The rapid development of smartphones has been about a decade. Compared with the old non-smart phones, the biggest difference should be its powerful Internet function. Today, because of the high price of mobile Internet traffic, and home users and business users increasingly dislike physical network cables and prefer Wi-Fi more. Wi-Fi is a technology that allows electronic devices to connect to a wireless local area network (WLAN). People have become accustomed to keeping the Wi-Fi function of their mobile phones turned on. However, Wi-Fi brings not only convenience but also hidden safety risks. Some WiFi is set to an encrypted state, and some Wi-Fi is open and can be accessed without a password. Wi-Fi is actually a technology that transforms wired Internet access to wireless Internet access.
Fake WiFi Access Points and Evil Twins Attacks: As customers often choose the WiFi access point based on the SSID without checking it is the wireless network set up by a particular establishment for customer use, Criminals can easily set up fake WiFi access points and lure the victims to connect.
Packet Sniffing: Hackers can use packet sniffers to intercept traffic on unencrypted WiFi networks. It is easy on older routers, such as those using WEP encryption. WPA offers better security, WPA2 or the new WPA3 encryption protocol should be used if it is supported by your access point.
Wardriving: It is used for identifying and mapping vulnerable access points. The name comes from the fact that attackers drive around a neighborhood and use a laptop with a GPS device, antenna to identify and record the location of wireless networks.
Warshipping: Hashed network access codes can be sent back to the attackers to crack, and the device can then connect to WiFi networks in the building and harvest data. The device could be used in a man-in-the-middle attack by impersonating an internal WiFi network.
MAC Spoofing: While many businesses use MAC filtering to prevent individuals from taking advantage of free WiFi for customers, this method of blocking users can be easily bypassed. It is easy to spoof a MAC address and bypass this filtering control.
LIFARS Gap Assessment Solution is designed to ascertain your comprehensive information security, risk and compliance status (current). Not only we determine your current state along with your risk appetite and tolerance, but we also provide you with an actionable roadmap to reach target maturity level including strategy, structure, governance, and operations management plan. Leveraging our extensive knowledge and experience, our competent Assessors and Project Managers focus on the following to deliver optimal services for you:
- Identify key business processes and associated information flow to ensure adequate threat modeling.
- Identify and engage key stakeholders to ensure adequate information discovery.
- Adhere to industry best practices and standards such as ISO, NIST, COBIT, and CIS.
- Provide Assessment Workbook prior to onsite and remote observations and interviews to maximize productivity.
- Optimally engage stakeholders for interviews and observations to minimize time impact.
- Provide Roadmap, Strategy and Operations Management plan aligned with your risk appetite and tolerance.
- Present findings to key stakeholders including executives to influence cultural changes.