How should a wireless network policy look like?

Each corporate should have their own wireless security policy that suits their culture and risk appetite. But best practices include the following controls:

Network Airspace Control

Enforce your wireless network policy like never before

Prevent corporate devices from connecting to unmonitored networks - Disallowing a corporate device from connecting to a Guest or external network or to any mobile hotspot

Prevent corporate devices from connecting to unauthorized networks - Disallowing a sensitive corporate device from connecting to a non-sensitive network and vice versa (for instance, when the the networks are segmented by departement)

Disable all Wireless Receptors - Disable the wireless functionality of all dual-connected corporate devices

Enabling supervisions - such as allowing specific corporate devices to wirelessly connect to a dual-connected corporate device, or setting contingency for corporate and non-corporate devices to connect to authorized network (e.g. a time window or expiration date)   

Why network airspace control? 

Today’s corporate network airspace contains numerous wireless channels. These could be corporate-owned wireless channels or channels generated by Antenna for Hire™ - broadcasting wireless devices in the vicinity of the corporate (aka “Antenna for Hire™). 

The majority of the corporate devices today also include dual connectivity where their wireless capabilities, turning them into Wireless ReceptorsTM - on one hand open to connecting to any wireless channel, and on the other, open to receiving communications from any wireless channel. 

For example, while it is the corporate wireless security policy to allow employees and corporate-controlled devices to communicate only on supervised channels, corporates find that they cannot effectively enforce that wireless policy. 

For instance, an employee connecting to a restricted wireless network may turn to a less-restricted, or even Guest or an open network when lacking reception. 

Companies must enforce their wireless security policy to eliminate the risk from:

  • Connecting to spillage networks

  • Unauthorized access to the corporate network - non-corporate devices accessing corporate devices through their wireless capabilities.  

  • Data Leakage - corporate devices accessing unmonitored and unauthorized channels. 

AirEye is the only solution that provides full network airspace protection

Schedule a NACP consultation today

Only Network Airspace Control and Protection (NACP) enforces your wireless security policy

NAC

NAC also does not see or relate to devices not under your control. As a result, control and policy enforcement on such devices is impossible. 

Cannot work on devices that have no agent. (for wireless). Requires integration with Access Point management. So always behind, not up.

Wireless Management

Wifi authentication and encryption do not address airborne attacks as these all happen on other channels not monitored or controlled by the enterprise wireless equipment. And in most cases, the interaction between the Antenna for Hire™ and the Wireless Receptor™ is completely outside of the corporate network scope making NAC and wireless firewalls completely oblivious to such communications. 

Lorem Ipsum 2

Some AP devices come with built-in Wireless Intrusion Detection Systems (WIDS).  However, these devices only check for rogue APs or Evil Twins through whitelisting, resulting in numerous false positives, and do not cover the full range of airborne attacks. Furthermore, these solutions are vendor-based whereas a typical corporate may have APs from multiple vendors. 

Lorem Ipsum 3

Given that a corporate network is affected by so many Antenna for HireTM -  IoT devices surrounding the enterprise but not controlled by the corporate - makes IoT security solutions irrelevant to the problem of airborne attacks.