#trusted
partner
Who's In Your Cloud?
Who's In Your Cloud?
Episode 14: Wireless Security
/

Episode 14: Wireless Security

Apr 5, 2022 | CYBERSECURITY, Who's In Your Cloud?

Who's In Your Cloud Blog Header Image

Welcome back to “Who’s In Your Cloud?” 21 Steps to Secure, Reliable, Trusted Technology. I’m Lauren Lev, Marketing Manager for TechOnPurpose, and this is Episode 14: Wireless Security

Looking back at last week’s episode, we discussed network security and the critical need for advanced threat protection. With the help of our cyber expert cast, we shared how to avoid widespread disruption and damage to an organization’s bottom line and reputation with the use of their solutions.

In today’s episode, we’re taking a deeper dive into TOPcyber21 best security practice number 14 – wireless security. We’ve all connected to a store, hotel, or coffee shop WiFi. It’s easy, free to use, and the driving force behind the work-from-anywhere culture. More often than not, wireless apps obtain our location data, usage, and personal information, which we are too easily and unknowingly authorizing at the expense of our need to “connect now.” So are we truly aware of the risk of using these WiFi connections? In reality, unauthorized users and malicious actors’ ability to easily intercept and access your sensitive information has never been greater.

Join us as we hear from our partners about their available solutions and best practices to ensure the security of your data and devices. We’re very thankful to our cyber expert cast joining us today from Cisco, Fortinet and Intelisys, as they help us educate our clients and prospects on the road to #secure, reliable, trusted technology!

As a reminder, we began releasing a new episode every Tuesday, starting 10/20/21 and will continue to do so through late spring of 2022, with brief time off for holidays with family and friends. We’ll also follow each Tuesday episode release with subsequent Wednesday, Thursday, and Friday posts highlighting our (3) contributing solution partners from that week’s episode. We hope you’ll find this an immersive, hopefully simple, educational, and enjoyable experience. So how do you tune in?

To easily follow the journey ahead, we’ve diversified your access options to all (23) of our coming episodes. You can follow along here on our blog or by any of the following methods:

  • Email Newsletter: sign up at techonpurpose.net/blog and have each episode delivered directly to your inbox when released.
  • LinkedIn:  follow here
  • YouTube:  follow here
  • Facebook:  follow here
  • Podcast:  follow here

Buckle up – it’s time to hit the road to #secure, reliable, trusted technology!

 

Lauren Lev  
I’m Lauren Lev, Marketing Manager for TechOnPurpose. And this is Episode 14: Wireless Security. Welcome back to our “Who’s in Your Cloud?” series. Say it with me now, 21 Steps to Secure, Reliable, Trusted Technology. Should all have that by now. All right, so if this is your first time joining us, thank you. If you’ve missed any of our previous episodes, check those out on LinkedIn, Facebook, YouTube, or Spotify, or sign up at TechOnPurpose.net/blog to get those episodes delivered straight to your inbox. Alright, today’s episode- Wireless Security. While I’m clearly no cyber expert like the rest of our cast, this is actually a topic I’m a little bit familiar with. We’ve all connected to a work, store, hotel or coffee shop WiFi. It’s easy, free, and the driving force behind the “work from anywhere” culture. My favorite part is being the envy of all of my work from the office friends as I sip daiquiris on a beach or drink some lattes from my French balcony, all while still bringing you guys this very entertaining vlog series. But do we honestly know how risky these WiFi connections can be? Do you know how easy it is for people to intercept and read your passwords and data? Did you know that when you hit that accept button to connect to these WiFi networks, your connections, browsing history and personal data are most likely logged and potentially sold to third-parties. More often than not, the wireless apps we all use provide location data, usage, and personal information that we are too easily and unknowingly authorizing at the expense of our need to connect right now. Well, I don’t know about you guys, but I want to be getting free daiquiris from the bartender not giving away my information. Today our cyber experts will be breaking down the scary but true reality of wireless network security. So let’s meet these cast members. First, as always, our VIP cast member Ivan Paynter, National Cybersecurity Specialist from Intelisys. Ivan you’re back!

