Mobile Security

Wi-Fi Security Threats You Should be Aware of

Oct 16, 2021 | Cybersecurity Advice, Internet Security, Mobile Security, Network Security, Web Filtering

Many employees access their work emails and work networks via public Wi-Fi hotspots, even though there is a risk that sensitive information such as login credentials could be intercepted by hackers. Many employees are unaware of the Wi-Fi security threats that lurk in their favorite coffee shop and fail to take precautions. Even employees who are aware of Wi-Fi security threats often ignore the risks.

This was highlighted by a 2017 survey by Symantec. 55% of survey participants said they would not hesitate to connect to a free Wi-Fi hotspot if the signal was good and 46% said they would rather connect to a free, open wireless network than wait to get a password for a secure access point.

60% of survey participants believed public Wi-Fi networks are safe and secure but even though 40% are aware of the Wi-Fi security threats, 87% said that they would access financial information such as their online banking portal or view their emails on public Wi-Fi networks.

The majority of users of public Wi-Fi networks who were aware of the Wi-Fi security threats said they ignored the risks. Millennials were the most likely age group to ignore Wi-Fi security threats: 95% of this age group said they had shared sensitive information over open Wi-Fi connections.

Consumers may be willing to take risks on public Wi-Fi networks, but what about employees? According to a 2018 Spiceworks survey, conducted on 500 IT professionals in the United States, employees are also taking risks.

61% of respondents to the survey said their employees connect to public Wi-Fi hotspots in coffee shops, hotels, and airports to work remotely. Only 64% of respondents said their employees were aware of the security threats on Wi-Fi. A similar percentage said their employees were aware of the risks and connect to their work networks using a VPN, which means that 4 out of 10 workers were unaware of the importance of establishing a secure connection.

Even though 64% of respondents were confident that employees were aware of the risks, only half were confident that data stored on mobile devices was adequately protected against threats from public Wi-Fi hotspots. 12% of respondents said they have had to deal with a public Wi-Fi-related security incident, although a further 34% were not sure if there had been a security breach as many incidents are never reported.

WiFi Security Threats Everyone Should be Aware of

All employers should now be providing security awareness training to their employees to make the workforce more security-aware. Employees should be trained how to identify phishing attempts, warned of the risk from malware and ransomware, and taught about the risks associated with public Wi-Fi networks.

Five threats associated with open public Wi-Fi hotspots are detailed below:

Evil Twins – Rogue Wi-Fi Hotspots

One of the most common ways of obtaining sensitive information is for a cybercriminal to set up an evil twin hotspot. This is a fake Wi-Fi access point that masquerades as the legitimate access point, such as one offered by a coffee shop or hotel. An SSID could be set up such as “Starbuck Guest Wi-Fi” or even just state the name of the establishment. Any information disclosed while connected to that hotspot can be intercepted.

Packet Sniffers

Using a packet sniffer, a hacker can identify, intercept, and monitor web traffic over unsecured Wi-Fi networks and capture personal information such as login credentials to bank accounts and corporate email accounts. If credentials are obtained, a hacker can gain full control of an account.

File-Sharing

Many people have file-sharing enabled on their devices. This feature is useful at home and in the workplace, but it can easily be abused by hackers. It gives them an easy way to connect to a device that is connected to a Wi-Fi hotspot. A hacker can abuse this feature to drop malware on a device when it connects to a hotspot.

Shoulder Surfing

Not all threats are hi-tec. One of the simplest methods of obtaining sensitive information is to observe someone’s online activities by looking over their shoulder. Information such as passwords may be masked so the information is not visible on a screen, but cybercriminals can look at keyboards and work out the passwords when they are typed.

Malware and Ransomware

When connecting to a home or work network, some form of anti-malware control is likely to have been installed, but those protections are often lacking on public Wi-Fi hotspots. Without the protection of AV software and a web filter, malware can be silently downloaded.

Employers can reduce risk by providing comprehensive training to employees to make sure they are aware of the risks from public Wi-Fi hotspots and make sure that employees are aware they should only connect to public Wi-Fi networks if they use a VPN. Employers can further protect workers with WebTitan Cloud – An enterprise-class web filter that protects workers from online threats, regardless of where they connect.

Hotspot providers can protect their customers by securing their Wi-Fi hotspots with WebTitan Cloud for Wi-Fi. WebTitan Cloud for Wi-Fi is a powerful web filter that protects all users of a hotspot from malware and phishing attacks, and can also be used to control the types of sites that can be accessed. If you offer Wi-Fi access, yet are not securing your hotspot, your customers could be at risk.

Contact TitanHQ today to find out how you can protect your customers from online threats, control the content that can be accessed via your Wi-Fi network, and discover how quick and easy it is to create a family-friendly Wi-Fi environment.

Why Secure Guest WiFi for Business is So Important

Oct 10, 2021 | Cybersecurity Advice, Internet Security, Mobile Security, Network Security, Web Filtering

Regardless of whether you run a hotel, coffee shop, or retail outlet, Internet access is expected by customers, but make sure you secure guest WiFi for business visitors. Providing business visitors and customers with access to the Internet brings many benefits, but if you do not secure guest WiFi for business visitors you will be exposing yourself – and them – to considerable risk. If you offer secure guest WiFI access, all users will be protected from malware, ransomware, and phishing when connected to the network. That can be a good selling point for businesses. It also shows you care about your customers.

Why Is Providing Internet Access so Important?

In 2013, one study revealed that 80% of customers in retail outlets felt the provision of free WiFi access would influence their purchasing decisions. If retailers provide guest WiFi access, they are likely to encourage more potential customers into their stores and get more sales opportunities.

With more people purchasing online, businesses need to adapt. Customers want to be able to check online before making a purchase or signing up for a service, such as reading online reviews. Fail to offer Internet access and customers are more likely to leave and make a purchase at another time. Chances are that sales will be made elsewhere. Keep them in your store and allow them to access the internet and your chances of achieving a sale will be increased. Of course, if you are unable to compete with online retailers – Amazon for example – you could provide free WiFi but block access to that website.

Why is Secure Guest WiFi for Business So Important?

There are considerable benefits to be gained from offering customers free Internet access. It is what customers want, it provides businesses with an opportunity to communicate with customers, it allows businesses to collect contact details for future marketing programs, and by monitoring the use of the Internet in-store, businesses can gain valuable customer insights and find out more about the interests of their customers. Businesses should note however that the General Data Protection Regulation (GDPR) requires consent to be obtained before any personal information is collected and used.

Giving customers and guests access to the Internet opens a business up to considerable risks. If those risks are not mitigated, guest WiFi access can prove incredibly costly. You may have trained your employees to be security-aware and have introduced policies covering allowable Internet usage, but guests, customers, and other visitors are likely to have different views about the content that can be accessed on your WiFi network.

Guests and customers could take advantage of a lack of restrictions to access inappropriate material such as pornography. Individuals could engage in morally or ethically questionable activities on a business network or even illegal activity such as copyright-infringing downloads. They may also accidentally install malware or ransomware or visit phishing websites.

Secure guest WiFi for business means protecting yourself and your customers and guest users. Secure guest WiFi for business visitors and it will ensure they are protected when connected to your network. You will be able to block man-in-the-middle attacks, malware downloads and protect against phishing attacks. By providing secure guest internet access, you will also be able to reduce legal liability.

5 Things to Consider About Secure Guest WiFi for Business Customers

If you are going to open up your network to guests, security cannot be an afterthought. Secure guest WiFi for business is a must. Before providing WiFi access, be sure to consider the points below:

Network Segmentation

Segmenting your network is important for two reasons. Secure guest WiFi for business means visitors should not be able to gain access to parts of the network used by your employees. Your business guest wireless network should be kept totally separate from the internal network used by your employees. Guest users should not be able to log on and see your network assets and confidential files and resources. Use a network firewall or create a separate VLAN for guest use and use a software firewall to protect servers and workstations from traffic from the guest network. Secondly, in the event of a malware or ransomware infection, if you segregate your network, it will greatly limit the harm caused.

Always Change Default Passwords and SSIDs

This is one of the most basic security practices, yet because of that, it is easy to forget. The Internet is littered with reports of data breaches that have occurred as a result of the failure to change default passwords. All network peripherals should have strong, unique passwords set.

It is also important to change your SSID for your WiFi network. The SSID should reflect the name of your business and it should be quite clear to your customers which is your network. Fail to do this and you make it too easy for malicious individuals to set up "evil twin" access points and lure guests onto those rogue access points and conduct man-in-the-middle attacks. You can post the SSID and password internally to make it easy for legitimate users to gain access to your network. Be sure to change your password regularly.

Keep Your Firmware Updated!

Firmware updates are issued for a reason. They correct vulnerabilities that could easily be exploited by cybercriminals to gain access to your devices and network. If those vulnerabilities are exploited, configurations can be changed for a variety of nefarious purposes. You should have policies in place that require firmware updates to be installed promptly, with checks performed monthly to ensure that all devices have been updated and no firmware updates have been missed.

