Not so long ago, wireless networks were considered enemies of a secure network environment. I remember talking to many colleagues and clients five or six years ago, especially when implementing access points behind firewalls, who promised never to allow wireless connections in the building.
I have co-authored a book on wireless network piracy over 10 years ago. At the time, companies were vulnerable to wireless networks, allowing various vulnerabilities to accommodate the limitations of the book. Fast forward to today and wifi as a service (including guest networks) are everywhere. In the past few years, I have not come across any networks without some wireless guest access.
Are these businesses better now than before? Is the information more at risk?
It depends. Overall, I don't think business networks, including wireless connections, are as secure as administrators think. Even with the freedom to use all wireless network controls and security systems, there are many vulnerabilities in guest wireless network configurations that should not be missed. Interestingly, wireless signals, access points, and management systems are not necessarily weak points. Like many other security challenges, it's about implementation.
Consider the following wireless network security vulnerabilities discovered in recent security assessments:
- Consumer grade access points with default settings that can be exploited to facilitate attacks against Wi-Fi Protected Settings (WPS) provide attackers with complete WPA-PSK encryption keys.
- Open the wireless network with a signal that is accessible from other buildings not only in the parking lot but also from adjacent companies, apartments, etc. These connections provide a simple route to malicious Internet access attacks, such as unauthorized content downloads / uploads, spread of spam, etc. Launching attacks against malware and other users - this may all be tied to a business that was simply meant to provide wireless access to guests. These are specific risks that can cause quite ugly legal problems if ignored. Especially if you don't need to authenticate wireless users or approve policies.
- An enterprise-grade wireless management system that is weakened (or completely disabled) by firewall rules or network ACLs that provide guest network access to the production LAN environment. Similarly, it looks like a secure wireless network setup where an attacker on the guest wireless side is just an isolated network segment like a VLAN that can be easily exploited simply by guessing the IP addressing scheme of the internal network segment. I confirmed what it looked like.
Except for exploiting this relatively small number of wireless networks, it is very easy to provide access to the guest network without breaking the bank or causing excessively burdensome administrative problems. Be sure to test these and other weaknesses. The last thing you want is for someone else to find and abuse you. In particular, you may find that the odds are good and you cannot know them until it is too late.