Ivan Paynter  
I’m back, howdy guys! 

Lauren Lev  
And looking snazzy, might I add. New to the vlog is Cisco’s System Engineer, Yisbel Calzada. We’re so happy to introduce you guys. Thanks for coming on.

Yisbel Calzada  
Thank you, Lauren, for the invitation. Glad to be here.

Lauren Lev  
Of course, we’re glad to have you. Also new to this series from Fortinet, we have Trace Meeks joining us today. Thanks for coming on, Trace. 

Trace Meeks  
My pleasure, thank you for having me. 

Lauren Lev  
And last but not least, my partner in cybercrime, TechOnPurpose’s Founder and CEO, Matt Tankersley, everybody. All right. Matt/Cast, let’s get started. Matt, take us away.

Matt Tankersley  
Sure thing, Lauren. And thanks to you guys. You guys are always awesome. And our viewers should be here. Thanks for being with us today. Right? So let’s start off by stating the obvious: the simplicity and ubiquitous availability of WiFi to get online work, collaborate, transact or be entertained is a really awesome thing. And that is until we look under the hood, the mini security and legal aspects, wireless connectivity. And how often does that happen? Right? Let’s look at a couple of wireless security data points that users, business owners, and IT teams need to really take time to consider. First, one in every four WiFi hotspots is unsecure. That’s important. The US survey ranks 12 globally and the proportion of unsecured WiFi networks. But we think we might be ahead of the curve. But apparently we’re number 12 and 72% of business data breaches came via unsecured wireless devices. That’s an important thing right there. So how should these facts be proactively considered as we race to equip and support our BYOD workforce with anytime, anywhere any device access? There’s no question that policy needs to be from the center, meaning, what company data users are authorized to access on, what devices, and at what locations like WiFi networks, public or secure. That as we learned over and over, relying on our human firewalls to be security experts, follow policies or slow down and consider their decisions before clicking and connecting is probably not the path to achieving secure, reliable, trusted technology. What else can be done as IT teams proactively secure our users and data in and out of the office as it relates to use of WiFi technology on company or BYOD devices? Let’s get our audience plugged into the real cyber experts- our cast today. Where would you like to start with introductions? 

Lauren Lev  
All right, Ivan, you’re up. What does it even mean to be a national cybersecurity specialist and give us more of your background at Intelisys? 

Ivan Paynter  
What does it mean to be a national cybersecurity specialist? Not a damn thing. What it means is I answer a lot of phone calls, I do a lot of presentations. I travel around the country. And I love what I do. You guys know I love what I do. So I’ve been doing cybersecurity for about 30 plus years or so, maybe a little bit less. This is my passion. It’s my love. It’s one of the things that I just truly find so exhilarating. I’m a Certified Ethical Hacker, I have my CISSP. I just don’t put a lot into that because I studied just about every night. I like to play in the field. And this is something that- wireless is something that is near and dear to my heart. I broke two-factor authentication a long, long time ago, using wireless technology. So I’ve got a little toy here. I want to show a little bit later on how I would compromise a wireless access point, or how I will collect user information from users that are going to get on wireless. So that’s pretty much about me. Let’s go on to the next one.

Lauren Lev  
All right, thanks. Okay, our first-first timer, let’s go to you, Yisbel. Tell us about yourself and what you do at Cisco.

Yisbel Calzada  
Thanks, Lauren. Sorry about my voice. So what I do at Cisco Meraki, I’m the Systems Engineer for the SouthEast region. For customers that are looking to start or continue their IP journey on the cloud and the technical point of contact or trusted advisor is how I like to see myself sometimes that will guide them through the trial showing how powerful and simple it is to manage and deploy their IT infrastructure prone or platter for. For those who doesn’t know what Meraki is, we deliver cloud managed IT solutions from SD1, next generation firewalls, switches, IoT cameras, mobile device management, and of course access points, would basically optimize the experience secure locations and seems to connect people, places and things

Lauren Lev  
All wireless all the time. So I like it. All right. Okay, Trace as our second first comer, you’re up next.

