Intrusion to the networks by cybercriminals and other individuals with bad intentions has become rampant in recent years. The population using a wireless network to connect to their business and friends is increasing, causing the mechanism to contain crimes like hacking, phishing, and poisoning network and systems hard to deal with. So as the use of wireless technology in terms of networks and communication, for example, the use of mobile, is growing, the cyber actors are also taking advantage of different vulnerabilities to perform their hurting intentions (Huang et al. 2018). Since the use of the internet and other wireless services is giving much benefit across the globe, users and developers are finding best practices for wireless security to remain confident about the network they are using. Some of the wireless services that are experiencing a high level of attack or vulnerability are the private and public Wi-Fi, Mobile gadgets, Local Area Networks (LAN), Global Positioning Systems, Cellular Communication, Radio, and Television Broadcasting Frequencies among others (Alotaibi, & Almagwashi, 2018). Different attacks can be directed to these wireless networks by cyber actors or through mishandling by internal users. Such attacks can have an adverse effect on organizations, businesses, and personal security; hence best practices for wireless security must be put in place to ensure the wireless gadgets remain safe and free from threats.
Since security incidences have become more common, businesses and users of wireless networks must rethink security matters. Insecure networks are likely to cause a lot of harm to the operating business or even organization; hence best security practice is mandatory. The report will contain the common threats that attack the wireless networks, a case scenario of security incidence involving wireless security, and a list of best practices for wireless security.
Zoom Conferencing Service Incident of Security Hitch
When the pandemic arose, the different operations went online, and most activities like board meetings and classes were being held through video conferencing. During this time, zoom has seen a huge growth in terms of subscriptions and users worldwide. In April 2020, zoom came up with a plan to address concerns of users’ security approach, which came after the come had experienced security issues is the conferences were intruded by zoombombers interrupting conversations by sharing shameful photos like pornographies (Stileman, & Nyren, 2020). The platform for video conferencing with a wide user base created attention regarding security, with different users failing to understand if the app was secure. During the late days of the match, Zoom was alleged to misrepresent its security systems. The company had argued that it offered encryption which was revealed to be a lie, putting data to vulnerability. The other disturbing issue was Zoombombings with the prankster putting the images for pornography and committing another form of intrusion when the conference meeting was going on, and during the school, the session becomes repeated whereby April 2020, security intelligence like FBI produced a life time jail to hackers threats for teleconference hacking.
In the end, the company was fined $85 million for the security issues, which was an experience. Amid all these operations, Zoom had to do away with the iOS app linking the analytics with Facebook without revealing facts to the users. There was also a class-case which was prosecuted in California for the company’s security violation (Bracken, 2021). The company had to take some steps to implement the users’ security concerns following the incidences.
There has been a debate in the UK whether to use Zoom to hold cabinet meetings. The government had justified it during “unprecedented periods” during the time some of the members could not access a secure network from their homes during isolation. The debate to use Zoom got more heat when Boris Johnson, the Prime Minister, Tweeted a photo that contained the ID number of the meeting that had occurred at the latest. It was also indicated that Elon Musk hand terminated the use of Zoom regarding the SpaceX meetings declaring security as the main issue. Another incident NASA, one of Space X’s biggest customers, prevented employees from using it with the same allegation of security issues on their networks. Mr Cluley argued that anyone using Zoom for sensitive information needed to take caution (Bracken, 2021). He said that fixing such a problem would take more time, especially those using Zoom who were at high risk of holding sensitive conversations, which could fall victim to a state-sponsored attack.
Some of the changes made by Zoom were checking the misconfigured passcodes to repel Zoombombers. In October 2020, the company come up with structured encryption for both ends and made a mechanism to put security first for the users going onward. That clearly shows that wireless communication and services are at risk of compromise, and best security practices are important to secure the networks and their users.
