Network Airspace Control and Protection (NACP)
All you need to know to control and protect the emerging attack surface
All you need to know to control and protect the emerging attack surface
Search over the internet for an Antenna for Hire (A4H)
Example:
Security camera
Remotely take
control of the Antenna for Hire (A4H)
Example:
Exploit CVE-20XX-XXXX in security camera
Use the A4H to search for a Wireless Receptor at a corporate
Example:
Boardroom TV broadcasting via Wi-Fi Direct
Take over the Wireless Receptor
Example:
Connect to the boardroom TV via Wi-Fi Direct
Penetrate into the wired or wireless network through Wireless Receptor (WR)
Example:
Use TV authorization to access wired network
Identify Wireless Receptors (WR) on other segment and hop wirelessly
Example:
Hop from boardroom TV to employee’s laptop via laptop’s enabled hotspot
Connect to an unmonitored channel. Create a tunnel to a C&C
Example:
Connect to cafeteria open Wi-Fi and connect via HTTPS to C&C
The majority of the corporate devices today include dual connectivity – on one hand connected to the corporate network and on the the other, acting as Wireless Receptors open to connecting to any wireless channel.
The vicinity of the corporate is also about with Antenna for Hire – broadcasting wireless devices.
While it is the corporate wireless security policy to allow employees and corporate-controlled devices to communicate only on supervised channels, corporations find that they cannot effectively enforce that wireless policy.
For example, a common policy violation occurs when an employee that is required to communicate over a restricted wireless network turns to a less restricted, or even a Guest or an open network when lacking wireless reception.
Attackers are also aware of this lack of control and enforcement and leverage Antenna for Hire as a proxy to penetrate the corporate network through Wireless Receptors.
In fact, an AirEye survey showed that 44% of experienced IR professionals investigated incidents related to wireless attacks or vulnerabilities.
40% of surveyors mentioned they did not have sufficient forensic data in such attacks, and another 40% were not sure whether data was leaked.
By not leaving forensics or attack data, this attack surface is used over and over again by attackers.
Unauthorized access to the corporate network – noncorporate devices accessing corporate devices through their wireless capabilities.
Device hijacking – corporate devices being taken control of through wireless attacks
Data Leakage – corporate devices accessing unmonitored and unauthorized channels.
Segmentation hopping – bypassing network access controls through the network airspace
One of the biggest concerns security teams is shadow networks – networks generated by corporate-controlled devices.
No security solution today apart from NACP can identify, monitor and place controls over shadow networks.
Here are just a few examples of network entry points that are created by shadow networks and the risk they pose:
Entry Point
An employee establishes a mobile hotspot on their computer.
Security Risk
Creates an insecure path for data to leave the organization.
Entry Point
An employee’s laptop back at the corporate still continuously probes for a common cafe’s network after having connected to one during remote work.
Security Risk
Allows attackers to hijack the device and create a network bridge between an attacker controlled device and the corporate network.
Entry Point
A network generated by the corporate printer, caused by the printer’s enabled Peer to Peer (Wi-Fi Direct) capability.
Security Risk
Allows an attacker to communicate with the printer device over an insecure channel and use it as a bridge into the internal network.
Entry Point
A portable X-Ray device emitting its own open network for its sensor plates to transmit patient data.
Security Risk
Provides an easy path for an attacker into the hospital’s network.
Entry Point
A Peer-to-Peer communication between forklifts at a factory.
Security Risk
Creates a path for lateral movement (e.g. for ransomware proliferation) through an insecure and unmonitored channel.
Entry Point
A boardroom monitor to which corporate laptops connect to.
A Peer-to-Peer communication between forklifts at a factory.
Security Risk
Allows the attacker to hijack the laptop which later connects to the corporate network.
The corporate IT landscape includes an increasing number of Wireless Receptors – wireless-capable devices, ranging from corporate laptops, printers, and even coffee machines. Each of these may create shadow networks, flying under the radar of the security team, and posing a security risk to the corporate network.
Outside the corporate, there is an endless number of Antenna for Hire – wireless devices broadcasting in the vicinity of the organization, ranging from security cameras to a router at a nearby cafe.
Attackers leverage the Antenna for Hire and gain unauthorized network access, device hijacking or data leakage, using Wireless Receptors as a springboard into the corporate network.
In essence, the Antenna for Hire acts as a proxy for the attacker without needing to physically be in the vicinity of the corporate.
1 Enforce all network access and configurations are properly implemented for assurance
2 Unauthorized devices are automatically identified and do not connect to the corporate network
3 Authorized devices should not connect to non-corporate networks
4 Authorized devices should connect only to authorized corporate networks
5 Unauthorized devices should not connect to authorized devices with dual-connectivity (such as peer to peer technologies, e.g. Wi-Fi Direct)
6 Authorized devices should not establish ad-hoc
networks such as hotspots, file transfer, etc.
7 Automatically prevent over the air attacks
Monitor the Corporate Network Airspace and classify controlled and uncontrolled assets
All wireless broadcasting technologies and channels need to be monitored for full visibility of corporate network airspace. Create an inventory of all Access Points (APs) and devices that are part of the corporate network airspace.
Discover and continuously monitor Antenna for Hire
Detect, identify, classify and continuously monitor Antenna for Hire and monitor their activities, behaviors, and interactions that can affect the corporate network.
Discover and continuously monitor Wireless Receptors
Detect Wireless Receptors and monitor their activities, behaviors and interactions.
Automatically enforce wireless security policy
Detect out-of-policy violations such as connections to unauthorized and unmonitored wireless networks and automatically block these connections.
Automatically detect & prevent wireless attacks
Detect interactions between Antenna for Hire and Wireless Receptors.
Automatically block these connections to prevent unauthorized access to corporate network, device hijacking and data leakage.
Attack timeline reporting and forensics
Provide complete attack details, incl. identification of Antenna for Hire, all Wireless Receptors communicating with Antennae for Hire, communication channels, type of attack, and resolution.
Each company needs to consider their network airspace security as part of their network security strategy.
The endless number of wireless broadcasting devices in the vicinity of the network means that each company today needs to have visibility into all their corporate networks – including shadow networks, have a solid wireless security policy that is enforceable and be capable of preventing wireless attacks.
These include financial companies, banks, telcos, manufacturing, healthcare, retailers, software companies and defense.
Even the rare organizations with the most secure controls that do not allow for corporate wireless networks, have an issue through shadow networks due to the pervasiveness of wireless-capable devices. Also these organizations need to ensure they are protected from wireless attacks and enforce that a corporate-owned device does not connect to an unauthorized channel in their network airspace.