Encrypt Your Wireless Signals

You want to make it as easy as possible for your guest WiFi network to be accessed by your customers and visitors, but don’t make it too easy for hackers to spy on individuals connected to the network. Make sure you encrypt your wireless network with WPA2/WPA3 encryption.

If your router does not support WPA2 as a minimum it is time to upgrade your router’s firmware or, if that is not possible, you should buy a modern router that supports WPA3 encryption. If you fail to encrypt your WiFi, it is too easy for your bandwidth to be stolen and for data to be intercepted.

Secure Guest WiFi for Business Means Content Filtering

Secure guest WiFi for business means adding controls to limit the content that can be accessed on your WiFi network.

You should block access to adult content – which includes pornography, gambling sites, and dating sites, and also web content that is ethically or morally questionable or illegal.

A web filtering solution will also protect your customers from accidental malware and ransomware downloads and is an important anti-phishing control.

Consider using a cloud-based web filter as these require no additional hardware to be purchased. They can also be configured and maintained remotely and will not require software or firmware upgrades. In contrast to appliance-based web filters, cloud-based filters are more scalable and are more adaptable to the changing needs of your business.

Wireless Guest Network Best Practices

There are many benefits to be gained from setting up a wireless guest network but doing so introduces risks. If those risks are not managed, guest users could gain access to network resources and view or steal sensitive information. Malware may be accidentally or deliberately installed, and vulnerabilities could be introduced that could expose the network to hackers. Fortunately, following some simple wireless guest network best practices will help you with securing the WiFi network, mitigating risks, and making your wireless network as - or more - secure than your wired network.

• Separate your wireless guest network from the business network – Set up a second SSID specifically for guests to use. It should not be possible for guest users to access your internal WiFi network.
• Choose the SSID wisely – Choose a name that does not advertise the fact that the network belongs to your business if you want to make it harder for hackers to attack your WiFi network.
• Set a secure password for guests to use – Make sure the default password is changed to ensure only authorized guests can access the network.
• If possible, ensure each guest user can be identified on the network. Use a management solution that collects guest credentials as this will allow you to monitor guest behavior and gain valuable insights into how your customers are using the network. Be aware there are restrictions under GDPR and CCPA that require you to obtain consent to collect personal data and explain why the data is being collected.
• Communicate your Internet usage policies to guests so they know what is allowed and prohibited while connected to your WiFi network
• Use the most advanced encryption available – All modern routers and access points support WPA2 encryption. Make sure this is enabled – or WPA3 if it is supported. Avoid using WPS as it is vulnerable to brute force attempts to guess the password.
• Disable admin access on wireless networks – if a hacker succeeds in gaining access to your WiFi network, this will limit the harm that can be caused.
• Implement a web filtering solution – A web filter should be configured to prevent users from accessing inappropriate and malicious websites while connected to the WiFi network

WebTitan Cloud for WiFi – Secure Guest WiFi for Business Users

TitanHQ has made it easy to secure guest WiFi for business users. WebTitan Cloud for WiFi is a 100% cloud-based web filter that allows businesses to carefully control the categories of web content that can be accessed by guest users.

WebTitan Cloud for WiFi allows businesses to block access to 53 different predefined categories of web content, including pornography, gambling, dating, news, and social media websites. Within those 53 categories are more than 500 million websites in 200 languages that have been assessed for content and categorized. A cloud-based lookup also ensures accurate and flexible filtering based on-page content.

Secure guest WiFi for business means effective malware, ransomware, and phishing protection. With WebTitan Cloud for WiFi deployed, access to compromised websites, phishing sites, and other malicious websites will be blocked.

Flexible policy creation means control over the filter can be delegated to different departments, and controls can be applied for different types of users. Cloud Keys can also be created to allow specific users to bypass policy rules.

A full suite of reports ensures detailed information is always available, with email notifications alerting administrators to attempted policy violations and a real-time browsing view is available.

If you want to take control of your WiFi network or are an MSP looking for an easy-to-use multi-tenant solution to allow you to provide a web filtering service to your clients, WebTitan Cloud for WiFi is a quick, easy to use, and low-cost way of providing secure guest WiFi for business users.

Contact TitanHQ today for further information on WiFI guest network security and to find out how WebTItan can protect your business. Our knowledgeable sales staff will be able to advise you on the best way to improve guest WiFi security and will help you choose the best deployment option. If you want to see WebTitan in action before you make a purchase decision, our sales staff will be happy to schedule a product demonstration and help set up a free trial of the solution.

Guest Wi-Fi Security FAQs

How can I improve guest Wi-Fi security?

You must ensure your guest Wi-Fi network is properly configured. You should set a password for access, ensure traffic is encrypted to prevent interception by selecting WPA2 or WPA3 on the router, ensure guest users cannot access and change the router settings, and you should use a content filtering solution to prevent malware downloads and restrict access to inappropriate website content.

What content can I block on guest Wi-Fi networks?

You have full control over the content that guests can access via your Wi-Fi network. With WebTitan Cloud for Wi-Fi, you can block content using 53 pre-defined categories and can create up to 10 categories of your own using your own keywords. Access to specific websites can be allowed or blocked using whitelists and blacklists. All known malicious websites will be automatically blocked.

Can I see what websites guest users are accessing?

A web filtering solution gives you full visibility into the web content that your employees and guest users are viewing, including providing real-time views of Internet access. This information can give you valuable insights into customer behavior which can guide your marketing efforts. You can also run reports to find out the URLs that users have attempted to visit but were blocked by the web filter.

Will a cloud-based web filter for guest Wi-Fi work on all devices?

There is no software to download onto devices and no restrictions on the devices that can connect to your secure Wi-Fi network. WebTitan Cloud for Wi-Fi works with all operating systems and all devices and allows businesses to offer clean, filtered Internet access for customers on Wi-Fi access points. If required, different filtering controls can be set up for different user groups.

Is SSL inspection necessary?

If you have a web filter that does not have SSL inspection, traffic to and from HTTPS websites will be invisible to the filtering solution. That means files downloaded from HTTPS websites cannot be scanned by the AV engines of the web filter. Since many malicious websites have SSL certificates, a web filter with SSL inspection is essential.

Most Common Wireless Network Attacks

Jun 19, 2021 | Cybersecurity Advice, Internet Security, Mobile Security, Network Security, Web Filtering

In this post, we explore some of the common wireless network attacks and offer advice on simple steps that can be taken to secure wireless networks and prevent costly data breaches.

Many Businesses are Neglecting WiFi Security

Many businesses have moved from wired to wireless technologies which has had a negative impact on their security posture. Wired networks are generally a lot easier to secure than wireless networks, and poor implementation often introduces vulnerabilities in WiFi networks. Many businesses also fail to perform a thorough risk analysis which means those vulnerabilities are not identified and addressed. Because of these security flaws, and the ease of exploiting them, wireless networks attacks are common.

The Importance of WiFi Security

Wi-Fi access used to be something you had to pay for, but now free WiFi is something many people take for granted. Visitors to a hotel, coffee shop, bar, retail outlet, or restaurant now expect WiFi to be provided free of charge. The decision to use a particular establishment is often influenced by whether free WiFi is available, but increasingly the quality of the connection is a factor in the decision process.

The quality of the WiFi on offer is not just a question of there being enough bandwidth and fast internet speeds. Parents often choose to visit establishments that provide secure WiFi with content control, for instance, businesses that have been verified under the Friendly WiFi scheme. In order to be accredited under the scheme, businesses must have implemented appropriate filtering controls to ensure minors are prevented from accessing age-inappropriate material.

The massive rise in cyberattacks via public WiFi networks coupled with warnings about WiFi risks in the mainstream media has seen many consumers favor establishments that offer secure WiFi access.

If you run a business and are providing WiFi to customers or if you are considering adding a WiFi hotspot to attract more customers, be sure to consider the security of the network. The past couple of years have seen many attacks on WiFi networks and customers who use those wireless services. The increase in WLAN attacks means WiFi security has never been so important.

Before covering some of the most common wireless attacks, it is worthwhile exploring some of the common wireless network vulnerabilities that can be exploited to eavesdrop on traffic, infect users with malware, and steal sensitive information.

Common Wireless Vulnerabilities

Listed below are some of the most common wireless network vulnerabilities and steps that can be taken to prevent the vulnerabilities from being exploited. These wireless network vulnerabilities could easily be exploited in real-world attacks on wireless networks to steal sensitive data, take control of a router or connected device, or install malware or ransomware.

Use of Default SSIDs and Passwords

WIFi access points are shipped with a default SSID and password which need to be changed, but all too often, those default passwords are left in place. That makes it easy for an attacker to log in and take control of the router, change settings or firmware, load malicious scripts, or even change the DNS server so that all traffic is directed to an IP owned by the attacker. Default passwords must be changed to prevent anyone within range of the signal from connecting and sniffing traffic.