Trace Meeks  
Thank you very much, Lauren. My name is Tracy makes, I’ve been deploying WiFi networks for a little over a decade now. I currently work for Fortinet as a consulting systems engineer for what we call our SWAT team, which is switching and wireless access technologies. Fortinet, of course, is a security first company. And over some time now, as our security fabric has expanded outward from the next generation firewall, we also include wireless and switching that is also managed by the FortiGate firewall and how we see it is we’re making your entire network the firewall from a security fabric standpoint.

Lauren Lev  
All right, thank you guys, Ivan, you ready? Let’s get into it. Start us off. 

Ivan Paynter  
Well, I’m one of the security- sometimes I want to turn the camera around and show you the scanners that I have in my office or some of my other toys. So I’m going to start off with some toys if you guys don’t mind. Um, this is one of the ones I got not too long ago. This is software defined radio, right? It’s not only a radio that transmits, it also receives, right, so pretty much anything in that wireless band can be received. I want to say one thing first. The two people that we have with us are two of my favorite companies in the entire world. I put it out there. I cut my teeth on Fortinet. That’s when I was at Mixergy and I made them get involved with Meraki. So, right on right on right on. You guys are awesome. I think you have two great products and just want to put that out there. My second toy is probably my favorite toy in the entire world and I’ve got to plug it. Anybody know what this is? Anyone want to guess? It’s one of my favorites. It’s one of my favorite fruits in the entire world. There’s a pineapple, okay, is effectively a man in the middle and it’s a great hacking tool. And both of the toys that I’ve shown can be purchased on Amazon and it’s that simple for a little bit of money. But the pineapple is truly just a man in the middle. I can actually advertise myself as being an ultra fast connection point for executives only. And I’m capturing everything that they said. And I’ve done it on a lot of my presentations. I don’t do it as often as I used to when I first got it, because he kind of got me in a little bit of trouble. But it’s a great toy, especially when people park in front of my house, and I’m looking for WiFi. They don’t get that here. But I do receive their credential slip. At the end of the day, we all have to be very careful about what we do and how we do online. So I want to just stop right there as I don’t want to go too far. But we want to talk about this a little bit more. So I love wireless, it’s the greatest thing in the world.

Lauren Lev  
You keep getting so good at these intros and complimenting our staff, we think you’re going to replace me so calm down, okay.

Matt Tankersley  
So, let’s refresh and get back to it. Perfect job, Ivan. The goal is here, we’re going to do this first round, and we’re going to focus on the issue, right. And Ivan brought some fantastic tools to the table that pointed out the issue. The issue is that wireless is very easily compromised from just about anywhere from tools that you can find on Amazon. So the issue is real. I think if you guys will and more will follow your lead, let us know who wants to go first, let’s focus on that issue. And then we’re going to come back around and talk about your specific solutions on how to secure those environments and have less risk.

Lauren Lev  
Trace, let’s take it over to you. What is important about wireless security?

