While everybody is aware of WiFi Passwords, we really are not very serious about the other security aspects of WiFi and the vulnerabilities that a WiFi network throws at us. SSID passwords can be the simplest form of security of the network. SSIDs can be WPA and WPA-2 (Personal) as well as WPA and WPA-2 (Enterprise) type password protected. The WEP password protection can also be enabled by the use of a Radius/AAA server mechanism that a wifi network is connected to. WiFi passwords, SSID names and encryption types can be changed if the admin notices some misuse. This change feature is very quick and easy for the admin to handle from the centralized portal or app as opposed to managing individual APs one at a time.
There are more complicated and sometimes ignored aspects that generally all wifi networks deserve to be attended to. JustiFi is an attempt to plug the holes in enterprise and residential wifi network security. In the items below, we take a look at mostly the enterprise network vulnerabilities as well as how JustiFi addresses those.
Cloud based DNS black listing – JustiFi’s DNS black listing service gives a wide array of choices to block or control the way your network is exposed to the outside world. This service allows the customer to configure and block the evils on the Internet like adware, spyware, malware, phishing sites and other restricted content that is inserted to the regular traffic stream that you are enjoying. JustiFi is also capable of filtering out restricted content like adult sites and other unwanted advertisements that eavesdrop on a bonafide content. Another common threat that is increasingly becoming prevalent that gets you caught unaware is DNS hacking where it affects routers and use it to divert your traffic to malafide servers which can intercept passwords and other valuable data from you.
There are 4 types of content or attacks that can jeopardise your privacy by causing some serious threats to your enterprise networks by either compromising your details, slowing down or bringing down the network entirely.
- The first and most common is intentional browsing of restricted content (all types of adult, radicalised and anti national content etc), where the person responsible for browsing is a genuine enterprise network user.
- The trojans or other contents that get unknowingly installed on the end point device (laptop or mobile etc) due to such intentional browsing. Sometimes, these appear as a warning about a serious network problem detected on your end point device which most of us fall prey to and click to install some update or a monitoring solution which happens to be some intrusion into your device that can compromise all your data including financial details.
- Content that are inserted on your traffic stream without your knowledge – sometimes unharmful though, advertisements that can be annoying as well as some unwanted contents that are either soft adult content or derogatory in nature. Although there are third party mechanisms to prevent such insertions as browser plugins, most of the time we are not sure of the breach of privacy they cause.
- DNS hacking – Happens mostly due to the hacking of WiFi routers and inserting some DNS redirection rules that can redirect your unsecured (http) traffic to some phishing servers where your passwords and other credentials can be compromised.
JustiFi effectively blocks such hacking attempts that happen unknowingly behind your back as well as intentional browsing of content that is not suitable to your enterprise policies. The advantage here is, this is not a solution that mandates you to install some special endpoint apps like antivirus or a browser plugin of any kind. The solution lies on the routers that you install as part of JustiFi that secures your network transparently and the admin can manage it centrally with ease.
Vouchers with usage limits – In addition to the password protected WiFi, the user is given vouchers which are limited by a time bound as well as a role based consumption limit beyond the expiry of which the vouchers are disabled automatically and the user is disconnected from the Internet connection while still being connected on the WiFi.
Revoking vouchers (automated and manual) – Vouchers can be revoked by the admin on an individual user basis or a group of vouchers per zone based on any need that admin feels.
Device Profiling and Bandwidth control – A user and his type of device is detected based on the connection, the voucher it has used to connect etc and can be used to profile the particular user and his activities on the network. Based on this detection, an administrator can define a policy that can be applied to a specific device type rather than just a user. Also based on the usage and usage pattern of a particular device, the admin can decide to block or bandwidth limit (throttle the speeds) of a particular device while other devices are left unaffected by such policies.
Role based vouchers and policies – There are several roles according to which policies are created and allotted to various users. These roles more or less are guided by the use cases and various roles have various time and consumption limits that restrict the various users. Depending on the use cases (public WiFi, hang out places, co-living spaces, co working spaces, warehouses or factories, the corresponding role based vouchers can be allotted and the policies are automatically in place to control the usage. The advantage of such policies is, the admin need not have to constantly monitor a lot of connections while the system keeps track of its own usage and its consumption.
ACL and User Internet Control – Various ACLs can be created and made available by the admin, based on voucher basis, zone basis, VLAN basis, or device basis to either control the bandwidth or to control and restrict the access to certain sites (youtube.com), category of sites (streaming, porn sites, gaming sites) or type of applications (whatsapp, facebook etc)
VLAN based Zone aggregation and Policies – Apart from individual user or device based control, zone, Access Point or VLAN based policy/ACLs are also available to restrict the usage of the network.