Skip to main content
All CollectionsFrequently Asked Questions
Detecting and Fixing Network Threats
Detecting and Fixing Network Threats
Updated over 2 years ago

Millions of cyberthreats are unleashed over the internet every day, many of which target businesses, large and small. An astonishing 90 percent of enterprise data breaches are caused by phishing attacks, costing businesses billions of dollars every year in lost revenue and downtime. Below are several cyberthreats commonly made against wired/wireless networks and how to fix them.

Threats

How to Detect

Advice & Remediation

Man-in-the-middle attack (MITM)

Scan which SSID is “Open” or “WPA1.”

Search all SSIDs on the cloud. (WPA-PSK uses weak passwords.)

Ask admin to change authentication.

Disable WPS.

Disable 802.11r when using PSK.

unauthorized AP

The detected AP is not attached to the LAN.

Identify the AP location by notifying official APs with the detected the rogue AP.

AP impersonation

Scan for duplicate SSID and MAC addresses.

Disconnect the rogue AP by disabling the LAN port.

Identify the AP location by notifying official APs with detected the rogue AP.

AP spoofing

Scan the same MAC address.

Identify the AP location by notifying official APs with the detected the rogue AP.

With a cloud switch, disconnect the rogue AP by disabling the LAN port.

Invalid SSID mis-use

Scan the SSID and compare to SSID set in Org/Networks.

Compare to the AP list in the Organization/ Networks.

If not on the list, then admin should manually filter the list to identify the rogue AP.

Identify the AP location by notifying official APs with the detected the rogue AP.

With a cloud switch, disconnect the rogue AP by disabling the LAN port.

Weak SSID authentication

Detect WEP type and WPA type to see if only the most advanced version is being used.

Enhance security.

RF Jammer

Check to see if the channel utilization rate is high.

Look into spectrum analysis to see who is actually crowding the channel.

Change to another channel.

De-authentication Frame

Deauth frame is from non-whitelisted AP.

Deauth attacker usually doesn’t send sync timestamp.

Search my SSID which is open.

Enable 802.11w.

Use a protected managed frame (PMF) standard to encrypt managed frame between client and AP.

Interact with 802.11r and 802.11u.

Non-11w client can still connect, while 11w client will use PMF.

Did this answer your question?