If wireless controllers are used to manage WiFi access points via web interfaces, make sure the default passwords are also changed. These default passwords can be easily found online and can be used to attack wireless networks.

Placing an Access Point Where Tampering Can Occur

If the access point is placed in a location where it can be physically accessed, tampering can occur. It takes just seconds to revert the access point to factory default settings. Make sure the access point is located in a secure location, such as a locked closet.

Use of Vulnerable WEP Protocol

The Wired Equivalent Privacy (WEP) protocol was the first protocol used to encrypt wireless traffic. WEP, as the name suggests, was intended to make wireless networks as secure as their wired counterparts, but that does not make WEP wireless networks secure.

WEP is based on the RC4 cypher, which is secure. The problem is how RC4 is implemented in WEP. WEP allows an initialization vector to be re-used, and the re-use of keys is never a good idea. That allows an attacker to crack the encryption with ease. Several other vulnerabilities have been identified in WEP which make it far from secure.

Even though WEP has been depreciated and there are much more secure wireless encryption protocols to use, many businesses continue to use WEP in the mistaken belief that it is secure. WEP is more secure than no encryption at all – bad security is better than no security – but there are much more secure options for encrypting WiFi traffic. If you want to improve security and prevent WLAN attacks, upgrade to WPA2 or WPA3, which use the much more secure Advanced Encryption Standard (AES) and lack the vulnerabilities of WEP.

WPA2 Krack Vulnerability

WPA may be more secure than WEP, but it is not without its own wireless vulnerabilities. Two Belgian researchers – Mathy Vanhoef and Frank Piessens of the University of Leuven – identified a serious flaw in the WPA security protocol.  The flaw was named KRACK, short for Key Reinstallation Attack. The flaw can be exploited in a man-in-the-middle attack to steal sensitive data sent via the WPA encrypted WiFi connection. If the WPA flaw is exploited, an attacker could eavesdrop on traffic and obtain banking credentials, passwords, and credit card information.

The vulnerability exists in the four-way handshake. An encrypted WPA2 connection starts with a four-way handshake, but not all parts of that handshake are required. To speed up re-connections, the third part is retransmitted. That third part of the handshake may be repeated several times, and it is this step that could be used in a wireless network attack.

By repeatedly resetting the nonce transmitted in the third step of the handshake, an attacker can gradually match encrypted packets and discover the full keychain used to encrypt traffic.

A threat actor could set up a clone of a WiFi access point that a user has previously connected to – an evil twin. To the user, nothing would appear untoward as Internet access would be provided via that evil twin. An attacker can force a user to connect to the cloned WiFi network and all information sent via that evil twin WiFi network can be intercepted. While the attack will not work on sites with SSL/TLS encryption, tools can be used that make this possible by forcing a user to visit an HTTP version of the website.

In order to execute a KRACK WiFi attack, the WiFi network must be using WPA2-PSK or WPA-Enterprise and the attacker needs to be within range of the WiFi signal. Virtually all routers currently in use are vulnerable to KRACK WiFi attacks. The best defense is to keep routers up to date and for users to only connect to wireless networks using a paid-for, up-to-date VPN. The issue has been addressed in WPA3, which is supported by the latest wireless access points. However, even with this exceptionally common wireless network vulnerability, WPA2 is still far more secure than WEP.

NetSpectre – Remote Spectre Exploit

Spectre is a vulnerability that affects microprocessors that perform branch prediction. The vulnerability can be exploited to allow an attacker to access chosen virtual memory locations and thus obtain sensitive data. In order for the flaw to be exploited, an attacker would first need to convince a user to download and run malicious code or to visit a website where JavaScript is run in the browser. Researchers at Graz University of Technology have developed a new type of attack that can be performed via network connections, including WiFi networks. The attack – termed NetSpectre – is fortunately complex so there are far easier ways to attack an organization. The risk of exploitation is therefore low.

What are the Most Common Wireless Network Attacks?

Many of the most common wireless network attacks are opportunistic in nature. WiFi hackers look for wireless networks that are easy to attack.

Hackers are more than happy to take advantage of poor security controls to gain access to sensitive information and distribute malware. Why waste time attacking well-secured WiFi networks when there are plenty with scant or no security?

Poorly secured WiFi networks are also targeted by more sophisticated cybercriminals and organized crime groups to gain a foothold in the network. The attacks can be extremely lucrative. Access to a business network can allow ransomware to be installed and if malware can be installed on POS systems, the credit/debit card numbers of tens or hundreds of thousands of customers can be stolen.

Types of Wireless Network Attacks

There are several different types of WiFi attacks that hackers use to eavesdrop on wireless network connections to obtain passwords and banking credentials and spread malware. The main types of WiFi attacks are detailed below.

Fake WiFi Access Points, Evil Twins, and Man in the Middle Attacks

Visitors to hotels, coffee shops, and malls often connect to the free WiFi on offer, but various studies have shown that care is not always taken when connecting. Customers often choose the WiFi access point based on the SSID without checking it is the wireless network set up by a particular establishment for customer use.

Criminals can easily set up fake WiFi access points, often using the name of the establishment in the SSID. An SSID called ‘Free Airport WiFi’ would be enough to get many people to connect. When customers connect to these rogue WiFi networks they can still access the Internet, so are unlikely to realize anything is wrong. However, once connected to that network, everything they do online will be monitored by cybercriminals. Sensitive information entered online, such as email addresses and passwords, credit card numbers, or banking credentials, can and will be stolen.

How is this done? The attacker simply creates a hotspot on a smartphone and pairs it with a tablet or laptop. The hacker can then sit in a coffee shop drinking a latte while monitoring the traffic of everyone that connects. Alternatively, they can use a router with the same name and password as the one currently in use. This may also have a stronger WiFi signal, which may see more people connect. Through the “evil twin” all traffic will be plainly visible to the attacker and all data sent over the network can be captured.

Fake access points and evil twins are among the most common wireless network attacks. They are easy to conduct, require little technical skill, and are very effective. One study indicated more than a third of WiFi hotspot users take no precautions when accessing WiFi hotspots and frequently connect to unsecured networks.

Packet Sniffing: Interception of Unencrypted Traffic

Research by Kaspersky Lab in 2016 showed more than a quarter of public Wi-Fi hotspots set up in malls were insecure and lacked even basic security controls. A quarter did not encrypt traffic at all, while research conducted by Skycure showed that five of the 10 busiest malls in the USA had risky WiFi networks.

One mall in Las Vegas was discovered to be operating 14 risky WiFi access points. Hackers can use packet sniffers to intercept traffic on unencrypted WiFi networks. Packet sniffing is one of the most common wireless attacks.

These common wireless network attacks are easy on older routers, such as those using WEP encryption. WPA offers better security, WPA2 is better still, or ideally, the new WPA3 encryption protocol should be used if it is supported by your access point.

Wardriving

Wardriving is a technique used to identify and map vulnerable access points. The name comes from the fact that attackers drive around a neighborhood and use a laptop with a GPS device, antenna to identify and record the location of wireless networks.  This technique is effective since many WiFi networks used by businesses extend beyond the confines of the building and poor security controls are applied to secure those networks.

Warshipping

Warshipping is a more efficient method of attacking WiFi networks as it allows attacks to be conducted remotely, even if the attacker is not within range of a WiFi network. The tactic was explained by IBM X-Force Red researchers at Black Hat USA. They used cheap (under $100) and easy-to-obtain components to create a single-board computer with WiFi and 3G capabilities that runs on a cell phone battery. The device can be used to locally connect to the WiFi network and send information back to the attackers via the 3G cellular connection.

Since the device is small, it can easily be hidden inside a small package, and getting that package into a building is easy. It can just be mailed. Since the package may be addressed to someone not working it the company, it could sit in the mailroom for a while before it is opened. Since the package can be tracked, the attackers will know when it is in the building. Alternatively, it could be hidden in any number of items from plant pots to teddy bears. If the device is within range of WiFi networks, it could be used to attack those networks.

Hashed network access codes can be sent back to the attackers to crack, and the device can then connect to WiFi networks in the building and harvest data. The device could be used in a man-in-the-middle attack by impersonating an internal WiFi network.

MAC Spoofing

Many businesses use MAC filtering to prevent specific devices from connecting to their WiFi networks. While this is useful for preventing individuals from taking advantage of free WiFi for customers, this method of blocking users can be easily bypassed. It is easy to spoof a MAC address and bypass this filtering control.

Examples of WiFi Network Attacks

Attacks on wireless networks are not just theoretical. Listed below are some examples of common wireless networks attacks that have resulted in the installation of malware or theft of sensitive information. These latest wireless security attacks could easily have been prevented had appropriate security controls been implemented.

Latest Wireless Security Attacks

Tel Aviv Free WiFi Network Hacking Incident

One notable example of how easy it can be for a hacker to take over a WiFi network comes from Tel Aviv. Tel Aviv offers a city-wide free WiFi network, which incorporates basic security controls to keep users secure on the network. However, it did not prove to be as secure as city officials thought.

