In: Computer Science
The SOC has noticed an unusual volume of traffic coming from an open wi-fi guest Network that appears correlated with a border Network slow down. The network team is unable to capture traffic, but logs from Network Services are available.
No users have authenticated recently there was a guest networks captive portal
DDoS mitigation systems are not alerting
DNS resolver logs show some very long domain names
Which of the following is the best step for security analysis to take next?
Block all outbound traffic from the guest Network at the border firewall
verify the passphrase on the guest network has not been changed
search antivirus logs for evidence of compromise company device
review access point logs to identify potential a zombie services
According to wireless security, you can do following mitigation:
1. Intelligent wireless controller use - For the management and Provisioning of multiple devices and access points, intelligent wireless routers or controllers are very important. All the access points throughout the network will be managed and controlled by a centralized wifi controller which will act as a master channel. It will help mitigate against Man in the middle attack, and rogue based attacks.Some wireless controllers have automated secirity layers which can defend all types of attacks like ddos and mitm.
2. Use WPA2 Encryption/Authentication - It is very important to use an encryption which is not easy to crack even with higher level devices. The more strong the encryption, the less chances of getting a network based hacking. For a guest based network, use WPA2 encryption with web based auth to secure the whole network by acquiring user's information,
3. Use of AAA system to record users activities - When one use WPA2 authentication, the router sends encrypted information to the centralized Authentication, Authorization and Accounting (AAA) server. Radius server is an example of AAA system.
4. Segregating Guest Network - A proper segregation of both the wired and wireless networks is very important, so that one can separate VLans and Guest traffic.