Network Airspace Control

Enforce your wireless network policy like never before

Network Airspace Control

How should a wireless network policy look like?

Each corporate should have their own wireless security policy that suits their culture and risk appetite. But best practices include the following controls:

Prevent corporate devices from connecting to unmonitored networks

Prevent corporate devices from connecting to unmonitored networks –
Disallowing a corporate device from connecting to a Guest or external network or to any mobile hotspot

Prevent corporate devices from connecting to unauthorized networks

Prevent corporate devices from connecting to unauthorized networks –
Ensuring that a sensitive corporate device connects only to an authorized network within the enterprise and vice versa (for instance, when the the networks are segmented by department)

Disable all Wireless Receptors™ to eliminate entry points to your network

Disable all Wireless Receptors™ to eliminate entry points to your network
Disable the wireless functionality of all dual-connected corporate devices

Enabling supervisions

Enabling supervisions – such as allowing specific corporate devices to wirelessly connect to a dual-connected corporate device, or setting contingency for corporate and non-corporate devices to connect to authorized network (e.g. a time window or expiration date)

The majority of the corporate devices today include dual connectivity – on one hand connected to the corporate network and on the the other, acting as Wireless Receptors™ open to connecting to any wireless channel. The issue is that wireless channels are abound in the corporate airspace. These could be corporate-owned wireless channels or channels generated by Antenna for Hire™ – broadcasting wireless devices in the vicinity of the corporate.

While it is the corporate wireless security policy to allow employees and corporate-controlled devices to communicate only on supervised channels, corporations find that they cannot effectively enforce that wireless policy. For example, a common policy violation occurs when an employee that is required to communicate over a restricted wireless network turns to a less-restricted, or even a Guest or an open network when lacking wireless reception. 

Companies must enforce their wireless security policy to eliminate the risk of:

  • Spillage connections – Connecting to non-corporate networks that are broadcasting into the corporate airspace

  • Unauthorized access to the corporate network – non-corporate devices accessing corporate devices through their wireless capabilities.  

  • Data Leakage – corporate devices accessing unmonitored and unauthorized channels. 

  • Unauthorized network hopping – bypassing network access controls through the network airspace.

Each company needs to consider their network airspace security as part of their network security strategy.  The endless number of wireless broadcasting devices in the vicinity of the network means that each company today needs to have a solid wireless security policy and ensure that this is enforced. This includes financial companies, banks, telcos, manufacturing, healthcare, retailers, software companies and defense.

Even the rare organizations with the most secure controls that do not have a corporate wireless channel, broadcasting devices in their vicinity has become an issue due to their pervasiveness. Also these organizations need to enforce that a corporate-owned device does not connect to an unauthorized channel in their airspace.

This all the more true in today’s current era of Bring Your Own Personal Computer (BYOPC). Take for instance a laptop which is allowed to connect to the corporate network only through the network cable. An employee or a consultant that sits in the cafe across the street of the corporate and connects to its Wi-Fi, returns to the corporate with the cafe’s Wi-Fi configured to continue connecting to the cafe’s Access Point.