While commuting home, Tel Aviv resident Amihai Neiderman noticed a new WiFi access point had appeared. The FREE_TLV access point was provided by the city and Neiderman decided to test its security controls. After determining the IP address through which WiFi clients accessed the Internet, he disconnected, scanned the router, and discovered the web-based login interface was run through HTTPS port 443.

While he found no major vulnerabilities, after extensive analysis he identified a buffer overflow vulnerability which he successfully exploited to take full control of the router. By doing so, if he was so inclined, he could have intercepted the traffic from tens of thousands of users.

Toasters Used to Hack Unsecured WiFi Networks

Perhaps not one of the most common WiFi network attacks, but notable nonetheless due to the rise in the use of IoT devices. IoT capability has been incorporated into all manner of devices from toasters to washing machines. These devices can be vulnerable to supply chain attacks – Where hardware is altered to allow the devices to be used to attack WiFi networks. In 2016, Russian officials discovered chips imported from China had been altered and were being used to spread malware that could eavesdrop on unsecured WiFi networks from a range of 200 meters. They were used to infect those networks with malware that could steal information.

In-Flight WiFi Network Hacking from the Ground

Cybersecurity expert Ruben Santamarta has demonstrated it is possible to hack into airline WiFi networks from the ground and view the internet activity of passengers and intercept their information. More worryingly, he was also able to gain access to the cockpit network and SATCOM equipment. He claims the same technique could be used for ships, industrial facilities, and even military installations. He explained how he did it in his “Last Call for SATCOM Security” presentation at the 2018 black hat hacker conference.

Orange Modems Leaking Wi-Fi Passwords

A vulnerability has been identified in Orange LiveBox ADSL modems that causes them to leak the SSID and WiFi passwords in plaintext. The flaw was identified by Bad Packets researchers who observed their honeypots being actively attacked. A search on Shodan showed there are nearly 20,000 vulnerable Orange modems that leak Wi-Fi passwords and SSIDs in plaintext. In many cases, the default credentials of admin/admin were still being used! The flaw means the WiFi networks could easily be attacked remotely. Attackers could change device settings, alter firmware, and even obtain the phone number and conduct a range of other attacks.

WeWork WiFi Security Flaws

WeWork, a provider of custom workspaces, private offices, and on-demand workspaces equipped with high-bandwidth WiFi, has made an error implementing those WiFi networks which makes them far from secure.

WeWork used the same WiFi password at many of its shared offices for several years. To make matters worse, that password was weak and regularly features in the top 25 lists of extremely poor passwords. However, there was no need to guess it as it was available through the WeWork app in plaintext. Such a simple yet serious error placed all users of those workspaces at risk for several years. The researchers investigated several locations in San Francisco and found the same weak password used at multiple locations. Further, the WiFi network was only protected with WPA2 Personal security.

Teemu Airamo checked the security of the workspace he had just moved into and found hundreds of other companies’ devices exposed. Subsequent scans on the WeWork network revealed an enormous amount of sensitive data had been exposed. Password reuse is never a good idea, and neither is using dictionary words or heaven forbid, any of the top 25 lists of shockingly awful passwords.

WiFi Networks Can be Used to Gain Access to Business Data

Creating a WiFi network for guests is simple. Ensuring it is secure and cannot be used for attacks on the business network or customers requires more thought and effort. Any business that allows customers to make purchases using credit and debit cards is a major target for hackers and poor WiFi security is likely to be exploited sooner or later. The past few years have seen many major attacks that have resulted in malware being installed on POS systems. These are now some of the most common wireless network attacks.

How Can Businesses Prevent the Most Common Wireless Network Attacks?

How can businesses protect against some of the most common wireless network attacks? While it is difficult to prevent the creation of fake WiFi hotspots, there are steps that can be taken to prevent many common wireless network attacks and keep the WiFi network secure.

Isolate the Guest Network

If your business network is not isolated from your guest WiFi network, it could be used to gain access to business data and could place your POS at risk of compromise. Use a router that offers multiple SSIDs – most modern routers have that functionality. These routers often have a guest SSID option or separate guest portal. Make sure it is activated when it is deployed. Alternatively, your wireless router may have a wireless isolation feature that will prevent WiFi users from accessing your internal network and other client devices. If you require multiple access points throughout your establishment, you are likely to need a VLAN or EoIP tunnel configuration – A more complicated setup that will require you to seek professional advice on security.

Encrypt WiFi Traffic with WPA2 or WPA3

If you have an old router that does not support WPA2 encryption it’s time for an upgrade. WPA2 is the minimum standard for WiFi security, and while it can still be cracked, it is time-consuming and difficult. WPA3 has now been released and an upgrade should be considered. You should also make sure that WPS is turned off.

Update Firmware Promptly

All software and devices contain vulnerabilities and require updating. Software should be patched and devices such as routers will need to have their firmware upgraded when new versions are released. Check your device manufacturer’s website periodically for details of firmware updates and ensure your device is updated.

Create a Secure SSID

Your router will have a default SSID name, but this should be changed to personalize it to your business. If you make it easily identifiable, it will reduce the potential for rogue access points to be confused with your own.  Ensure that you enforce WPA2 encryption with a shared key and post that information for your customers along with your SSID in a prominent place where they can see it.

Restrict WiFi Access

If your wireless router or access point is too powerful, it could be accessed from outside your premises. Choose a router that allows you to alter the strength of your signal and you can ensure only your customers will use your connection. Also, ensure that your WiFi access point is only available during business hours. If your access points are left unsupervised when your business is closed, it increases the risk of an attack.

Secure Your Infrastructure

Administrator access can be abused, so ensure that your login name and your passwords are secure. If the default credentials are not changed, it will only be a matter of time before they are abused. Change the username from ‘admin’ or any other default username. Set a strong password that includes upper and lower-case letters, at least one number, and a special character. The password must be at least 8 characters although more is better.  Alternatively use a 14-character+ passphrase.

Use a Web Filter

A web filtering solution is an essential protection for all WiFi networks. Web filters will prevent users from visiting websites and web pages that are known to have been compromised or have been confirmed as malicious. This will protect your customers from web-based threats such as drive-by downloads, exploit kits, and phishing. A web filter will also allow you to prevent your network from being used to download or view unacceptable content such as pornography and lets you control bandwidth usage to ensure all customers can enjoy decent Internet speeds.

TitanHQ offers a scalable, easy to deploy, granular web filter for WiFi networks. WebTitan Cloud for WiFi requires no hardware purchases or software downloads as it is 100% cloud-based, can be managed and monitored from any location, and can help protect you against the most common wireless network attacks.

How Does WebTitan Cloud for WiFi Work?

Features of WebTitan Cloud for WiFi

• No hardware or software installation required
• Quick and easy to implement
• Fast: DNS solution provides almost zero additional latency
• Supports both static and dynamic IPs addresses
• No specialist training required
• Protects against all web-based threats
• Precision control over the content that can be accessed over WiFi
• Instant alerts about users trying to access restricted content
• Can be integrated into existing systems for easy management
• Available to MSPs and resellers in white-label form
• Fully multi-tenanted platform

WebTitan Cloud for WiFi, live all TitanHQ solutions, is available on a free trial for you to evaluate the full solution in your own environment. During the trial, you will receive full product support to ensure you get the most out of your trial.

Contact TitanHQ today to arrange your trial, for details of pricing, or to book a product demonstration. Our Customer Service team will be more than happy to answer any questions you have about the product.

Web Filtering FAQs

How can I make my guest Wi-Fi network secure?

You should change your SSID from the default, set a strong password, enable encryption (WPA2 or WPA3), prevent guests from accessing router settings and local network resources, and set up a web filtering solution to restrict access to potentially harmful web content.

How much does content filtering cost?

You can expect to pay between $1 and $3 per user, per month depending on the Wi-Fi content filtering solution you choose. At TitanHQ, we offer powerful content filtering at an affordable price for all businesses. WebTitan Cloud for Wi-Fi starts at $1.01 per user per month.

What is the best way to block phishing attacks?

Two anti-phishing solutions that businesses should implement are an email security gateway or spam filter to block malicious emails and a web filter to prevent employees from visiting phishing websites, either from links in malicious emails or through web browsing and redirects.

How easy is it to start filtering the Internet?

With WebTitan Cloud for Wi-Fi, content filtering is easy. Simply point your DNS to WebTitan, log in to your web-based user interface, then select the categories of content you want to block. It is that simple. Everything is intuitive and you have additional options if you want more precise control or need to implement different controls for different user groups. If ever you get stuck, you benefit from world-class customer support to get you back on track.

Should I enable SSL inspection?

SSL inspection allows you to inspect traffic to and from encrypted websites. Since most websites now secure the connection between the site and browser, this traffic will be invisible unless you enable SSL inspection. Malicious websites often have SSL certificates and will pose a serious threat if traffic is not inspected.

