Home > News > Blog > Fortification for the Modern Nomad: Secure Wi-Fi Solutions in Public Venues

Blog

Publish | 2023-07-25
SHARE THIS STORY

Fortification for the Modern Nomad: Secure Wi-Fi Solutions in Public Venues

Key Features that Edgecore Offers to Your Wi-Fi Security

 

What kind of mischief can harm your network security?

Picture this, you’re at a bustling public venue that graciously offers Wi-Fi connectivity, but little do you know, it’s like a hacker’s treasure trove waiting to be plundered! One of the classic tricks up their sleeves is the notorious “Man-in-the-Middle Attack.” Sounds fancy, huh? Let’s take the hotel environment as an example. Those sneaky hackers can effortlessly launch man-in-the-middle attacks on the network. Here’s how they pull it off:

The sly devils bring their own router and plug it into the hotel’s LAN port. They cunningly issue DHCP (or do some fancy proxy ARP magic) to infiltrate the hotel LAN. If the network isolation isn’t up to snuff, when an unsuspecting user from another room innocently connects to the Hotel Wi-Fi or Ethernet, guess what? They end up with an IP address from the hacker’s router! And that’s when the hacker strikes, using the router to pilfer information, like creating fake landing pages and whatnot. Sneaky, right? This is, hands down, the most common attack in the hotel environment. Some audacious hackers even go as far as blackmailing the poor hotel for their misdeeds!

Oh, but the audacity doesn’t stop there! These crafty cyber troublemakers might also bring their very own wireless gateway. They give it the same name (SSID) as the legit hotel Wi-Fi network. Tricky, tricky! So when unsuspecting users try to connect to the hotel Wi-Fi, they unwittingly latch onto the hacker’s devious wireless gateway instead. And guess what? It’s déjà vu all over again! The hacker now has the perfect setup to execute the same shenanigans mentioned earlier.

So, there you have it—just a couple of examples showcasing the creativity of these mischievous hackers. Remember, when using public Wi-Fi, keep your wits about you! Make sure you’re connecting to a trusted network and avoid sharing sensitive information like the secret recipe for your grandma’s famous chocolate chip cookies. Stay safe out there, folks!

Let’s go back to the role of the network service providers. The above scenarios are telling us that it is extremely important to provide a managed and secure network environment for your customers.

It’s time for Edgecore to debut. Let Edgecore Wi-Fi solution offers you advanced features for securing your Wi-Fi fortification.

Allow us to spill the beans on the secret hacks behind the scenes and how Edgecore Wi-Fi can rescue you from the clutches of those dastardly hackers.

Here’s the deal:

When you, the client, want to join a network, you usually send an ARP request to find out the MAC address of your trusty gateway. The gateway kindly responds with its MAC address, and voila! You can surf the web via gateway’s MAC address. Simple, right? But hold your horses! ARP can be manipulated. Enter the sneaky technique known as proxy ARP. This mischievous trickster can masquerade as the “fake MAC address” and fool unsuspecting clients. They cunningly respond to the client’s query, making them believe that the fake gateway is the real deal. And guess what happens next? The poor client unknowingly sends all its precious traffic to the impostor gateway. Yikes!

Now, fear not, for Edgecore Wi-Fi has got your back! We’ve devised ingenious solutions to keep you safe from these shenanigans.

To avoid the Man-in-the-Middle Attack, we have two features, called “DHCP Snooping” and “ARP Inspection“, these can be configured in ecCLOUD and EWS Gateway-Controller, and all Edgecore Wi-Fi Access Points which support 12.x AP NOS Version.

  • For “DHCP Snooping”, the administrator can input the “trust DHCP server”, so in the AP, it would detect if all the DHCP traffic is sent from the trust server, if no, it would drop the DHCP packets. So, the hacker cannot use fake DHCP server to do the man-in-the-middle attack.

 

  • For “ARP Inspection”, it is related to DHCP snooping, the AP would collect all IP-MAC pair from DHCP packets and build a table. For all ARP traffic, the AP would compare the ARP response packet and check if the IP-MAC pair is the same as the result of the DHCP, then the hacker cannot send “fake MAC address” to do the man-in-the middle attack.

 

To avoid the second attack (fake SSID), Edgecore offers “Rouge AP Detection” feature in EWS Gateway-Controller, the AP would scan the environment periodically and send the wireless scan result to the controller, then the controller can check if there is any broadcast beacons are sent from the AP which is not managed by the controller, and then send the alert if any.

So, rest easy knowing that with Edgecore Wi-Fi, you’re shielded from the clutches of those wily hackers. Say goodbye to their dastardly plots and hello to secure, worry-free browsing. Happy surfing!

What’s New ?
Newsletter
Sign up for our newsletters to get the latest news !