Trace Meeks  
One thing that’s kind of important to look at is, and I think everybody on this panel knows that there’s been a pretty rapid change in WiFi over the last decade. I think I’ve seen a lot of roads paved, so to speak. You know, when we started with this, it was nice to have the guest networks thing, that was really an afterthought. But where we sit today, you look at the different verticals, manufacturing, and operational technology sectors. It’s made WiFi mission critical in the manufacturing and distribution process of getting product in and out the door. So it’s not just  nice to have, it’s mission critical. And that opens up a whole- a very wide area of ways to get in now that it’s become mission critical. You see this in education, as well as they’ve been adopting one to one initiatives, BYOD online learning, online textbooks, lesson plans, homework, digital instructions, a major part of education now, distributed retail service industry, we have WiFi enabled point of sale equipment that when when it can’t connect, money is not transacted. So very mission critical corporate environments, at your corporate headquarters. It’s not just a guest network anymore, it’s expected that users can be on the wire or disconnect and walk all over the building, and have the same access to corporate resources that they’d have if they’re on the wire. That’s just to name a few examples. But you know, pretty much every major function in the world now is heavily relying on WiFi. So it’s opened up such a large attack vector, that we have to treat it very differently. On top of that, you have other kinds of WiFi devices that were never anticipated when you got into the IoT world, or there’s 46 billion IoT devices worldwide in 2021. And these are very easy to get into devices. And there’s just not enough Ethernet ports in the world to handle this. So it’s all happening over the air. And it’s only going to increase. And so what this really means for security is we’ve got to think about it very differently. It’s not just about simply authenticating to the network, or looking for rogue devices, those things are very important for us. But it goes a little bit beyond that with the environment, we live in a pre-shared key, you know, a simple key that everyone shares, it’s supposed to be a secret, right? That inevitably gets out. And now you’re compromised. Even when you get into the no to 1x approach with a username and password. It’s not as comprisable, but as I’m sure we know here that also can be compromised with man in the middle attacks, with social engineering, with people just leaving their passwords out. So simple authentication and simple rogue scanning is just not quite enough. So what we need to do is to look at this as a more holistic approach across the whole wider network as fabric. Because what authentication doesn’t mitigate is when the user gets on the network, where do they go? If I have your password, and now I’m on your network, and the rest of your network isn’t protected from a fabric standpoint, you really don’t have a strong security situation. So I think with the evolving threat landscape explosion of WiFi enabled devices, coupled with the mission critical nature of WiFi as it is today, the idea is security from floor to edge. And later, I’ll talk a little bit about Fortinet as that’s what we address security at all the points on the network and not just at the entry-level. 

Matt Tankersley  
Yeah, great introduction to the topic. It was great. Ivan, I don’t know if you want to add anything. And I will tell you that it’s amazing to me that no, there’s no reason that it’s no accident that this is episode 14. Because everything that you talked about, once you make that wireless connection, there are so many things that really need to be in place before that connectivity. And it’s kind of how we orchestrated these 21 best practices. I’m also amazed Lauren, and how often the topic of IoT has come up from every single one of these things. As you stated, well, we’ve got very legitimate business needs for IoT today that are crucial. And then we have TVs and lawnmowers, and smart TVs, and Xboxes and all integral potential attack vectors that we’ve seen quite often be compromised. So great.

Ivan Paynter  
Matt, real quick- I recently traveled for my organization to Denver, and then to Southern California. When I was in Denver, I left my toothbrush behind at the hotel, I came home, and Amazon’s my friend, I ordered a toothbrush, and lo and behold, I didn’t realize that it has Bluetooth capabilities. Really, but I can’t wait to talk more about IoT. I think the bad guys are writing the RFCs for the Bluetooth and those little devices because you really don’t need them. But they’ll use it right.

Lauren Lev  
All right, if you guys are finished, let’s take it back. Yisbel, you’re up,

Yisbel Calzada  
Absolutely. So I like to call us well, what Trace was mentioning. And I think that what makes wireless important, what actually makes wireless security more important is because wireless has become the mainstream technology. And that basically had changed from the past in the sense like what we have today, the vertical that we are free from the private to actually public organizations using that communication that made him communicate the data. And the other thing is like the importance of the data that is actually communicating through wireless in the sense of like, how exposed you are likely to be or sometimes when I actually talk with my customers it’s like what is the price that you like to pay for knowing how secure is your wireless, will you let people access or know your bank account, because you don’t know when you connect? What actually is the security that is in place on that network, as well as, like Trace mentioned, just having a pre-shared key is not enough. What type of encryption as well is being used to encode the data when it’s being passed through the wireless because wireless it’s such a beautiful topic. Sometimes people think, oh, wireless is magic. But there is a lot that is actually going on in the background. Behind how the wireless basically works, is we’re a licensed medium that is shared. So everyone basically can sneak your packets, can spoof your network, and can basically bend your operator or your daily operation. And as we know, firewalls are not enough. So you need to have a layered approach to security, we need to have intrusion, detection, and prevention that can actually monitor your environment to know who can be spoofing, what are the attacks or malicious packets that can be floated in your network that can bring that connectivity down. So we can actually be or don’t, we cannot have businesses that rely like boys over the wireless, or retail and vitamins that we know for supporting their operations. They basically have bought a house that uses wireless for all their daily operations. And all of a sudden, because it has been spoofed, the network over packets has been polluted, they can’t connect back to their devices, I cannot trust me. So there are a lot of key points here. And I think that when we talk about wireless security, I will say that it’s actually a bee nation, between security protocols between our authentication methods that can be used to ensure the confidentiality, integrity and availability of the data and the systems that access through the wireless network. 