Cybersecurity Risks with Remote Workers

Mar 31, 2020 | Cybersecurity Advice, Internet Security, Mobile Security, Network Security, Web Filtering

IT departments have been forced to address cybersecurity risks with remote workers in a hurry due to the 2019 Novel Coronavirus pandemic that has seen large sections of the workforce forced into working from home.

The International Workplace Group conducted a study in 2019 and found that 50% of employees spend at least half of the week working remotely, and 70% of workers spend at least one day each week working from home. The 2019 Novel Coronavirus pandemic has increased that percentage considerably. Many companies have all but closed down their offices and have told their employees they must work from home.

While this is an important strategy for ensuring the safety of the workforce, there are many cybersecurity risks with remote workers and IT departments will find it much harder to secure their systems, protect confidential data, and quickly respond to security incidents.

One of the biggest problems for IT departments is the speed at which changes had to be made to accommodate a massive increase in remote workers. There has been little time to prepare properly, provide training, and ensure the cybersecurity risks with remote workers are all addressed.

Cybercriminals are Targeting Remote Workers

The massive increase in remote workers due to the 2019 Novel Coronavirus pandemic has given cybercriminals easy targets to attack, and unsurprisingly remote workers are being targeted. Remote workers are seen as low hanging fruit and attacks are far easier than when workers are in the office.

Several phishing campaigns have been detected targeting home workers that attempt to obtain email and VPN credentials. These phishing attacks are likely to increase considerably over the coming weeks and months. Attacks on VPNs have also increased, with cybercriminals exploiting unpatched vulnerabilities to steal credentials and gain access to corporate networks.

Campaigns have been detected spoofing Zoom and other videoconferencing platforms. According to Check Point, there have been 1,700 new Zoom domains registered in 2020 and 25% of those have been registered in the past two weeks. Other videoconferencing and communication platforms are also being targeted.

Addressing Cybersecurity Risks with Remote Workers

The massive increase in the number of employees working from home has increased the attack surface dramatically. Laptops, smartphones, and tablets are remotely connecting to the network, often for the very first time. It is essential that al of those devices are secured and data is appropriately protected.

Any device allowed to connect to the network remotely must have the best security software installed to protect against malware. Devices must be running the latest versions of operating systems and patches need to be applied promptly. Some studies suggest that it takes companies around 3 months on average to patch vulnerabilities. For remote workers, patching needs to be accelerated considerably and, ideally, software and operating systems should be configured to update automatically. Computers used by remote workers must also have firewalls enabled.

Ensure Home Routers are Secured

With many countries in lockdown and people being told not to leave the house, one of the biggest problem areas with remote working has been solved. The use of unsecured pubic Wi-Fi networks. When remote workers connect to unsecured public Wi-Wi networks, it is easy for cybercriminals to intercept sensitive corporate data, steal login credentials, and install malware. The Novel Coronavirus pandemic has seen remote workers abandon coffee shops and public Wi-Fi access points and stay at home; however, home Wi-Fi networks may be just as vulnerable.

Home workers will connect to the internet through consumer-grade routers, which will be far less secure than the office. Home Wi-Fi is often poorly secured and many devices that connect to Wi-Fi will have scant security controls in place. Remote workers must ensure that their home Wi-Fi network is protected with a strong password and that routers have WPA2 enabled.

Ensure Remote Workers Use a VPN and Establish a Secure Connection

It is essential for remote workers to establish a secure connection when accessing work resources and the easiest way to do this is with a virtual private network (VPN). A VPN client should be installed on all devices that you allow to remotely connect to the network.

Several vulnerabilities have been found in VPNs over the past year, and even months after patches have been released by VPN solution providers that patches have yet to be applied. Patching VPNs can be difficult when they are in use 24/7, but prompt patching is essential. There has been an increase in cyberattacks exploiting vulnerabilities in VPNs in recent weeks. In addition to ensuring the latest version of VPN clients are used and VPN solutions are patched quickly, training must be provided to remote workers to ensure they know how to use VPNs.

Ensure Multifactor Authentication Is Enabled

Strong passwords must be set to prevent brute force password guessing attempts from succeeding, but passwords alone do not provide sufficient protection for remote workers. You must ensure that multifactor authentication is enabled for all cloud services and for email accounts. If credentials are compromised in a phishing attack, it will not be possible for the credentials to be used to access accounts and sensitive data without another factor also being provided, such as a one-time code sent to an employee’s cellphone.

Security Awareness Training for Remote Workers

IT staff will be well aware that even the best security defenses can be breached as a result of the actions of employees. Employees are the weakest link in the security chain, but through security awareness training risk can be significantly reduced. Most companies will provide security awareness training to staff as part of the onboarding process, and often refresher training sessions will be provided on an annual basis. Consider increasing training for remote workers and conducting training sessions far more frequently.

The purpose of cybersecurity awareness training is to teach employees the skills they will need to recognize and avoid threats and to change the mindset of workers and create a culture of cybersecurity. Best practices for cybersecurity must be taught to prevent employees from falling prey to cyberattacks when working remotely. Employees need to be made aware of the cybersecurity risks with remote workers, which may not have been covered in training sessions when employees were only working in the office. Training remote staff should now be a priority. It is important to step up training to help remote workers identify phishing emails, spoofing, impersonation attacks, and also to teach remote workers about good IT hygiene.

Protect Against Web-Based Attacks

The dangers that come from the internet should be covered in security awareness training, but not all web-based threats are easy for remote workers to identify. Malicious adverts can be found on all manner of websites that direct users to phishing sites and websites where drive by malware downloads occur. To address cybersecurity risks for remote workers when accessing the internet, a web filtering solution should be deployed.

Cloud-based web filters are the most practical choice as they are easy to deploy, require no software downloads, and do not need to be patched or updated as that is handled by the solution provider. DNS-based filters are the best choice as they will involve no latency, which can be a major issue when bandwidth will be limited in workers’ homes.

WebTitan prevents remote workers from visiting or being redirected to known malicious websites and allows IT teams to control the types of websites that can be accessed on work devices to further reduce risk. Since WebTitan integrates with Active Directory and LDAP, IT teams can monitor the internet activity of all employees and can configure the solution to block malicious file downloads and the downloading unauthorized programs onto work devices.

Cybersecurity Challenges for Remote Working

Mar 23, 2020 | Cybersecurity Advice, Internet Security, Mobile Security, Network Security, Web Filtering

It is fair to say that more people are now working from home than ever before and the number is growing rapidly due to the coronavirus pandemic. Here we explore some of the key cybersecurity challenges for remote working and suggest ways that CIOs and IT managers can reduce risk, keep their networks secure, and protect their workers.

COVID-19 and Remote Working

Even in the absence of a pandemic, an increasing number of people are working from home for at least part of the week. One study conducted by the International Workplace Group in 2018 suggests 50% of employees spend at least two and a half days a week working from home and 70% spend at least one day a week working from home.

The coronavirus pandemic is rapidly changing that. Governments around the world are recommending people work from home if they possibly can and many want to do so to reduce the risk of contracting COVID-19. With the 2019 Novel Coronavirus pandemic likely to last for several months at the very least, that is unlikely to change any time soon. Businesses will come under increasing pressure to get their employees set up for working at home.

Cybersecurity Challenges for Remote Working

For many businesses, having to set up large number of employees to work from home in such a short space of time will have come as a major shock. Rather than being able to transition gradually, the quarantine measures and social distances demanded in response to the coronavirus pandemic has given businesses and their CIOs and IT teams little time to prepare and address the cybersecurity challenges for remote working.

Some employees will already be working from home some of the time, so they will be familiar with the steps they need to take to access work networks and applications securely from home, but for a great deal of workers this will be their first time. Those workers therefore need to be trained and made aware of the additional risks, they must learn how to access work systems remotely, and the steps they need to take to do so securely.

Measures need to be considered to reduce the harm that can be caused should devices be lost or stolen, as the risk of device theft increases considerably when IT equipment is taken out of the office. Even if workers are not venturing out of the house to coffee shops, home environments may not be as safe and secure as the office.

Cyberslacking is likely to increase considerably when workers are not being directly supervised due to working at home, so loss of productivity is a real issue. Productivity losses due to people working from home is a key business concern that should be addressed. Cyber risks also increase from internet access at home.

The risk of insider threats also increases with more remote workers. Steps should be taken to reduce the potential for fraud and data theft.

It is relatively easy for organizations to effectively manage risk when users are connected to internal networks when working in the office. Doing the same when most of the workforce is working remotely is a different matter entirely. As the attack surface increases, mitigating risks and protecting against cyberthreats becomes a major challenge.

There are also issues with authentication. A known individual may be attempting to connect to the network, but it becomes harder to determine is that person is who they claim to be. Authentication measures need to be stepped up a gear.

