you keep this fictional scenario from becoming a reality.

  1. Utilize a firewall with integrated wireless security that simplifies the implementation of wireless network security.
  2. Leverage deep packet inspection on the firewall to scan all traffic to and from the wireless users’ computers for viruses, malware and intrusions that may have been brought in from the outside.
  3. Since many websites are now leveraging SSL encryption to protect user data, make sure that your wireless network security solution can decrypt and scan encrypted traffic.
  4. Look for wireless network security solutions with wireless intrusion detection and prevention to block rogue access points and minimize the disruption from denial of service attacks.
  5. Apply application control to block unauthorized applications from being used on the wireless network.
  6. Set up a secure wireless guest network with encryption for your guests if you want to allow your customers to use WiFi in the lobby or conference rooms.

This is just one hypothetical example of what can happen if you don’t take security seriously. To learn more about wireless security, here is a quick and easy infographic with more information on this important topic.

Follow me on Twitter: @johngord