Are you concerned about the new WiFi security flaw threatening your wireless network connectivity? Well, there’s good news – especially if you’re a TierOne Technology Partners client. Thanks to our partnership with SonicWALL and their SonicWave technology, our clients will have substantially safer wireless access points and wireless network security solutions – part of our all-inclusive managed service package.
How Much is WiFi Less Secure Than a Wired-In Connection?
There’s a general feeling that WiFi is less secure than having a wired connection to the network. It could just be our perception that a signal traveling through air is easier to intercept than one moving across a physical Ethernet cable.
So, what are your chances of getting a wireless network security breach?
When a new WiFi vulnerability is uncovered, such as the flaw in WPA2 which Belgian researchers recently made public, it gets a lot of attention. And why not? After all, millions of us use WiFi-enabled devices every day and most organizations provide WiFi to their employees, customers, and guests. Therefore, it’s reasonable to be nervous that your wireless access point may be at risk from KRACKs (key reinstallation attacks).
But is this true for everyone?
In his blog, “Are There KRACKS in Your Wireless Network Security?” John Gordineer points out that SonicWall SonicWave wireless access points (APs) provide an extra level of protection against these attacks that are almost certainly a death-knell for WiFi hacks.
Let’s take a closer look at just how the SonicWave APs do this.
SonicWave APs provide something very few other APs on the market have – a third radio dedicated to security.
Why is that important?
Most access points have two radios. One operates in the 2.4 GHz frequency band and the other in the 5 GHz band. To perform security scanning for rogue APs, you need to take one of those radios away from its normal duties for a period. The problem is, this consolidates all wireless users onto a single radio, slowing the wireless performance and providing a poor user experience.
Now, you can schedule the scan for the middle of the night when there are fewer wireless users, but that’s like turning on a security camera for only 30 minutes each day. The odds that the attack occurs during this short window are minimal.
On the other hand, SonicWave APs use that third radio to scan for and block rogue access points 24×7 so you’re covered around the clock. If an unauthorized access point is detected, it can be automatically disassociated from the network and traffic between the access point and clients will be blocked. Here’s how it looks in SonicOS, the firmware of the managing SonicWall firewall.
Let’s apply this to the WPA2 wireless network security vulnerability that opens WiFi networks to key reinstallation attacks. Hackers within WiFi range can use KRACKs to steal sensitive organizational and personal information. To do this, the hacker attaches a rogue access point called an “evil twin” to the WiFi network, mirroring the MAC address and SSID of the real AP.
Using certain techniques within the KRACK, then, the hacker redirects unpatched clients to connect to the rogue AP.
Then, during the four-way handshake between the real access point and a client device, the hacker launches a man-in-the-middle (MITM) attack and forces the client to reinstall an encryption key that’s been used already, something that the WPA2 protocol was thought to prevent. The WiFi client associates with the evil twin access point using unencrypted data transmissions making it easy for the attacker to read the communications.
SonicWave access points, on the other hand, protect against KRACKs in two ways. First, they don’t support the IEEE 802.11r Fast BSS Transition (aka fast roaming) which is vulnerable to KRACKs due to protocol deficiencies.
And second, SonicWave access points use AES-CCMP for the key exchange, so the hacker cannot forge the key and join the network. To get around this, hackers may attempt to deploy an “evil twin” access point on a different WiFi channel to fool wireless clients into connecting to the rogue AP instead of the SonicWave AP.
As I mentioned earlier, however, this won’t work with SonicWave APs due to the third radio which continually scans for and blocks rogue access points from connecting to the network using Wireless Intrusion Detection and Prevention (WIDPS). There’s even an option in the Wireless Intrusion Detection and Prevention settings to add evil twins to a list of rogue APs.
If you’re in the market for a new wireless access point or wireless network security solutions check with the right network security provider – TierOne – to about the SonicWave series. Having that third radio will provide you with a range of advantages you won’t get with standard two-radio APs including added protection against attacks like KRACK.
Secure Yourself an Exceptional Wireless Experience
With TierOneIT.com steering your SonicWALL/SonicWave wireless network security experience, you’ll get exceptional wireless speed while securing your network and data against encrypted attacks, featuring:
- 11ac Wave 2 support
- 4×4 MU-MIMO
- 5 GbE port for multi-gigabit wireless performance
- Deep packet inspection of inbound and outbound wireless traffic
- Three radios including dedicated security radio
- Wireless signal analysis tools
- Indoor/outdoor options.
Get Maximum Wireless Security Protection for Your Networks
And, what all of this adds up to in layman’s terms is deeper, more impenetrable security for wireless networks and WiFi accessibility. You certainly don’t need one more cyber bogeyman to worry about, so – just leave the IT network worries to us (as our satisfied clients have), and get back to business as usual.
For those of you who are new to our site, we make Total Security Protection simple, easy, and cost-effective.
So, what are you waiting for?
Ready for WiFi Network Security with a Smile (Yours)?
Integris are managed IT service providers in Baltimore who can save you time and money, and deliver a wealth of IT service benefits as well.
Contact us today at (800) 431-2282 or email us at [email protected] for more info on how to get started with our wireless network security solutions and maximize your connectivity and business success for years to come!