Many businesses will be faced with the problem of simply not having enough devices to allow workers to work remotely on company-issued devices, so the decision will need to be taken about whether to allow employees to use their personal devices. Personal devices are unlikely to have the same level of protection as company-owned devices and it is much harder to control what employees do on those devices and to protect against malware that could easily be transferred onto the work network.

There is also a greater risk of shadow IT when workers are home-based. The downloading of applications and use of non-authorized tools increases risk considerably. Vulnerabilities may be introduced that can easily be exploited by cybercriminals.

Then there is the problem of having so many people accessing work networks using VPNs. Systems may not be able to cope with the increased number, which means workers will not be able to connect and work from home. IT departments must ensure there is sufficient bandwidth and licenses for VPN solutions. Those VPNs also need to be updated and patched.

These are just some of the many cybersecurity challenges for home working. The list of security concerns is very long.

Cybercriminals are Taking Advantage of a Huge Opportunity

Cybercriminals are constantly changing tactics to attack businesses and the coronavirus pandemic offers them opportunities on a silver platter. It is unsurprising that they are taking advantage. In January, phishing campaigns were launched taking advantage of fear about coronavirus. Those campaigns have increased significantly as the COVID-19 crisis has deepened. Coronavirus and COVID-19 are being used as phishing lures and to COVID-themed emails are being used to distribute malware. Cyberattacks exploiting vulnerabilities in VPNs are also increasing.

As the COVID-19 crisis worsens and lockdowns are enforced, businesses will be forced to have more workers working from home and cyberattacks are likely to continue to increase. Since shutting down the business temporarily or indefinitely simply isn’t an option for most businesses, addressing the cybersecurity challenges for remote working will soon become critical.

Addressing the Cybersecurity Challenges for Home Working

Addressing the cybersecurity challenges for home workers is likely to be difficult. Listed below are some of the steps that should be taken to prepare.

• When creating new accounts for home workers, ensure strong passwords are set and use the principle of least privilege to reduce risk.
• Enable two-factor authentication.
• Ensure workers can connect through VPNs and there are sufficient licenses and bandwidth.
• Make sure VPN software is patched and the latest version is installed. Ensure procedures are in place to keep the software updated.
• Consider disabling USB ports to prevent the use of portable storage devices. This will reduce the risk of malware infections and the risk of data theft.
• Ensure portable devices are protected with encryption. Use software solutions that lock devices in the event of theft or allow devices to be remotely wiped.
• Ensure you set up communications channels to allow remote workers to collaborate, such as teleconferencing, chat facilities, document sharing platforms, and SaaS applications. Make sure employees are aware of what can and cannot be shared via chat apps such as Slack and Google Chat.
• Ensure staff are trained on new applications, the use of VPNs, and are aware of the additional risks from remote working. Train remote workers on how to identify phishing and other cybersecurity threats.
• Ensure policies and procedures are set up for reporting threats to IT security teams. Instruct employees on the correct course of action if they believe they have fallen for a scam.
• Implement a DNS filter to prevent employees from accessing high risk websites on corporate-issued devices and block downloads of risky file types.
• Ensure email security controls are implemented to block phishing attacks and detect and quarantine malware threats.

How TitanHQ Can Help Protecting Remote Workers and Their Devices

TitanHQ has developed two cybersecurity solutions that can help businesses protect their remote workers and their networks from email and web-based threats. Being 100% cloud-based, these solutions are just as effective when employees are working remotely as they are for office workers.

SpamTitan Cloud is a powerful email security solution that protects against the full range of email threats. SpamTitan has advanced threat detection capabilities to detect known and zero-day phishing, spear phishing, malware, botnet, and ransomware threats and ensure the threats never reach inboxes. SpamTitan Cloud also scans outbound email to detect spamming and malware distribution, as well as improving protection against insider threats through tags for sensitive data.

WebTitan Cloud is a DNS filtering solution that provides protection from web-based attacks for user working on and off the network. Being cloud based, there is no need to backhaul traffic to the office to apply filtering controls. Since the filter is DNS-based, clean, filtered internet access is provided with no latency. Controls can easily be applied to restrict access to certain types of websites to prevent cyberslacking and block cybersecurity threats and malware downloads.

Both of these solutions are easy to implement, require no local clients, and can be set up to protect your employees in minutes. They are also available on a free trial if you want to evaluate the solutions before committing to a purchase.

For further information on SpamTitan Cloud Email Security and WebTitan Cloud DNS filtering and to discover how these solutions can help to protect your business and remote workers at this extremely challenging time, give the TitanHQ team a call today.

An Easy Solution for Web Filtering Multiple Locations

Feb 12, 2019 | Cybersecurity Advice, Internet Security, Mobile Security, Network Security, Web Filtering

Web filtering at multiple locations can be a headache but it is a necessity. Human error can easily result in an email account breach, malware download, or ransomware attack. Every employee is a potential security risk, so it is important for controls to be implemented to reduce the risk of mistakes leading to a costly security incident.

One of the main ways that data breaches occur is through phishing. The web pages used in phishing attacks host phishing kits that collect login credentials and send them to the scammers. The web pages usually contain identical copies of the login boxes used by the likes of Microsoft Office 365, Google, and Facebook. The web pages are incredibly realistic and can be difficult for employees to identify as malicious.

Hyperlinks in emails also direct employees to websites containing exploit kits which probe for vulnerabilities and silently download malware. A user could visit a website for a couple of seconds, yet still trigger a malware download. Even general web surfing can see users redirected to malicious websites.

The solution is to implement a web filter. A web filter allows businesses to control the web content that users can visit, and it also blocks access to malicious web sites.

Web Filtering at Multiple Locations

While a web filter is easy to implement on premises, protecting mobile workers and multiple offices can be more of a challenge. Traditionally, web filters were physical appliances through which all Internet traffic flowed. Rules were applied to the appliance to control what sites can be visited by employees.

One of the main disadvantages when web filtering multiple locations, is a separate appliance needs to be used at each location. Not only is this costly, installing and maintaining the appliance requires technicians to be available on site. For many businesses running multiple offices, IT is managed remotely. IT staff are not available at each site. An appliance-based filter at each site is far from ideal.

An alternative is to backhaul Internet traffic to the corporate office, but this has a major impact on Internet speed. The latency issued can cause major problems for remote offices so this option is also not ideal.

The best solution is a cloud-based DNS web filter. A DNS web filter can be applied, configured and maintained remotely without the need for site visits or on-site support staff. No hardware is required and no software needs to be downloaded. All that is required is for a change be made to internal DNS servers or DNS settings.

Not only does this approach eliminate the need for any costly hardware purchases, with a cloud-based DNS filter there is no latency. The DNS-filter can be applied for all locations and managed through a single web-based interface. Controls can also be applied for different locations via an AD/LDAP client.

A cloud-based DNS filter is ideal for web filtering multiple locations, but what about protecting employees on the move? When employees travel for business, their mobile devices similarly need to be protected. A DNS filter can protect those employees online no matter where they access the Internet without the need to backhaul traffic.

Cloud-based DNS web filters are also the ideal solution for managed service providers (MSPs) who want to offer web filtering to their clients. The filters are highly scalable, and they offer multitenant management for MSPs and allow all clients settings to be configured and managed through a single pane of glass. Separate polices can be applied for each clients and reports can be easily generated. There is no need for any site visits, no need for patching, and web filtering can be offered no matter where the client is based.

WebTitan Cloud – Web Filtering Multiple Locations Made Simple

TitanHQ is a leading provider of DNS-based web filtering for businesses. WebTitan Cloud is an enterprise-class DNS-based web filtering solution that makes web filtering multiple locations effortless.  The solution takes minutes to implement and requires no training to use. All web filtering controls can be applied remotely via an intuitive user interface.

If you run a business in multiple geographical locations, want to protect remote workers, or if you are a managed service provider that wants to add web filtering to your service stack, contact TitanHQ for further information on WebTitan Cloud.
 

10 Cybersecurity Tips for Small Businesses

Jan 25, 2019 | Cybersecurity Advice, Internet Security, Mobile Security, Network Security, Web Filtering

Hackers are increasingly targeting small businesses. These 10 cybersecurity tips for small businesses can be implemented to improve security, prevent successful cyberattacks, and avoid costly data breaches.

Many small business owners misguidedly think that their company is too small to be a target for hackers but cyberattacks on small businesses are common and they are increasing. A successful attack on a Fortune 500 company is likely to be far more profitable for the hacker, but also much harder. Small businesses are relatively easy targets and attacks can be highly profitable.

Small business owners cannot afford to take cybersecurity lightly. A successful cyberattack could prove catastrophic. With this in mind, we have compiled 10 cybersecurity tips for small businesses that can easily be implemented to improve security. We hope you find these small business cybersecurity tips useful for improving your security posture.

Top Cybersecurity Tips for Small Businesses

Implement a Robust Firewall

A firewall is a cybersecurity solution that sits between a small business network and the outside world and prevents unauthorized individuals from gaining access to the network and stored data. Not all firewalls are created equal. Extra investment in a next generation firewall is money well spent. Don’t forget to also protect remote workers. Ensure that they are also protected by a firewall.

