Strengthening Network Security for Alliah Company: WLAN and Mobile Vulnerabilities and Mitigation
SCENARIO
You are a network professional on the IT team at Alliah Company, a new but fast-growing social media provider. One year ago, Alliah launched a social media website aimed at young professionals. The company also released a mobile app for accessing the site from cellular devices. Alliah was able to launch its website with money generated by a crowd-funded campaign, but most of the funds were spent on the site and app development, with relatively little money (and time) devoted to the internal office network infrastructure.
Alliah has 35 full-time employees, all of whom have offices or shared work spaces in a three-story building that serves as the company headquarters. The building is an old warehouse that was converted for office use and is approximately 10,000 square feet. Currently, the employees occupy only two floors; the third floor is vacant and available for expansion.
The Alliah WLAN has a gigabit managed switch, a multiservice wireless LAN controller, and seven wireless access points strategically located to provide coverage to office staff. One access point services a large back patio area for employee use. The network is protected by a firewall. The Alliah website servers are located in a data center 100 miles from Alliah headquarters.
Five employees are account representatives who are on the road at least 80 percent of the time, and each rep has a company-issued laptop, tablet, and smartphone. They use a large, shared office in the headquarters building when they are not traveling.
Employees use company-owned computers that connect to the WLAN, and, in an effort to control costs during the launch, Alliah has a bring your own device (BYOD) policy.
The IT staff consists of five employees; three are devoted to website maintenance, one manages the headquarters’ computers and network, and another employee assists with the website and the office network. IT staff uses wired Ethernet connections to remotely access the website servers.
The Alliah website is successful, attracting more and more visitors each month. Jennifer, the CEO, anticipates hiring more employees and is considering a strategy that would take the company public within a few years. In preparation, she wants to ensure that Alliah’s wireless networking infrastructure is highly secure, especially because it may need to grow quickly in a short period of time, and she wants to understand the security risks the company faces. She also wants to decide if Alliah should continue allowing BYOD or restrict network access to company-owned devices only, or if a compromise solution is available.
A. Describe two WLAN vulnerabilities that present risks for Alliah, based on the details in the scenario.
B. Describe two mobile vulnerabilities that present risks for Alliah, based on the details in the scenario.
C. Summarize the steps for mitigating each identified WLAN and mobile vulnerability, including the specific tools or documentation that will be needed for mitigation.
D. Recommend preventive measures to maintain the security posture of WLAN and mobile environments in a small business, such as Alliah. Reference federal, state, or industry regulations that justify these measures.
E. Recommend a solution for the company’s BYOD approach, including research to justify your recommendation.
F. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
G. Demonstrate professional communication in the content and presentation of your submission.
Title: Strengthening Network Security for Alliah Company: WLAN and Mobile Vulnerabilities and Mitigation
Introduction
In the fast-growing world of social media, Alliah Company has made its mark with a successful website and mobile app. However, the company's internal network infrastructure has been neglected, leaving it vulnerable to potential security risks. This essay will explore two WLAN vulnerabilities and two mobile vulnerabilities that present risks for Alliah, and outline steps for mitigating each vulnerability. Additionally, preventive measures will be recommended to maintain the security posture of WLAN and mobile environments in a small business like Alliah. Finally, a solution for the company's BYOD approach will be recommended, supported by relevant research.
A. WLAN Vulnerabilities and Risks
Insufficient WLAN Encryption: The Alliah WLAN may be using weak encryption protocols or no encryption at all, leaving the network susceptible to unauthorized access and data breaches. Without proper encryption, sensitive information transmitted over the network can be intercepted and exploited by malicious actors.
Inadequate Access Point Placement: The strategic placement of access points is crucial to ensure complete and reliable coverage throughout the office space. If access points are improperly placed or insufficient in number, dead zones may exist where network connectivity is weak or non-existent. This creates opportunities for attackers to exploit these weak spots for unauthorized access or to launch attacks on the network.
