What is Enterprise Network Security?
Enterprise network security is the protection of a network that connects the systems, mainframes, and devices within an enterprise. Wireless networks (Wi-Fi) are vulnerable to cyberattacks as they lack many of the robust security tools that secure wired networks, such as firewalls, intrusion protection systems, content filters, and antivirus and anti-malware detection programs.1 The following are types of cyberattacks that enterprise Wi-Fi may be vulnerable to:
Packet sniffing. A packet sniffer (also known as packet analyzer, protocol analyzer, network analyzer) is hardware or software used to monitor network traffic to examine streams of data packets that flow between computers on a network and between networked computers on the internet. Packet sniffers can scan packets to capture information such as website visits, content viewed, email details, and files downloaded. This information can be leveraged for malicious intentions such as deploying malware-laden email attachments that can install themselves on an enterprise network to carry out other types of cyberattacks.
Evil twins and rogue access points. A rogue access point (AP) is a type of Wi-Fi attack in which a cyberattacker uses software to create a malicious AP that is live and broadcasting out to wireless clients. When clients connect to it, cyberattackers can collect username and password information or they can use this connection to redirect clients to malicious websites. Evil twin attacks are a type of rogue AP attack where the cyberattacker mimics the settings of a legitimate AP to create a virtually identical “evil twin” that tricks people into connecting to it.
Identity theft (MAC spoofing). In a MAC spoofing attack, a cyberattacker sniffs the network for valid media access control (MAC) addresses and attempts to act as one of the valid MAC addresses. By presenting itself as the default gateway, the cyberattacker can copy all of the data forwarded to the default gateway without being detected.
Denial-of-service (DoS). A DoS attack sends a transmission which distorts the effectiveness of the network, or it completely prevents it from functioning. The goal of this attack is to disrupt wireless communication.
Accidental and malicious association. When a user turns on their computer, it latches on to a wireless network or wireless AP. If a computer latches on to an unintended available AP, this security breach could be considered accidental association. A wireless device, such as a cracked laptop, accessing the corporate AP is known as malicious association. Both accidental and malicious associations allow sensitive information to be exposed to cyberattackers.
Enterprise Wi-Fi networks can be protected from these threats by:
- Deploying wireless intrusion detection systems and wireless intrusion protection systems
- Updating all software
- Securely configuring equipment
- Ensuring equipment meets encryption requirements
- Establishing multi-factor authentication
- Using Extensible Authentication Protocol-Transport Layer Security certificate-based method to create MFA
- Using Counter Mode Cipher Block Chaining Message Authentication Code Protocol sparingly
- Implementing a Wi-Fi network for guests that is separate from the main network
1 CISA, 2018, “Security Tip (ST18-003): Securing Enterprise Wireless Networks”