Create and Enforce Password Policies

You should implement password policies that require all users to set strong, secure passwords. A strong, unique password should be used for all systems. Passwords should include capitals, lower-case letters, a number, and a special character, and should be at least 10 digits long. Teach employees how to create secure passwords and enforce your password policies. Consider using a password manager so passwords do not need to be remembered.  Consult NIST for the latest password guidance.

Security Awareness Training

Make sure you provide the workforce with regular security awareness training. This is the only way that you can create a culture of cybersecurity. Be sure to cover the security basics, safe Internet use, how to handle sensitive data, creation of passwords, and mobile device security. You should provide training to help employees avoid phishing attacks and consider phishing simulation exercises to test the effectiveness of your training program.

Multi-Factor Authentication

Multi-factor authentication involves the use of a password and at least one other method of authentication. If login credentials are compromised, an additional factor is required to gain access to an account or the network such as an SMS message to a user’s smartphone.

Backups

It is essential to have a good backup policy. In the event of disaster, such as a ransomware attack, you need to be able to recover critical data. Backups must also be tested to make sure files can be recovered. Don’t wait until disaster strikes to test whether data can be recovered. A good strategy is the 3-2-1 approach. Three backup copies, on two different types of media, with one copy stored securely offsite.

Software and Firmware Updates

Vulnerabilities are regularly found in computer software. Patches are released to correct those vulnerabilities, including those that are being actively exploited. Make sure patches are applied promptly, software is kept 100% up to date, and the most up to date firmware has been installed. Implement automatic updates where possible and create a schedule for updates if they need to be performed manually.

Network Segmentation

It is a standard best practice to segment networks and split them into subnetworks. Not only will this improve security it can also improve performance. By preventing access between segments, if one part of the network is compromised, an attacker will not have access to all systems and data. Also make sure you limit access to sensitive data and restrict the use of admin credentials. Apply the rule of least privilege. Do not give employees access to data, networks, and software that they do not need for day to day work duties.

Implement a Spam Filter

Arguably the biggest cyber threat that small businesses face is phishing. A single phishing email could allow an attacker to bypass your perimeter defenses and obtain login credentials or install malware. An advanced spam filter will allow you to improve productivity by blocking non-malicious spam emails and prevent phishing emails from being delivered to inboxes.

Secure Wi-Fi Networks

If you have a wireless network in your workplace it needs to be protected. Ensure that it is secured, data are encrypted, and that it is hidden and does not broadcast its SSID. Use WPA2 for encryption (or WPA3 if possible). Change default passwords and ensure your wireless router cannot be accessed from outside the network.

Consider Implementing a Web Filter

A web filter provides protection against web-based attacks by preventing employees from visiting phishing websites and sites that host malware.

A DNS-based web filter can protect wired and wireless networks and even remote workers. It will block malware downloads and prevent users from accessing dangerous websites and those that serve no work purpose thus improving productivity.

WPA3 WiFi Security Enhancements Will Not Block All WiFi Threats

Nov 27, 2018 | Cybersecurity Advice, Internet Security, Mobile Security, Network Security, Web Filtering

WiFi networks are a potential security weak point for businesses, although the introduction of WPA3 will improve Wi-Fi security. WPA3 Wi-Fi security enhancements address many WP2 vulnerabilities, but WPA3 alone is not enough to block all WiFi threats.

WiFi Security Protocols

The WPA WiFi security protocol was introduced in 1999, and while it improved security, cracking WPA security is far from difficult. Security enhancements were introduced with WPA2 in 2004, but while more secure, WPA2 does not fix all vulnerabilities. Little has changed in the past 14 years, but at long last, WPA3 is here. Use WPA3 and Wi-Fi security will be significantly enhanced, as several important WP2 vulnerabilities have been fixed.

WPA3 WiFi Security Enhancements

One of the biggest WiFi security threats is open networks. These are WiFi networks that require no passwords or keys. Users can connect without entering a pre-shared key. All a user needs to know is the SSID of the access point to connect. These open networks are used in establishments such as coffee shops, hotels, and restaurants as it is easy for customers to connect. The problem is users send plain text to the access point, which can easily be intercepted.

WPA3 spells an end to open networks. WPA3 uses Opportunistic Wireless Encryption (OWE). Any network that does not require a password, will encrypt data without any user interaction or configuration. This is achieved through Individualized Data Protection or IDP. Any device that attempts to connect to the access point receives its own key from the access point, even if no connection to the AP has been made before. This control means the key cannot be sniffed and even if a password is required, having access to that password does not allow the data of other users to be accessed.

Another security enhancement that has been made in WP3 reduces potential for password cracking attacks such as the WPA2 KRACK Attack. WPA2 is vulnerable to brute force and dictionary-based attacks. That is because security relies on the AP provider setting a secure password and many establishments don’t. With WPA3, the Pre-Shared Key (PSK) exchange protocol is replaced with Simultaneous Authentication of Equals (SAE) or the Dragonfly Key Exchange, which improves security of the initial key exchange and offers better protection against offline dictionary-based attacks.

WPA3 also addresses security vulnerabilities in the WiFi Protected Setup (WPS) that made it easy to link new devices such as a WiFi extender. In WPA3, this has been replaced with Wi-Fi Device Provisioning Protocol (DPP).

Configuring IoT devices that lack displays has been made easier, the 192-bit Commercial National Security Algorithm is used for enhanced protection for government, defense and industrial networks, and better controls have been implemented against brute force attacks. These and other enhancements mean WPA3 is far more secure.

Unfortunately, at present, very few manufacturers support WPA3, although that is likely to change in 2019.

WPA3 WiFi Security Issues

Even with WPA3 WiFi security enhancements, WiFi networks will still be vulnerable. WPA3 includes encryption for non-password-protected networks, but it does not require authentication. That is up to hotspot providers to set. WPA3 it is just as susceptible to man-in-the-middle attacks and offers no protection against evil twin attacks. The user must ensure they access the genuine access point SSID.

The connection to the AP may be more secure, but WPA3 does not offer protection against malware downloads. Users will still be at risk from malicious websites unless a DNS filtering solution is used – A web filter to protect WiFi networks.

Improve WiFi Security with a DNS-Based WiFi Filtering Solution

A DNS-based WiFi filtering solution such as WebTitan Cloud for WiFi protects users of a WiFi network from malware attacks, ransomware downloads, and phishing threats. The cloud-based filter also allows businesses that provide WiFi access points to carefully control the content that can be accessed by employees, customers, and other guest users.

By upgrading to WPA3 WiFi security will be improved. With WebTitan Cloud for WiFi, users will also be protected once they are connected to the network.

WebTitan Cloud for WiFi allows you to:

• Filter the Internet across multiple WiFi hotspots
• Create a family-friendly, safe and secure web browsing environment
• Manage access points through a single web-based administration panel
• Delegate management of access points
• Filter by website, website category, keyword term, or keyword score
• Block material contained in the child abuse image content URL list (CAIC List)
• Upload blacklists and create whitelists
• Reduce the risk of phishing attacks
• Block malware and ransomware downloads
• Inspect encrypted websites with SSL certificates
• Schedule and run reports on demand
• Gain a real-time view of internet activity
• Gain insights into bandwidth use and restrict activities to conserve bandwidth
• Apply time-based filtering controls
• Integrate the solution into existing systems through a suite of APIs

Further information on WebTitan Cloud for WiFi is detailed in the video below. For further information on WiFi security, including WebTitan pricing and to book a product demonstration, contact the TitanHQ team today.

DNS Filtering for MSPs: Better Protect Your SMB Clients and Improve Your Bottom Line

Nov 15, 2018 | Cybersecurity Advice, Internet Security, Mobile Security, Network Security, Web Filtering

Why is DNS filtering for MSPs so important? Find out how you can better protect your clients against web-based attacks and the MSP benefits of offering this easy to implement cybersecurity solution.

A recent survey conducted by Spiceworks has revealed that DNS filtering is now considered an essential part of the security stack at the majority of large firms. The survey was conducted on companies with more than 1,000 employees and revealed 90% of those firms are using a solution such as a DNS filter to restrict access to the internet to provide protection from malware and ransomware attacks.

89% of firms use DNS filters or other web filtering technology to improve productivity by blocking access to sites such as social media platforms, 84% of firms block access to inappropriate websites, and 66% use the technology to avoid legal issues.

Given the risk of a malware or ransomware download over the Internet and the high cost of mitigating such an attack, it is no surprise that so many large firms are using web filtering technology to reduce risk.

Why DNS Filtering is so Important for SMBs

Phishing attacks and ransomware/malware downloads are major risks for large businesses, but SMBs face the same threats. SMBs are also less likely to have the resources to cover the cost of such an attack. For example, the average cost of a ransomware attack on an SMB is $46,800 according to Datto. The cost of remediating such an attack is just too high, which is why so many SMBs fold within 6 months of experiencing a data breach.

