WIPS

A Wireless Intrusion Prevention System Protects against Wi-Fi Threats

Retailers, quick-service restaurants and convenience stores are using Wi-Fi to attract and retain customers. Customers have grown to expect reliable wireless connectivity when they walk into an establishment, and smart operators are taking advantage of this trend. Wi-Fi can be used to deliver coupons and special offers and to gather intelligence about customer behavior and preferences.

Wi-Fi also offers operational benefits. Employees can leverage mobile devices to access the information they need to maximize sales and upsell opportunities. Mobile point-of-sale services enhance the customer experience by eliminating the need to pay for items at a traditional “cash wrap” counter.

In order to reap these benefits, organizations must ensure that their Wi-Fi networks are secure. Major data breaches have been attributed to vulnerabilities within Wi-Fi networks. Because Wi-Fi transports data over radio frequencies, it is susceptible to threats that traditional security tools don’t detect.

Why You Need WIPS

Organizations that depend on Wi-Fi need a wireless intrusion prevention system (WIPS) that provides comprehensive protection against Wi-Fi attacks. A WIPS uses sensors to collect and analyze Wi-Fi traffic in order to identify and block wireless threats.

Some access points (APs) have built-in sensors, which makes deploying a WIPS as easy as a small configuration change. If using the same APs for both connectivity and a WIPS impacts network performance, dedicated sensors can be deployed as an overlay.

Detecting Wi-Fi Threats

A primary function of a WIPS is to identify “rogue” APs that have been added to the network without authorization. Rogue APs bypass corporate security controls, providing a backdoor into the corporate IT environment. Anyone within range of the Wi-Fi network could potentially gain unfettered access to sensitive information.

The Payment Card Industry Data Security Standard (PCI DSS) requires organizations that accept credit cards to scan for rogue APs at least quarterly. However, such infrequent scanning can mean that a security breach goes undetected for weeks or months. A WIPS continuously monitors the Wi-Fi network to detect and automatically eliminate rogue APs.

A WIPS can also help mitigate the risk of “evil twin” APs that spoof the SSIDs and MAC addresses of legitimate APs on the network. This gives hackers criminals the ability to intercept traffic, steal user credentials, distribute malware and more. Similarly, a hacker can set up an ad hoc, peer-to-peer network and directly connect to devices that are set to discover new networks.

Misconfigured APs are another significant risk. According to Gartner, most wireless-related security incidents occur because APs are improperly configured, either due to human error or issues with network management software.

Choosing the Right Solution

A WIPS should be able to detect and block all of these threats while maintaining network performance. Best-in-class WIPS have a browser-based management interface that allows you to set Wi-Fi security policies with a few simple clicks. SageNet has a team of Wi-Fi and security specialists who can help you select and implement the right solution.

The key is to remember that attackers are continually scanning wireless networks for weaknesses that will give them access to systems and payment card data and the ability to introduce malware. A WIPS provides robust protection against these attacks so that you can take full advantage of the benefits of Wi-Fi.