Wireless Security Threats
Looking at the case scenario of Zoom, the use of wireless needs a more concrete solution to secure the networks and online operations. To have better control of the security systems, vendors and users must understand some of the security threats which wireless networks and communication pause. Coming close to understanding these security issues and vulnerabilities that lead to the attacks will be easier to create an important mechanism to regulate security. Wireless local network (WLANS) transfers and receives information through radio waves without wire or any physical link (Yang, Dai, & Wei, 2018). Since there are no physical barriers, wireless activities are vulnerable to unlawful interruptions by the actors.
Distributed Denial of Services (DDoS) is a common threat to wireless networks and communications. It happens when the intruders flood the communication or network platform, which affects the availability of the network’s resources. Such threats may make the services go off and disrupt the users’ operations (Yang, Dai, & Wei, 2018). DDoS are dangerous threats, especially to the wireless network, because one might not know the source of the attack. Vendors should know about these attacks to create strong security features and apply best practices when installing the services.
Spoofing and Hijacking Session is a threat where they go past security perimeters and access the network data and other available resources through anonymity and masquerading as a valid user. When the attacker gains access to the network, they are likely to infiltrate the information they want and misuse them. The threat applied to the Zoom conference services where actors got access to different sessions as valid users. The attack in the aspect uses the existing, legitimate user to exploit the session, and they can insert unwanted materials.
Eavesdropping, a wireless connecting system supporting an active eavesdropper, is preferred. The systems use the unnamed aerial vehicle (UAV) as the model of relying on and the uplinks stages for giving permission. The attack can sneak into the system by attacking the UAV when authentication is done (Tibbetts, Wong, & Bonello, 2020). It is easier for wireless operations to be attacked by threats if there are no good protective mechanisms put in place. If the actors get the vector and channel, they can compromise the network and hijack the session.
Best Practices for Wireless Security
Security is not an approach that stops when the gadgets have been designed rather, and it is a continuous process that should be reviewed throughout the operations. The wireless connections like LAN and WAN, among others, must be given the right attention to attain privacy integrity and secure the services they offer (Bhushan, & Sahoo, 2018). That can be achieved through using the following practices for wireless security.
These activities are carried out to ascertain that activities for users, the processes, and hardware components have been well-coordinated through proper reviewing. Auditing can be done in two different forms: proactive and reactive, where reactive involves logs being examined later to collect the right information in the form of forensic to determine the root of a problem or the extent of exposure to security threats (Bhushan, & Sahoo, 2018). The proactive approach of auditing is that logs are done in real-time to see the abnormal behaviors or to guard anyone against bypassing the security perimeters.
Separating Internal and Guest Users
Most of the time, the person who visits the business will need access to the wireless networks. That can benefit the customers, but it can be hard to tell who trues customer in the present environment is. The best practice in this scenario is trying to spate what to offer to guests from the internal users. With the advancing technology and the rate of connectedness for wireless technology, allowing guests to use the internet, they may segregate it and try to access the internet that carries important information (Benzaid, & Taleb, 2020). Separating internal and guest users is the best practice.
Limiting Physical Access
Most wireless services distribute the networks either LAN or WAN so that the network can be conveniently reached. It is important to secure the points where the servers and rooters are located so that no one can access the main plant easily. Securing the physical points allows the users and intruders to be limited so no tempering can happen (Froehlich, 2021). The access point is designed to be closed or mount the devices and secure with a lock or encrypted passwords. In addition to the physical restriction is important to have access to the WAP is secured with a unique password.
Apply Wireless Intrusion Prevention Systems
This is a practice used to ensure the systems are free from the major threats where it uses the dedicated IPS within the security for wireless. These devices work by keeping on track and detecting the nefarious and when the WLAN is being targeted with the attack that uses spoofing, malicious broadcast, and other techniques. The Network IPS, like Snort, makes a preemptive technique to keep the network free from intrusion because it can identify the nature of the threat in real-time and effectively shove them (Salis, et al., 2019). The intrusion prevention systems keep track of the network traffic and swiftly prevent any form of exploits concerning the set rules that the network administrators have put across.