Matt Tankersley  
Lauren, for our business owners, and IT guys that are out there listening and thinking you’ve already got your hands full, you don’t even have time to think about these things. And reality is the risk is too great not to, and we have some of the best partners on the planet and Fortinet and Meraki and TechOnPurpose and our partners like Ivan and Intelisys will do this work for you. Okay, don’t wait to have a problem for us to help you decide that, develop these best practices and adopt these best practices. Quite frankly, hopefully you already have the technology, you just need to, you need to pimp it out. Let’s go help out your security and if not, we’ve got these two partners here to help us with that. So, Lauren, I think unless Ivan or Trace have anything to add to that, we can kick around round two and Ivan can share some horror stories with us or some more toys and then we can talk about the specific solutions that both Fortinet and Meraki you’re bringing to the conversation. So where would you like to start first? We’re gonna let Ivan close out as usual, right?

Lauren Lev  
Yeah, I was gonna say, Ivan, best for last with those toys, everything.

Ivan Paynter  
I’m working right now. I’ve got some more toys that I have. I have a watch. I took it off my desk, because I’m trying to clean up my office, they can’t see a malicious actor in the back. But let’s just think about all those things themselves. Right? Everything now is a wireless access point, right? Because that ring is part of that. And then that brings out to a mesh network that’s being developed by Amazon. And we’re not even allowing them to do it. They’re doing it themselves, right, that sidewalk application. Let’s look at botnets. Yeah, I don’t know if I’m jumping in too soon. But wireless encompasses everything, you know, Trace, you hit such a nail on the head with IoT, and then we have IoT, and then there are SCADA devices that should never be on the network. But due to the lack of personnel that’s out there, we’re putting them on the network. And so, you know, help us with that, because bad things are gonna happen very soon, unless we really have that, you know, that layer of protection, you know, as as you stated, so, the thing that scares me is that a lot of people don’t think about what is IoT? What is wireless, that key fob that you have in your hand can be compromised just as fast as somebody else’s credentials by accessing an access point, right? So we have to think about all these things, not on wireless, I just got a brand new iPad not too long ago, wirelessly all that data magically appeared on there, need to think about how that’s occurring. Who has access to that information? Yeah and I think you really made a valid point, it’s all about truly the data more than anything else, and making sure it’s secure. 

