Filtering website content on a local network protects from phishing and malware, but protecting Wi-Fi hotspot locations is much more challenging. Administrators have no control of external networks, but it's not uncommon for employees to connect to Wi-Fi hotspots using mobile devices and smartphones. Although the hotspot might seem safe, attackers target these locations in the hope of catching poorly secured devices and connections using man-in-the-middle (MitM) attacks, phishing and malware.
Common Wi-Fi Threats for Mobile Users
Having anti-malware on a mobile device should be a part of your security policy, but these applications don't normally catch zero-day malware. AI and frequent updates have improved the efficiency of malware detection, but it's only after the user downloads content that these applications trigger defenses. This means that clever phishing attacks with attached malware, cleverly designed to avoid detection, leave employee devices at risk.
Attackers also use their own Wi-Fi hotspots within range of the official one to trick users into connecting to them. Think of a user at Starbucks that searches for a hotspot with a strong signal. An attacker could name a malicious hotspot "starbucks01" and trick users into connecting to it. Once the attacker tricks users into connecting to a malicious hotspot, any unencrypted data passed from the user's browser to a target server would be subject to a MitM attack.
Phishing attacks can be stopped using email filters, but clever attackers are still able to bypass them. It only takes one successful phishing attack for an organization to lose millions of data records either from stolen credentials or malware. Known malware sites can be filtered in many different ways, but detecting newly registered sites is more difficult.
Using DNS to Stop Wi-Fi Threats
Although having anti-malware on devices should be standard procedure, adding DNS protection to your network and mobile connections should also be a part of any organization's defenses. DNS protection stops all content from even reaching your network or user devices during the DNS lookup process.
To understand how DNS filters work, you first need a basic understanding of how a web browser connects to a web application. For every web-based application with an IP available to the public, a browser first performs a DNS lookup. This lookup matches the fully qualified domain name (FQDN) with the IP address. After the browser receives the IP associated with a FQDN, it contacts the server and downloads the content to the local device. Only after the content is downloaded does anti-malware flag a file and stop the user from opening it.
With DNS protection, an extra step is added where the IP address is cross-referenced with a list of known attack sites. If a match is found, the user is blocked from accessing the site. No files are downloaded. The user is unable to open the site in a browser, and the local machine and network are fully protected from downloaded content. Users won't be able to have credentials stolen from a phishing email with an included link that points to a malware site. Any application that requires an IP lookup from a browser will be checked using DNS protection, and since this feature is a required part of Internet connectivity, attacks that use web-based connections are unable to avoid it.
Protecting Your Wi-Fi Network
DNS protection doesn't just defend local devices from attacks. Any computer that connects to a Wi-Fi hotspot is a part of the local network. Businesses that offer these hotspots should always have a firewall separating the public Wi-Fi and internal network, but devices connected to the Wi-Fi subnet can share resources and store files on any resources within this subnet. With DNS protection, an organization protects this local network from attacks.
When users connect to a Wi-Fi hotspot, they can no longer connect to public web applications should they be blacklisted using DNS filtering. This security implementation protects not only your local hotspot resources, but it also protects other devices when connected to the public Wi-Fi.
Features for DNS Filtering
Any DNS filter that you add to your network should have no latency or users will experience slow browsing. You can whitelist any false positives and manually blacklist sites that you don't want to allow on a public Wi-Fi. Because DNS protection is scalable, it's beneficial for both small and large organizations.
DNS protection should be a part of any Wi-Fi hotspot for thorough defense against malicious content. Whether it's protecting mobile users or defending against downloaded content, your Wi-Fi hotspot should have the right cyber security in place or it could be a place for attackers to deliver malware, launch DDoS attacks or perform MitM attacks.
MITM attacks
‘Man IN The Middle’ attacks are a common form of attacks on people on public Wi-Fi. A hacker captures the data you are sending. Most hackers who use this method exploit flaws in apps or websites that allow them to view the information being passed. The information can include bank details, passwords, personal identification information, and other data that could be used for identity theft. The most common type of MITM attacks is those that occur over unencrypted unsecured Wi-Fi networks.
The easiest way for an attacker to exploit public WiFi is to position himself between clients and the router. A man-in-the-middle attack (MITM) is like eavesdropping where an attacker can get in-between point A and B and intercept data. Sometimes this data can be modified in the process of transmission to trick the victim into disclosing sensitive information, such as login credentials. The victim will likely never notice anything is amiss. Once the user falls for the deception, the data is collected.
For users using weak passwords, even if that password is encrypted it will not take long before the attacker cracks your password. Learn how to create a strong password this will make them harder to crack. Security depends on the trust between devices on a network and when a user accidentally trusts a malicious party the network becomes compromised.
Next Steps
If you’d like to evaluate the benefits of TitanHQ´s DNS filtering software in your own environment, start 14-day free trial. Our team of experienced engineers will answer any questions you have about DNS Internet filtering software and guide you through the process of registering for your free trial.
Once you are registered, we will walk you through the process of redirecting your DNS to receive our service. There are no credit cards required to trial WebTitan, no contracts to sign and no commitment from you to continue with our DNS filtering software once the trial period is over.
Simply call us today, and you could be adding an extra level of security to your organization´s web browsing activity within minutes.