The idea of Zero Trust has been discussed for around a decade in the Information Security industry, however recently the core concepts have begun to appear in more and more products. At its core it can be summarized as:
Zero trust security is an IT security model that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside of the network perimeter. No single specific technology is associated with zero trust; it is a holistic approach to network security that incorporates several different principles and technologies.
802 Secure, as a method to bridge the Cyber Physical Gaps, brings together the Zero Trust with our comprehensive AIRShield solution to create Zero Trust Wireless Monitoring.
Zero Trust Features
Trust Levels provide definition and risk level of known networks
Every client network connection is monitored in real-time relative to Trust Levels
Clients are assigned to Client Groups upon initial connection to the network
Unknown clients are automatically classified and assigned to Client Groups based on their risk to the environment
Zero Trust Advantages
Alert when a client connects to a disallowed network (i.e. Trusted client connects to a non-trusted or Rogue Network)
Escalate events based on Risk multipliers defined by your organization
De-emphasize or even suppress events that are not relevant (i.e. Guests connecting to WiFi hotspots)
Report on clients that have connected to specific networks (i.e. show all clients that have ever connected to the Trusted Network)
How Does AIRSHIELD Provide Zero Trust?
A core tenet of Zero Trust is only allowing those who have provided valid credentials through the access gate. This concept only works as a gatekeeper to a provided network boundary - the Wi-Fi Access Point, the Switch Port, the VPN Gateway, the Cloud, etc. A difficulty in protecting Wireless networks is that the client stations generally must trust their access provider making the idea of Zero Trust rather difficult to apply.
802 Secure’s AIRShield listens the nearby radio environment and provides a foundational level of Zero Trust Monitoring through the application of Trust Policies and Client Groups.
Trust Policies and Client Groups
WiFi is everywhere now. At the office, at home, at the library, in the airplane, in the lobby of your physician's office -- just about everywhere now. When deployed in a location AIRShield continuously monitors the radio spectrum. New systems are interrogated and observed for risks and threats. The behavior between stations and access points are observed and comprehended.
As these activities are observed, levels of trust are created and tracked. When a station deviates from its normal interaction its risk level score is raised and an event is generated notifying administrators of this change.
AP Trust Levels and Client Groups
Stations with high scores can be identified and actions taken to prevent this behavior from reoccurring.
Interrogating The Air Space
In addition to behavior monitoring, AIRSHIELD will connect to and interrogate open and EAP-enabled WiFi networks to both understand the network and to ensure compliance to security standards.
For example a network team may deploy EAP-enabled access points with the highest security principles. Should an Evil Twin AP appear that is not on the wired network most current WIDS/WIPS will simply ignore it or report it as being suspicious leaving the incident response team with very little information.
802 Secure’s AIRShield your team will now have:
Information on when the new AP appeared and what it was advertising, even if it changed:
Encryption methods
X.509 certificate changes
EAP type allowance
An alert about its presence
The ability to isolate it from allowing any further connections
A detailed list of all the stations who connected to it
Real World Examples
Some real world examples of risky behaviors identified by AIRSHIELD’s Zero Trust Wireless Monitoring:
A station connects to a newly purchased IoT device that is not on the network
A user connects a corporate resource to another networks that bypasses network security controls (firewalls, HTTPS interception proxies, bandwidth limitations, etc)
An IoT networked device, which should only communicate to one network, is reset and connects to an available open network
A centrally-configured Access Point is unable to reach its controller and configures its ESSID to be a vendor-determined name
A system, newly installed by a third party or unassuming group, also provides WiFi networking yet its default configuration has not been changed
Connecting to a recently installed XFINITY network over the preferred IT network because of network list priority and pre-existing credentials for home/on-the-road use
Connecting to an Evil Twin or Rogue Wi-Fi Access Point
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article