$

Controlled Access to
Wireless Networks
Whitepaper

www.seqrite.com
Table of Contents Abstract
1 Abstract 01 Wireless network was an evolutionary move but every path has its puddle. Many enterprises are
2 Introduction 02 sporting flexible work environment for employees by providing them with portable devices (such as
3 Threats to wireless security 02 laptops) to access enterprise resources remotely.
3.1 Rogue Access Point 02 A wired network requires physical access to the device but a wireless network can be targeted and
3.2 Man-in-the-Middle Attacks 03 exploited from a distance. This makes sensitive data of an enterprise more vulnerable to the outside
3.3 Unmanaged use of wireless outside the enterprise 04 world and data security over a wireless network an increasingly pressing need. Hence an enterprise
3.4 Evil Twins 04 needs to control the access to wireless network from an employee’s device.
4 Secure Systems using Controlled Access to Wireless Network 05
This white paper lists different attacks that can possibly exploit enterprise resource via wireless
5 Conclusion 06
network and how controlled wireless network access lessens the possibility of these attacks.

This whitepaper is researched and written by:

Saylee Kulkarni
Software Engineer, Development Mobile/IoT devices are the most vulnerable endpoints or entry
Vikas Tiwari points to network and enterprise systems. 56% of companies
Senior Project Manager, Development say IoT and mobile devices are the most vulnerable endpoint
of their organization’s networks and enterprise systems
- Ponemon Institute’s 2017 State of Cybersecurity in Small & Medium-Sized Businesses (SMB)

Controlled Access to Wireless Network - Whitepaper 01

 Introduction
Due to the flexibility offered by wireless networks they are deployed in almost every type of
environment, which increases the risk of attacks occurring on wireless networks.
Organizations have cut the wires to let employees work from anywhere; by remotely connecting to
information resources using quite powerful mobile devices. This provides an attractive work
Hacker’s Device environment and increases employees’ productivity, but in this scenario people are carrying enterprise
information outside on portable devices such as laptops, mobile phones, etc., making the information
vulnerable to the outside world.
Enterprises need policies, to control the access to the wireless networks on these portable devices to
lower the risk of exploitation of the enterprise information through wireless channels.

Rogue
Legitimate Access Point Threats to Wireless Security
access point
3.1 Rogue Access Point
Let’s start with ‘What is an Access Point?’. An Access Point (AP) is a network hardware which acts
Legitimate as an interface between wireless network and wired network. When you connect to a wireless
access point network AP it will then ultimately connect you to the desired wired network.
Rogue means dishonest. So as the name suggests, in this attack a dishonest access point is setup
by the attacker within the range of an existing wireless network. Then this false access point acts
as a legitimate access point and users are fooled into connecting to this access point. Once the
connection with this access point is established user’s entire data will be rerouted to the attacker’s
network.
This type of attack is short lived but can cause major havoc if an attacker gets some amount of
physical access. For instance if attacker gains access to physical port of a company network and
hooks his access point (rogue access point) to this port, then it will be very easy for the attacker to
User 2 capture all the data transfer occurring via this port.
User 1 But if the wireless LAN being targeted is used only for Internet access; then attacker does not need
Controlled Area physical access to the network for exploiting it for an extended period of time.

Controlled Access to Wireless Network - Whitepaper 02

 3.2 Man-in-the-Middle Attacks
To improve security of data transfer over wireless network, encryption and authentication
techniques are used. But smart hackers can always find vulnerabilities because they have
knowledge of how the networking protocols operate. A definite weakness of networking protocols
is a man-in-the-middle attack. In this type of attack a hacker places a fictitious device between the
users and the wireless network.
There are many ways in which man-in-the-middle attack can occur. The most common way is to
exploit the common Address Resolution Protocol (ARP), that all the TCP/IP networks use.
Controlled Area
What is ARP? ARP is a function used by both wireless and wired Network Interface Controller (NIC)
to discover physical address of destination machine with which connection needs to be
established. Physical address of destination machine is nothing but MAC address, which is
User Legitimate embedded in the NIC by the manufacturer.
access point
The application software which needs to send the data has the destination IP address, but the
sending NIC must use ARP to discover the corresponding physical address.
Why NIC needs MAC address for establishing a connection? MAC address is analogous to the
street address of your home. When someone wants to send you a letter, the person must know the
street address along with your house number for the letter to reach to you correctly. Similarly a
sending NIC must know the MAC address of the destination along with the IP address.
The sender gets the MAC address of destination by broadcasting an ARP request packet that
announces the destination NIC's IP address. All stations hear this request, and the station having
IP address mentioned in the ARP request packet (receiver) will return an ARP response packet
Man-In-The-Middle containing its MAC address along with IP address. The sending station will then include this MAC
(Hacker) address received in ARP response as the destination address in the data being sent. The sending
station also stores mapping of the IP address and MAC address in a table (known as ARP table)
for a specified period of time (or until the time station storing IP address and MAC address
mapping, receives new ARP response from the station having that IP address).
A hacker can exploit this vulnerability by ARP spoofing. In ARP spoofing, a hacker sends an ARP
response with IP address same as that of legitimate network device and MAC address of the
rogue device (i.e. hacker’s device), this will cause all the legitimate devices in the enterprise
network to update IP address and MAC address mapping table with false MAC address. Now all
the data will be sent to hacker’s device until new ARP response with legitimate MAC address is
received.