Matt Tankersley  
So you did a great job of pointing out two very important things. This isn’t just a business issue, it’s a personal issue, right? And so protecting your personal data, you know, they may be more important than protecting your business data, depending on who you are. But I always like to bring it back to that. But let’s take that personal information and bring it back to business. Right? So I hate to pick on my mothership of the ownership of my company ScanSource. And my executives like Tesla’s. I love a Tesla, I don’t have one because I’m scared to death of the information. These cars have been subpoenaed because they can tell you how much that person weighed in the chair next to you. And if that was not the weight of your wife, then you know, why are they sitting there. And so that actually happened, right. But that information was captured and then transmitted wirelessly to a location that the user of that vehicle didn’t have. But that’s not where I want to go with this. Think of it this way, my executives now have these cars and your information is being transferred from their smart device to that vehicle. So when that vehicle is stolen, they’re not stealing the car, they’re stealing data. And about that data that’s being removed from my upper management. That’s scary. So it’s not personal. It’s also business. It’s all combined now. So it’s, we’re taking it to a different level. That’s right. And Trace, Yisbel, you probably don’t need any setup for any of that. But I will tell you an application that we’re dealing with right now, and we’re going to be talking with both of your companies, and others in our cybersecurity stack about this, but we have one customer that is going into retail environments, and putting IoT devices in there to help them do some pretty cool stuff in their environment. Right. And when I began to ask them about Okay, so are they putting in your own WiFi network for these wireless connected devices? Or you know, and oh, no, you’re connecting to the company’s WiFi, are they giving you a separate WiFi? Are you just connecting to the same WiFi that all their stuff is on and, you know, we look at risk in so many different ways. I mean, but imagine being a third-party provider, it goes into a customer’s environment, a multimillion dollar contract, your device gets compromised and spreads east and west of their devices and compromises their data, and their customer data. I mean, it just scares me to death and so Goonies is accused of those kinds of conversations. If you’re listening and you’re out there doing that kind of stuff, guys, have your own network. Control your own environment, don’t put yourself at risk of harming someone else’s and your own customers’ environment, right? So, alright, I’m shutting up.

Lauren Lev  
Trace, do you want to talk about your solutions?

Trace Meeks  
Sure. And, you know, another thing to add to the Tesla thing that I haven’t mentioned that I noticed some time ago is with, with all new vehicles being smart, when you travel a lot and get into a rental car, and you pair your phone, and it sucks in all your contacts, I’ve looked and sold through everybody else’s contacts that in that car to me, and I definitely stopped pairing my phone to rental cars, right. But yeah, it’s our data, it’s just out there in a major way. How Fortinet looks at it, I know that the topic is wireless, and I am going to hone in on that. But one big takeaway is I think we all have to look at our networks as more of a security fabric. This is something Gartner is starting to mention now. They call it the cybersecurity mesh, something at Fortinet, we’re glad to have you with us. We look at the fabric as a broad integrated and automated solution. Because when we say broad visibility, protection of the entire digital attacks is crucial. Right? It’s not just just the WiFi, and I’m going to get to the WiFi section. But it’s the endpoints, the devices coming on the network, right? It’s your servers beyond the network. It’s your application in the cloud. It’s what your firewall is doing and how it processes traffic. Is it doing SSL decryption? What can it see? Integrators are important because there’s a lot of security companies out there, there’s a lot of security solutions, and a lot of great products out there. But if they don’t all communicate and work together, then you have a bunch of disparate management systems that you have to learn and become expert at. And we all know there’s a pretty big gap in security expertise out there. A lot of people are hiring. I always tell anybody who has kids getting ready to go to college, interested in technology, not knowing what they want to do, I tell them to go into security if you’re gonna have a job. And then automated because, you know, we went abroad to cover the surface we wanted integrated, this is all nice communication, because some of this needs to work in the background for you with AI driven technologies, self healing, alerting fast and efficient operations. We’re not all just sitting around staring at our, you know, NOC dashboards, waiting for something to happen, we need to know that in the background, we can be alerted, and things can begin to mitigate before we even become involved. So you know, working from, let’s say, the edge to the poor, I always recommend to clients, they’ve got to have something for an endpoint solution. We offer a few products: 40 EDR, FortiClient. EDR is a great one. Because, you know, if you’re infected with ransomware, it’s not even going to launch, before we figured it out, mitigated, let you know that we have not had a ransomware launch on any products using 40 EDR on there. So very strong endpoint solutions are recommended. If you want to move back, which I’ll focus on a little bit more here in a minute, you know, to the access layer. Now when we’re connecting, whether that be plugging into the port or WiFi the topic today, we recommend the unique part of our solution that is our industry leading next generation firewall, the core flagship of our company. The FortiGate also has built-in WiFi controllers and switch managers. So what this does is it marries the security layer and the access layer for full visibility and control. And I’ll get into that much more here in a moment. And then you know, in addition to that, we want some form of network access control, we have some of that native within FortiGate. It’s pretty exciting. But also we have a wider 40 net solution, it’s a little more agnostic, because you want to see everything that connects to the network and have full zero trust access control of how that device can join and then where it goes beyond that. And then we also would recommend something like our forti-authenticator product as your certificate authority, it handles your multi-factor authentication 40 tokens or 40 single-sign-on to bring all this together under one fabric umbrella with as few management systems as possible. So really, when it comes to WiFi, and you know, we’ve got a lot of other products that I don’t want to monopolize all the time on but all of them are security first in mentality. They all communicate and they all form IT but you know we’re here to talk about WiFi so we do the three differently. It’s not often that your firewall is your controller, but built into the firewall without any extra licensing fees. It’s just native to the iOS as a lock back controller and a switch man.

