In Part 1 of this miniseries, I mentioned that when I was young my mother always used to tell me that I was “special,” and that I foolishly took this to be a compliment. However, by some strange quirk of fate, it turns out that she was right (how could I ever have doubted her?).
In that column, I also described my personal cybersecurity setup, leaving us on a “cliff-hanger” with regard to the use of virtual private networks (VPNs).
When you connect your computer to the internet from home, you do so via your internet service provider (ISP), which can monitor — and potentially log — everywhere you go and everything you do. Even worse, any sufficiently adroit nefarious players can do much the same thing.
One solution is to use a VPN. In this case, when you launch the client app on your computer, it immediately establishes an encrypted channel between your machine and the VPN provider’s servers. Now, anything you do that uses the internet, including sending emails and browsing the web, automatically travels through your encrypted VPN channel, which means that all your ISP can see looks like gibberish. Furthermore, you can use your VPN to make it appear as though you are based anywhere in the world — I like to pop-up in weird and wonderful locations — although I’m not actually convinced this helps me in any way.
If you have a home computer that’s provided by your company, it may be that the corporate IT folks have already equipped it with a VPN. Alternatively, there are a variety of providers available, such as NordVPN, PureVPN, and Norton Secure VPN. Furthermore, if you use Linux as your operating system, I just heard that there’s an open source VPN called WireGuard in the newly released Linux 5.6 kernel.
Now, VPNs are wonderful, and I’m jolly glad to have one. Sad to relate, however, there is a “gotcha” — a fly in the soup or an elephant in the room, as it were (feel free to pick the metaphor of your choice). The thing is that VPNs do a good job when you’re using wired connections — like an Ethernet cable connecting your computer to your home router — but they don’t cover layers 2 and 3 of the Open Systems Interconnection (OSI) model when you are using WiFi.
What this means is that, even when using a VPN, although the data frames of the WiFi packets are encrypted, the control management frames aren’t. In turn, this means an attacker can re-initiate your connection (thus re-initiating your VPN client) any time he or she wishes. The bottom line is that, whenever you are using WiFi, you are vulnerable. This is especially true in public places like coffee bars, hotels, and airports, but it’s also the case on private networks like those at your office or home.
I can imagine you sitting at home reading this on your screen, glancing at the WiFi icon on the status bar, and thinking “What! Noooo!” I know that’s what I thought when I first heard this. Fortunately, help is at hand from a company called WifiWall.
The guys and gals at WifiWall have a system called WifiWall Dome, which can be used by IT folks to protect companies, airports, industrial facilities, and… the list goes on. The WifiWall Dome provides continuous monitoring and analysis of 802.11 traffic and access points (APs), detection of Wi-Fi attacks such as Rogue Access Point, Evil Twin, Man in the Middle, Channel switching, ARP poisoning, beacon, and more, and also real-time geo-location of rogue access points and evil twins.
Now, this is all well and good if you are in a location that’s protected by a WifiWall Dome, such as your company’s headquarters, for example, but what if you are out on the road, visiting clients, staying in hotels, or working from home? Well, in this case, your IT department can issue you with a device called a WifiWall Traveler, which is roughly the same size as a pack of Tic-Tac mints.
As you meander your way around the world, your Traveler constantly monitors any WiFi networks it sees, classifying them as being safe, worrying, or active threats (e.g., rogue access points). Furthermore, you inform your Traveler as to the MAC addresses (unique IDs) of your various systems. In my case, my Traveler knows the MAC addresses of my tower computer, my laptop computer, my iPhone, and my iPad Pro. The Traveler “sniffs” any WiFi packets that fly under its metaphorical nose, paying particular attention to any packets with the MAC addresses of any of your devices.
If the Traveler sees anything untoward or detects an attack, it will send a Channel Switch 802.11 command to your device instructing it to immediately terminate its connection to the WiFi, thereby blocking the attack and protecting the integrity of your system and data.
Unfortunately, WifiWall Travelers are currently available only as part of a full-up corporate WifiWall Dome solution. So, how is it that I have one? Well, as I mentioned earlier, I’m special. In addition to my rugged good looks and the fact that I’m a trend-setter and a leader of fashion, the folks at WifiWall were kind enough to send me a standalone WifiWall Traveler for my personal protection.
A couple of days ago at the time of this writing, our governor ordered a “shelter-in-place” to commence at 5:00 p.m. that evening, so I drove to my office to pick up my main computer and bring it home. Before I set off to the office, I cleared my WifiWall Traveler and dropped it in my pocket. As you can see in the photo at the start of this column, which was taken as soon as I returned home, over the course of that one short round trip, my Traveler detected 249 WiFi networks it deemed to be suspicious (it doesn’t bother telling me about the good ones).
OMG is all I can say. Happily, I have good news. I was chatting with the folks at WifiWall, and they tell me that, since things have changed so dramatically, so quickly, with so many people now working from home, they are working “nights as the days” as the old Hebrew saying goes on a new “WifiWall Dome for Home” product. This “Dome for Home” will include a mini-Dome and one or more Travelers, thereby allowing organizations to distribute out-of-the-box Wi-Fi security solutions to each of their employees.
Next time, we will consider some additional technologies you can use to protect the integrity of your data and your systems while working at home. In the meantime, as always, I welcome any cybersecurity-related comments, questions, and suggestions, along with any cybersecurity stories you care to share.