What is a Wireless Intrusion Prevention System (WIPS)? Wi-Fi Security That’s No Longer Up in the Air
Though it often gets taken for granted nowadays, Wi-Fi is nothing but a technological marvel. It provides the ultimate in online convenience and is nigh on expected wherever you go.
However, the technology is still fraught with unique cybersecurity worries, even 20 years after entering the mainstream.
WIPSs (Wireless Intrusion Prevention Systems) are the solution to many of these worries – so let’s investigate the network security problems that plague Wi-Fi and how a good WIPS can defend against them.Want to skip the preamble and get to the definition? Click here!
How Risky is Wi-Fi?
When Wi-Fi started to become mainstream around 1999, it felt like the ultimate in technological convenience. The future, it seemed, was finally here. Though still an objectively impressive feat, a lot has changed in the intervening two decades – especially in terms of the online threat landscape.
Cybercrime has increased exponentially in the past 10 years – let alone 20 – with hackers constantly finding new and interesting ways to compromise networks, steal data, and generally wreak havoc. Yet in terms of Wi-Fi network security, not much has changed at all. We expect some kind of Wi-Fi connectivity wherever we go, yet there’s nothing inherently secure about wireless networking.
Some may argue that the WPA2 encryption that modern Wi-Fi uses is a security measure. But we’d argue that it hasn’t been secure since 2017’s KRACK vulnerability was discovered, rendering WPA2 encryption pretty much useless.
But before we get our teeth stuck into our WIPS definition, we need to understand the Wi-Fi threats that are out there.
A Few Wireless Network Security Scenarios
Wi-Fi provision relies on access hardware that sends and receives wireless signals, forming an almost spherical range of coverage around each access point (AP).
Bringing an unauthorised access point within this range, directly plugging new access hardware into your physical network, or an overlap in Wi-Fi coverage between you and a neighbour can mark the start of many cybersecurity issues.
Evil Twin Access Points
Hackers can set up their own access points within range of your Wi-Fi network that appear to be a direct clone of your own legitimate AP; called an “evil twin”.
An unsuspecting team member who isn’t using a secure VPN, or visitor might connect to this network by accident – in doing so, they think they’re connected to your network when really, they’re connected to a hacker’s 4/5G hotspot.
That criminal will therefore have complete control over the data transferred over that connection – they can steal payment details, swipe sensitive access credentials, inject malicious code, install malware, and more.
Unauthorised or Unsecured Access Points
In another scenario, unvetted, off-the-shelf Wi-Fi access hardware can be plugged into your network without authorisation. This could be totally innocent – a team needs better Wi-Fi coverage so they set up a wireless access point purchased from a big box retailer, not thinking about the security implications.
However, an internal actor with a grudge could just as easily set up an unsecured AP to form an unsecured “backdoor” into the network. This could result in data theft, malware propagation, and can serve as an exploitable weak point in your network’s defences.
Alternatively, it’s just as easy for a technician to install a new AP and forget to correctly configure it for optimal security. Whatever the situation, a hacker can identify these weaknesses, use them to access your network, and cause havoc.
External Access Points
Issues can also arise when devices that usually connect to your internal Wi-Fi network are used to connect to neighbouring open networks in range, perhaps to evade your internal network or content policies.
Because you don’t know how stringent your neighbour’s Wi-Fi measures are, this can open the door to snooping, man-in-the-middle (MITM) attacks, and more. In fact, any device that has previously connected to an unvetted, unsecured, or outright malicious access point could contain all manner of nasties, including malware, ransomware, and access backdoors – posing a real threat to any network they connect to thereafter, including yours.
If you think all of this sounds pretty concerning, you’d be right. But there is one solution: investing in a WIPS or Wireless Intrusion Prevention System.
What is WIPS?
A wireless intrusion prevention system is a security system for wireless networks. A WIPS monitors the radio spectrum within a wireless network’s airspace for unauthorized or unexpected activity and frequencies.
The system independently identifies threatening activity and can automatically shut it down. Modern WIPSs often go further than mere frequency analysis, including classifying known wireless devices, cataloguing their unique signal patterns, and potentially more depending on the solution you choose
Good WIPS systems can pick up on all kinds of wireless threats and vulnerabilities, including unauthorised or misconfigured hardware; evil twin APs; snooping attempts, and many more.
How WIPSs are Deployed
Many modern WIPS installations use what is called “integrated WIPS”. This is where always-on wireless intrusion monitoring and prevention is built into your wireless access points, ensuring total protective coverage of every cubic centimetre of your network’s airspace.
There are two other notable ways to achieve WIPS. At the cheaper end of the spectrum are WIPS systems with periodic monitoring functionalities built in to their APs. Cybercrime can strike at any time, so intermittent security scanning can still leave you vulnerable.
At the more expensive end of the spectrum, there are “overlay” WIPS systems which involve deploying standalone WIPS sensors – separate to your access points – which constantly monitor the network’s wireless frequencies.
This additional hardware can come with a higher cost, but it may actually work out quite affordably compared with ripping and replacing your existing access hardware. However, also consider that when the sensors are separate from the access points, that there is a risk that some of your network airspace will be left unmonitored.
With this in mind, we feel that integrated WIPS systems offer the best balance in cost and functionality.
Whichever type of wireless intrusion prevention system you choose, it will generally report back to some kind of management interface so your technicians can monitor logged infractions, check alerts, and manually secure your airwaves.
WIPSs can also report on operational network metrics like usage and performance, helping your technicians maintain network health and uptime alongside security.
WatchGuard WIPS – The Best WIPS in the Industry
WatchGuard’s integrated WIPS defends against a wide range of common Wi-Fi threats whilst effortlessly maintaining high network speeds and performance. It protects your airspace using it’s unique “Marker Packet” technology which classifies all access points within range; this forms a protective bubble around your internal IT without disrupting the functionality of external, neighbouring networks.
In addition, research from Miercom shows that WatchGuard’s AP420 can detect and actively prevent more Wi-Fi threats than other industry leading hardware from Cisco Meraki, Aruba, and Ruckus.
All of WatchGuard’s WIPS functionality is housed within their reliable, industry leading wireless APs, meaning there’s no need to choose between functionality and security – you get both. It’s all managed from an intuitive cloud-based interface which is available through any web browser. It’s also flawlessly compatible with WatchGuard’s Firebox firewall ranges.
So do you want wireless network security that isn’t quite so “up in the air”? Get in touch with the boffins at Just Firewalls today for a free, no obligation cybersecurity health check!
You won’t be pressured to buy anything and all that’s needed is a basic knowledge of your network, an open mind, and half an hour or so of your time.
Remember we’re always here for a spot of free advice and to help minimise your network security worries wherever possible. Just call us on 0808 1644414 or drop us a line to request a call back.