Without addressing the wireless problem, our Zero Trust posture is incomplete.
Wireless devices number in the tens of billions worldwide, and their presence continues to grow.
All of these devices have the potential to connect to our networks in some way, and yet their wireless interfaces are largely unmonitored.
In our efforts to shift to a Zero Trust mindset, it is critical that we bring visibility to these wireless technologies in addition to the wired components of our networks.
Attack devices include Wi-Fi pineapples, O.MG and USB Ninja cables and Wi-Fi Rubber Duckies, wireless network interface controller dongles, Bluetooth development kits/dongles, software-defined radio kits/dongles, and more.
While radio technology has been around since the late 19th century, modern developments involving higher frequencies and digital modulation have made wireless communication increasingly efficient and effective, allowing us to use different bands of the EM spectrum to support tens of billions of devices speaking many different protocols.
A wireless detection system must be equally capable by employing modern tools like software-defined radio technology and highly-capable processors to digitally demodulate and decode the many wireless packets from many protocols.
A wireless detection system should include multiple broadband, multi-channel software-defined radio sensors to detect multiple wireless signals simultaneously.
The sensors must digitally decode the headers of many wireless packets in parallel to extract metadata for individual wireless detections, and then feed their data to a central server to localize the emissions in space.
This gives a user visibility into the wireless signals in terms of their temporal, spatial, and behavioral characteristics.
Applied to wireless data, we need to identify unhealthy behaviors in the wireless transmissions, classify their severity, and provide tools for users to take action.
Dimensions over which we can analyze wireless devices include time, space, and many dimensions of behavior.
The metadata available from the wireless packet headers offers a rich set of data from which we can infer connectivity, device information, data transmission volume, and much more.
Building a wireless detection system like the once described above is not trivial.
Intermittent WEP encryption advertised through beacons from an access point that otherwise used WPA2 encryption Bluetooth-enabled RFID readers that were susceptible to a wireless DoS attack that could shut down physical access to the facility.
For many of the examples above, physical security interdiction is the appropriate response, and the wireless detection system's ability to locate the wireless devices spatially is critical.
For others, some action to correct device misconfiguration or simply shutting down a specific wireless mode is sufficient.
Whatever the case, a wireless detection solution can not only provide real-time monitoring of the wireless attack surface to identify incidents as they occur, but it can serve to shore up an organization's security posture to prevent attacks from occurring at all.
Wireless devices are ubiquitous, vulnerable to attack, and invisible to most security tools.
The ability to detect, localize, analyze, and respond to wireless threats is the next phase in the implementation of Zero Trust.
This Cyber News was published on www.cybersecurity-insiders.com. Publication date: Tue, 20 Feb 2024 20:13:04 +0000