DNS filtering is an important control to prevent malware and ransomware attacks over the Internet, both by blocking downloads of ransomware and malware and preventing employees from visiting phishing websites.

According to the Spiceworks survey, 38% of organizations have experienced at least one security incident as a result of employee Internet activity. By restricting access to certain categories of website and blocking known malicious websites, SMBs will be much better protected against costly attacks.

Add to that the amount of time that is lost to casual internet surfing and web filtering is a no-brainer. 28% of employees waste more than 4 hours a week on websites unrelated to their work, but the percentages rise to 45% at mid-sized businesses and 51% of employees in small businesses waste more than 4 hours a week on personal Internet use.

There is no latency with DNS filtering, plus controls can be implemented to restrict certain bandwidth heavy activities to improve network performance.

DNS Filtering for MSPs – The Ideal Web Filtering Solution

DNS web filtering is a low-cost cybersecurity solution that actually pays for itself in terms of the productivity gains and by preventing costly malware, ransomware, and phishing attacks. Further, in contrast to appliance-based web filters, DNS filtering requires no hardware purchases or software installations which means no site visits are required and the costs are affordable for most SMBs. DNS filtering can also be set up for clients remotely in a matter of minutes.

DNS filtering is ideal for MSPs as it is hardware and software independent. It doesn’t matter what devices and operating systems your clients have because DNS filtering simply forwards web traffic to a cloud-based filter without the need to install any clients or agents on servers or end points. Stopping malicious requests at the DNS layer is preferred over waiting for the payload to be delivered onto the machine and then removed. By stopping it at the DNS layer you’re reducing not only malware infections, but containing machines already infected by preventing them from communicating out to their C&C servers.

TitanHQ’s DNS filtering for MSPs has a low management overhead. It really is a et and forget solution, with all updates performed by TitanHQ. A full suite of customizable reports can be run on demand or automatically generated and sent to clients to show them what threats have been blocked, who in the organization has been trying to access restricted content, and which employees are the biggest drain on network performance.

WebTitan is a malware and phishing link killer for your customers that is constantly fed real time threat intelligence from an active database of 650 million users, ensuring the solution blocks access to malicious websites as soon as they are discovered. the solution can also be configured to block risky file types commonly used to deliver malware.

MSPs can easily add in web filtering to existing security packages to provide greater value or offer web filtering as an add-on service to generate extra, recurring monthly revenue and attract more business.

MSP-Friendly Features of WebTitan Cloud for Service Providers

• Host WebTitan Cloud with TitanHQ, in a private AWS cloud, or within your own infrastructure
• Full suite of APIs to allow you to integrate WebTitan Cloud with your auto-provisioning, billing, and monitoring systems or third-party solutions
• You do not need to become an ISP to provide web filtering to your clients
• WebTitan Cloud is scalable to hundreds of thousands of users
• WebTitan Cloud includes multiple management roles
• New customers can be added and configured in minutes
• WebTitan Cloud is available as a white label ready to take your own branding
• MSPs benefit from industry-leading customer service
• Highly competitive pricing, aligned monthly billing, and generous margins for MSPs
• World class customer support

MSPs joining the TitanSHIELD MSP program receive one-to-one training with our sales engineers and have a dedicated account manager, assigned sales engineer support, access to the Global Partner Program Hotline, access to the Partner Knowledge Base, 24/7 priority technical support, online technical training and FAQs, access to the Partner Technical Knowledge Base, and full access to an extensive range of marketing materials and sales tools. More than 1,500 MSPs have become partners and are protecting their clients with WebTitan.

If you do not yet offer web filtering to your clients, if you are unhappy with your current service provider or the margins they offer, call TitanHQ today for more information on our DNS filtering for MSPs and for further information on the MSP Program program.

MSP Testimonials

“WebTitan is an outstanding tool for most reliable content filtering. The monitoring feature of this specific product is quite unique that totally monitors all the process of online working and also secures all the data. Additionally, its set-up is superb easy and it can be done in just few minutes that save my time and energy as well.” – Kristie H. Account Manager

“WebTitan is fairly easy to setup. It is available as a cloud based solution or on prem. You can get as simple or as complicated with your filtering as you like, it will handle most situations with ease. It has provided us with a stable web filtering platform that has worked well for us for many years.” Derek A. Network Manager

“WebTitan is outstanding software that helps me a lot in minimizing viruses. The thing I like most about WebTitan is that it is extremely easy to use and configure. I like its clear interface. It lets us block malicious content and spam easily. It is no doubt an amazing product helping us a lot in kicking out harmful bad stuff.” – Randy Q. Software Engineer

How Can You Prevent a Computer from Becoming Part of a Botnet?

Jun 27, 2018 | Cybersecurity Advice, Internet Security, Mobile Security, Network Security, Web Filtering

What is a Botnet? How are they used? What harm can be caused, and how can you prevent a computer from becoming part of a botnet? These and other questions answered.

What is a Botnet?

A botnet is simply a collection of computers and other Internet-connected devices that are controlled by a threat actor. Usually that control is achieved via a malware installation, with the malware communicating with the threat actor’s command and control server.

Once malware has been installed on one device, potentially it can propagate to other devices on the same network, creating a mini-army of slave devices under the threat actor’s control. Any computer with the malware installed is part of the botnet and can be used on its own or collectively with other compromised devices for malicious purposes.

What are Botnets Used For?

Botnets are often used to conduct Distributed Denial of Service (DDoS) attacks, with the devices in the botnet used to access a particular service simultaneously and flooding it with traffic making that service temporarily unavailable. The Mirai botnet, which mostly consists of vulnerable IoT devices, was used to take down large sections of the Internet, including some of the most popular websites such as Twitter and Netflix. DDoS attacks are now being conducted that exceed 1 terabits per second, largely due to sheer number of devices that are part of the botnet.

One of the biggest botnets ever assembled was made possible with Zeus malware, a banking Trojan that was particularly difficult to detect. In the United States, an estimated 3.6 million computers had been infected with the malware, making Zeus one of the biggest botnets ever created.

In addition to DDoS attacks, botnets are also used to send huge quantities of spam and phishing emails. The Necurs botnet is the world’s largest spamming botnet, delivering 60% of all spam emails. The Gamut spam botnet delivers around 37% of spam botnet traffic. These two spamming botnets are primarily used to send malicious messages containing email attachments with malicious macros that download malware such as the Dridex banking Trojan, and the ransomware variants Locky, Globelmposter, and Scarab.

Recently, the rise in the value of cryptocurrencies has made it highly profitable to use the processing power of botnets to mine cryptocurrency. When processing power is used for cryptocurrency mining, the performance of the computers will reduce significantly.

How Are Botnets Created?

Botnets can be created through several different methods. In the case of IoT devices, attackers often take advantage of weak passwords and default credentials that have not been changed. Since IoT devices are less likely to be updated automatically with the latest software and firmware, it is easier to exploit flaws to gain access to the devices. IoT Devices also rarely have antivirus controls, making infection easier and detection of malware much harder.

Computers are most commonly recruited into botnets through malware sent via spam email campaigns – such as those sent out by the spamming botnets. Malware is delivered via infected email attachments or links to malicious websites where malicious code is hosted. Messages can be sent via social media networks and chat apps, which also direct users to malicious websites where malware is downloaded.

Drive-by downloads are also common – Malware is downloaded by exploiting vulnerabilities in browsers, add-ons or browser plug-ins, often through exploit kits loaded on compromised websites.

Prevent a Computer from Becoming Part of a Botnet

It is much easier to prevent a computer from becoming part of a botnet than identifying a malware infection and eradicating it once it has been installed. To prevent a computer from becoming part of a botnet, it is necessary to use technological controls and adopt security best practices.

Businesses need to ensure all staff are trained to be more security aware and are told about the risks of opening email attachments or clicking links in emails from unknown senders. They should also be told not to automatically trust messages from contacts as their email accounts could have been compromised. Employees should be taught security best practices and risky behavior, such as connecting to public WiFi networks without using a VPN, should be eradicated.

All software must be kept up to date with patches applied promptly. This will reduce the risk of vulnerabilities being exploited to deliver malware. Antivirus software should be installed and configured to update automatically, and regular AV scans should be performed.

Firewalls should be used to implemented to prevent unauthorized network access and allow security teams to monitor internet traffic.

Spam filtering solutions should be implemented to block the majority of malicious messages from being delivered to end users’ inboxes. The more messages that are blocked, the less chance there is of an employee responding to a phishing email and inadvertently installing malware.

One way to prevent a computer from becoming part of a botnet that is often forgotten, is the use of a web filtering solution. A web filter, such as WebTitan, will prevent malware and ransomware downloads and block access to malicious websites sent via email or through web browsing.

Implement these controls and it will make it much harder for your organization’s computers to be infected with malware and added to a botnet.