B. Mobile Vulnerabilities and Risks
Unsecured Wi-Fi Connections: When employees use their company-issued laptops, tablets, and smartphones on public Wi-Fi networks while traveling, they expose themselves to potential risks. Unsecured Wi-Fi connections can be exploited by attackers to intercept sensitive data, including login credentials or proprietary information stored on these devices.
Lack of Mobile Device Management: Alliah currently lacks a comprehensive mobile device management (MDM) solution to enforce security policies and manage company-owned devices remotely. Without proper MDM, the company is unable to ensure that devices are up-to-date with security patches, have strong passwords, or have necessary security features enabled. This increases the risk of data breaches or unauthorized access if a device is lost or stolen.
C. Mitigation Steps for WLAN and Mobile Vulnerabilities
Mitigating WLAN Vulnerabilities:
Implement Strong Encryption: Alliah should ensure that the WLAN is configured with the latest encryption standards, such as WPA3 or AES (Advanced Encryption Standard). This will protect data in transit and prevent unauthorized access.
Conduct Site Survey: A professional site survey should be conducted to assess the current placement of access points and identify any dead zones. Based on the findings, additional access points may need to be installed or existing ones repositioned to ensure complete coverage.
Mitigating Mobile Vulnerabilities:
Use VPN for Remote Connections: Alliah should require employees to use a virtual private network (VPN) when connecting to the company's network remotely. This will encrypt all traffic between the device and the network, even when using public Wi-Fi, providing an additional layer of security.
Implement Mobile Device Management (MDM): Alliah should invest in a robust MDM solution that allows for centralized management of company-owned devices. MDM software can enforce security policies, remotely wipe or lock devices in case of loss or theft, and ensure devices are updated with the latest security patches.
D. Preventive Measures for WLAN and Mobile Security
To maintain the security posture of WLAN and mobile environments in a small business like Alliah, the following preventive measures should be implemented:
Regular Security Audits: Alliah should conduct routine security audits to identify vulnerabilities and weaknesses in their network infrastructure and mobile devices. This can help detect potential threats before they are exploited.
Employee Education: Ongoing employee training on best practices for network security and safe mobile device usage is essential. This includes educating employees about the risks associated with using unsecured Wi-Fi networks and promoting overall awareness of cybersecurity threats.
Compliance with Regulations: Alliah should adhere to federal, state, or industry regulations related to data protection and privacy, such as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability Act (HIPAA). Compliance with these regulations not only helps protect customer data but also ensures legal and financial consequences are avoided.
E. BYOD Approach Solution
The BYOD approach can offer flexibility and cost savings for a company like Alliah; however, it also introduces additional security risks. To strike a balance between employee convenience and network security, a compromise solution is recommended:
Implement a "Bring Your Own Device" policy that requires employees' personal devices to comply with certain security standards before connecting to the corporate network. This includes ensuring devices have up-to-date operating systems, strong passwords, and security features enabled (such as biometric authentication). Additionally, employees should install recommended security applications (e.g., antivirus software) and regularly update them.
Research suggests that implementing such a policy can significantly reduce security risks associated with BYOD while still allowing employees to use their preferred devices for work purposes (Source: Gartner Research).
Conclusion
By addressing WLAN vulnerabilities through encryption implementation and proper access point placement, as well as mitigating mobile vulnerabilities through VPN usage and MDM implementation, Alliah Company can significantly enhance its network security posture. Additionally, preventive measures such as regular security audits, employee education, and compliance with regulations will help maintain a secure environment. Lastly, adopting a compromise BYOD policy supported by research will strike a balance between employee convenience and network security. By implementing these recommendations, Alliah can ensure that its network infrastructure remains highly secure as it continues its growth trajectory in the social media industry.
References
Gartner Research: "Bring Your Own Device (BYOD) Security Best Practices," retrieved from https://www.gartner.com/smarterwithgartner/bring-your-own-device-byod-security-best-practices/