Mobile Device Management Practice
The MDM is a practice of security element which allows the administrators to repel the devices which do not match security standards. There are multiple benefits of MDM: a device to manage the integrity of the network and the housed data and information. The practice is important because there is good compliance and policies and good regulation. Users can be managed remotely with their devices, including the options to remotely disable or disconnect unauthorized people trying to hijack the systems (Benzaid, & Taleb, 2020). The practice is important because it allows prompt action to any changing network’s behavior and makes the necessary alert.
Use of Standardized Policies
With the increasing security issues, different organizations are helping organizations keep up with the technology and tame possible threats. Adhering to standardization like NIST, ISO, and IEEE is good practice for wireless security. For example, in 2003, there was standardization for Wi-Fi Protected Access. The standardization advanced to WPa2 in 2004 and WPA 3 in 2018, which use more advanced encryption mechanisms to ensure that the security for the wireless network is well protected (Froehlich, 2021). Currently, the organizations use a combination of all protocols for WPA to guard their corporate WLANs. It allows good authentication and strong authentication key methods of distribution.
The advancing technology makes the actors sharper and devises new approaches to attack wireless networks and services. The corporates and organizations risk losing much if they will not champion the best practices. Organizations like Zoom offering wireless services to large fan bases have tested the compromise. More will be expected to other organizations that will not put the security for the wireless as a priority. Remaining alert and adhering to set security standards will prevent the companies from getting compromised and prevent the systems from threats like spoofing, session hijacking, and DDoS. It is time for the companies to remain vigilant with best practices for wireless security.
Alotaibi, B., & Almagwashi, H. (2018, April). A Review of BYOD security challenges, solutions and policy best practices. In 2018 1st International Conference on Computer Applications & Information Security (ICCAIS) (pp. 1-6). IEEE.
Benzaid, C., & Taleb, T. (2020). ZSM security: Threat surface and best practices. IEEE Network, 34(3), 124-133.
Bracken, A. B. (2021) Zoom settlement: An $85m business case for Security Investment. Threatpost English Global threatpostcom. Retrieved January 21, 2022, from https://threatpost.com/zoomsettlement85msecurityinvestment/168445/#:~:text=Zoombombings%20also%20became%20an%20issue,teleconference%20hackers%20with%20jail%20time
Bhushan, B., & Sahoo, G. (2018). Recent advances in attacks, technical challenges, vulnerabilities and their countermeasures in wireless sensor networks. Wireless Personal Communications, 98(2), 2037-2077.
Froehlich, A. (2021, December 16). WLAN security: Best Practices for Wireless Network Security. SearchSecurity. Retrieved January 21, 2022, from https://www.techtarget.com/searchsecurity/WLAN-security-Best-practices-for-wireless-network-security
Huang, V. K., Pang, Z., Chen, C. J. A., & Tsang, K. F. (2018). New trends in the practical deployment of industrial wireless: From noncritical to critical use cases. IEEE Industrial Electronics Magazine, 12(2), 50-58.
Kostadinov, G., & Atanasova, T. (2019). Security policies for wireless and network infrastructure. Problems of Engineering Cybernetics and Robotics, 71, 14-19.
Stileman, K., & Nyren, H. (2020). The A to Zoom of Digital Book Events How One Press Managed the Overnight Transition to Virtual Events due to the Coronavirus. Journal of Scholarly Publishing, 51(4), 228-233.
Salis, A., Jensen, J., Bulla, R., Mancini, G., & Cocco, P. (2019, August). Security and Privacy management in a fog-to-cloud environment. In European Conference on Parallel Processing (pp. 99-111). Springer, Cham.
Tibbetts, E. A., Wong, E., & Bonello, S. (2020). Wasps use social eavesdropping to learn about individual rivals. Current Biology, 30(15), 3007-3010.
Yang, G., Dai, L., & Wei, Z. (2018). Challenges, threats, security issues and new trends of underwater wireless sensor networks. Sensors, 18(11), 3907.