Controlled Access to Wireless Network - Whitepaper 03

3.3 Unmanaged use of wireless outside the enterprise
More and more employees are becoming mobile by using organization provided portable devices
outside the office premises. It is easier to protect devices from threats, when they are inside the
organizational premises since these locations have controlled security environment.
But when the devices are out of the controlled security zones there are chances that employees
can connect to public networks which can leave them vulnerable to malicious traffic and ultimately
leave the enterprise information resources at risk.
In such cases it is essential for organizations to have policies in place on these devices to prevent
employees from putting organizational assets at risk.

3.4 Evil Twins

An evil twin is advancement to Rogue Access Point (AP). They are much more sophisticated than
rogue access points when it comes to masking their purpose. Evil twins are designed in such a
way that they look and act exactly like a legitimate AP you know and trust. Evil twin is a clone of a
legitimate AP and it’s done so sophisticatedly that it’s very difficult for user to differentiate. When
user connects via this false AP, user is actually connecting to the evil twin, which then proceeds to
send information to the hacker. Wi-Fi networks are extremely vulnerable to these types of attacks.

Controlled Access to Wireless Network - Whitepaper 04

 Controlled Area Secure Systems using Controlled Access to
Wireless Network
Denying access to wireless network is not an option in today’s world where working only in wired
connection setup is impossible.
An enterprise can prevent its employees from becoming prey to above mentioned attacks by
controlling the access to the wireless network from enterprise owned mobile devices instead of
denying it completely.
Most of the enterprise level security products offer endpoint protection for such devices. Seqrite
Authorized Access Points Endpoint Security offers additional security features to safeguard wireless networks, along with its
multilevel protection using IDS/IPS, firewall and web security.
Authorized
Connection Authorized
Allowed Connection Seqrite Endpoint Protection System: Advanced Device Control
Allowed The Advanced Device Control feature offers controlled access for wide range of portable devices and
has a dedicated section for controlling access to wireless networks.
Administrator can provide a list of authorized wireless access points, an employee then can connect
only to any of these authorized access points. The access points are authorized based on their SSID
and MAC address.
User User
If user tries to connect to any unauthorized access point, then the connection would be denied and a
report with user name and access point details, to which connection was denied, is generated.
Since the connection is authorized using the combination of SSID and MAC address, it’s difficult for
the hackers to duplicate authorized access point because in one network no two devices can have
same MAC address.
Unauthorized
Connection denied
x

Unauthorized
Access Point

Controlled Access to Wireless Network - Whitepaper 05

Conclusion
Enterprises cannot completely stop users from using wireless network since it’s the need of the day.
But IT administrators of the organization can control to which wireless network user can connect.
Most of the exploits occur on public wireless network hence denying access to public networks
resolves most of the risk and other attacks such as rogue access point, Man-in-the-middle and evil
twin can be avoided by the combination of SSID and MAC address used for the authorization of
wireless connection.
IT administrators now don’t need to lose their sleep over threats to the enterprise sensitive
information by wireless network.

Controlled Access to Wireless Network - Whitepaper 06

 Seqrite is a world-class Enterprise Security brand defined by innovation and simplicity. Our solutions
are a combination of intelligence, analysis of applications and state-of-the-art technology, and are
Expanding international presence designed to provide better protection for our customers.

Seqrite is backed by Quick Heal’s cutting-edge expertise of producing cybersecurity solutions for over
two decades. Our products help secure the networks used by millions of customers in more than 80
countries.

Experience the best-in-class solutions offered by

Seqrite and how they can address the security
challenges of your enterprise. Boost your cybersecurity,

Request Demo

USA UAE KENYA

JAPAN
Quick Heal Technologies Seqrite Technologies Quick Heal Technologies
Quick Heal Japan KK.
America Inc. DMCC, Dubai. Africa Ltd.

Certifications
Quick Heal Technologies Limited
TOP PRODUCT

Corporate office: Marvel Edge, Office No. 7010 C & D, 7th Floor,
17
/20

Viman Nagar, Pune - 411014, India.

06

Support Number: 1800-212-7377 | info@seqrite.com | www.seqrite.com

All Intellectual Property Right(s) including trademark(s), logo(s) and copyright(s)

are properties of their respective owners. Copyright © 2018 Quick Heal Technologies Ltd.
All rights reserved. | WP-220-04.2018

Controlled Access to Wireless Network - Whitepaper 07