WGU C844 GRP1 Task 2: Analysis of
WLAN and Mobile Security Vulnerabilities
Emerging Technologies in Cyber Security
(Western Governors University)
, A: WLAN VULNERABILITIES
The first potential vulnerability is the “large back patio area” that the employees of Alliah are
authorized to use. While it sounds like a nice addition for employees, it presents a handful of potential
threats to the company. Primarily, any attacker within range of the wireless signals could be able to sniff,
capture and even redirect network traffic. These are all examples of Man-in-the-Middle (MITM) attacks,
which is also a potential threat in the next WLAN vulnerability I noticed.
The second potential WLAN vulnerability involves the “Alliah website servers” which are 100
miles from the company’s headquarters. This is a common technique employed across many industries,
but there is no mention of a VPN or any other type of data encryption between company headquarters and
the data center. If there is no use of ‘in-flight’ encryption used for this data, it is extremely susceptible to
MITM attacks. This could imply the loss of account information, PII, and proprietary data just to name a
few.
B: MOBILE VULNERABILITIES
The first mobile-related vulnerability that came to my mind, as well as the second vulnerability,
involve the five account representatives at Alliah. This first vulnerability focuses on the ability of each
employee to connect to public Wi-Fi networks at places like Starbucks or Panera Bread. This was the
first consideration I had due to the fact that many companies across the world deal with the issues of
securing company data with traveling employees. If not done correctly, the use of public networks can be
one of the most dangerous things to do with a company machine.
As far as mobile vulnerabilities are concerned, the second is abundantly clear. The five
employees who are almost constantly traveling present a huge risk of company loss due to theft of
devices. These five employees each have a laptop, tablet, and smartphone. Any of these three devices
contain sensitive company data or, worse, present the thief with a route into the corporate network.
C: STEPS TO MITIGATE VULNERABILITIES
The first mentioned WLAN vulnerability, the patio area, has a few potential solutions, but I am
going to focus on one. Use the most secure, up-to-date wireless encrypted protocol. At the time of
writing, NIST recommends the used of IEEE 802.11i subset with either WPA or WPA2 as the protocol.
This information can be found in NIST SP 800-97 which can be retrieved from this address:
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-97.pdf
The second WLAN vulnerability, which is the distance between Alliah headquarters and their
website servers, has a very simple solution; VPN. According to the abstract for NIST SP 800-77, “A VPN
can provide several types of data protection, including confidentiality, integrity, data origin
authentication, replay protection and access control.” This is exactly what Alliah needs to ensure is in
place for the security of their data. The full version of NIST SP 800-77, which includes documentation for
the implementation of an IPSEC VPN, can be found here:
https://csrc.nist.gov/publications/detail/sp/800-77/final
WLAN and Mobile Security Vulnerabilities
Emerging Technologies in Cyber Security
(Western Governors University)
, A: WLAN VULNERABILITIES
The first potential vulnerability is the “large back patio area” that the employees of Alliah are
authorized to use. While it sounds like a nice addition for employees, it presents a handful of potential
threats to the company. Primarily, any attacker within range of the wireless signals could be able to sniff,
capture and even redirect network traffic. These are all examples of Man-in-the-Middle (MITM) attacks,
which is also a potential threat in the next WLAN vulnerability I noticed.
The second potential WLAN vulnerability involves the “Alliah website servers” which are 100
miles from the company’s headquarters. This is a common technique employed across many industries,
but there is no mention of a VPN or any other type of data encryption between company headquarters and
the data center. If there is no use of ‘in-flight’ encryption used for this data, it is extremely susceptible to
MITM attacks. This could imply the loss of account information, PII, and proprietary data just to name a
few.
B: MOBILE VULNERABILITIES
The first mobile-related vulnerability that came to my mind, as well as the second vulnerability,
involve the five account representatives at Alliah. This first vulnerability focuses on the ability of each
employee to connect to public Wi-Fi networks at places like Starbucks or Panera Bread. This was the
first consideration I had due to the fact that many companies across the world deal with the issues of
securing company data with traveling employees. If not done correctly, the use of public networks can be
one of the most dangerous things to do with a company machine.
As far as mobile vulnerabilities are concerned, the second is abundantly clear. The five
employees who are almost constantly traveling present a huge risk of company loss due to theft of
devices. These five employees each have a laptop, tablet, and smartphone. Any of these three devices
contain sensitive company data or, worse, present the thief with a route into the corporate network.
C: STEPS TO MITIGATE VULNERABILITIES
The first mentioned WLAN vulnerability, the patio area, has a few potential solutions, but I am
going to focus on one. Use the most secure, up-to-date wireless encrypted protocol. At the time of
writing, NIST recommends the used of IEEE 802.11i subset with either WPA or WPA2 as the protocol.
This information can be found in NIST SP 800-97 which can be retrieved from this address:
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-97.pdf
The second WLAN vulnerability, which is the distance between Alliah headquarters and their
website servers, has a very simple solution; VPN. According to the abstract for NIST SP 800-77, “A VPN
can provide several types of data protection, including confidentiality, integrity, data origin
authentication, replay protection and access control.” This is exactly what Alliah needs to ensure is in
place for the security of their data. The full version of NIST SP 800-77, which includes documentation for
the implementation of an IPSEC VPN, can be found here:
https://csrc.nist.gov/publications/detail/sp/800-77/final