If you already own the FortiGate out there, you may not have seen that section. You can just start buying switches and IPs and plugging them in, they will automatically discover, they will securely become managed. And what we do is we treat our VLAN interfaces and our tunnel SSIDs, as the same as we treat any other interface on the firewall. So this is that marrying, again, the marrying of the security layer and the access layer, we’re making your whole network the firewall, so it allows for control provisioning visibility. And those Unified Threat Protection features in a next generation firewall, we can apply right to the VLAN, or the tunnel SSID. So what that means is when a user connects to a tunnel SSID, that’s being managed by that 40 AP being managed by FortiGate. Since it’s a firewall interface, nothing goes anywhere until you create a firewall boss, right. So you get to them, direct that traffic internally within the network, you know, outside of the network out, but when we can, we can lock that down into certain internet protocols time of day. But the exciting part is we can build unique web content filtering profiles, antivirus profiles, application control profiles, DNS, IPS, file filtering, voice over IP, even SSL decryption, all applied uniquely to that society. And if you have another SSID that has other metrics or permissions, rather, that need to be followed under those particular metrics, they can all have unique profiles based on that next generation Firewall Unified Threat Protection. So this allows you to now have full visibility, to full security. You go into one management system, you can click on a device, and you can see what websites just go into applications. You can see any virus status, all the things I mentioned, all in one dashboard. That’s a highly secure WiFi environment in our opinion. But wait, there’s more. There’s another big factor to how Fortinet does security. And that’s our FortiGuard labs. What FortiGuard Labs is, that’s our threat intelligence platform, the research organization at Fortinet that’s worldwide. Its mission is to provide customers with an industry, that threat industry, best threat intelligence, to protect from malicious cyber attacks. We’ve got the most zero day discoveries, we’ve got a wide environment of telemetry, and this is what’s cool is everybody who owns a FortiGate, or various pieces of fabric that work with the Fortiguard solution if you can agree with anonymity to share your data. So basically, we have endpoint sensors all over the world all feeding back 40 billion. And that’s how we’re able to assist a million devices. All of those feeding threat intelligence back to FortiGuard Labs, while all of those Certified Ethical Hacker, white hat, geniuses are constantly looking at the latest ransomware malware plots, everything out there. And that is continuously daily updated into everybody’s FortiGates. So what you can do with that is not only feed the profiles and all of the Unified Threat Protection I’ve talked about, but that also allows us to do something we call automation. So we can create what we call automation stitches that use indicators of compromises based off of the inflammation, FortiGuard Labs. And what that does is if you have a device that joins the network, we can see an indicator of compromise based on all of this data, we can automatically quarantine them which isolates that device and cuts them off from any east, west, north, or south traffic, and it can send out a replacement message to the user saying you’ve been compromised. We’ll talk to your IT admin, but it gives you that peace of mind that not only do you have that enterprise next-gen firewall protection directly on the SSID s interface, but if something’s there, and that’s without many of our other fabric pieces, this is just what our WiFi does. You can have that peace of mind that you can get isolated and your network is protected. 

Matt Tankersley  
Yeah, I’m going to save some comments until we hear from the rest of our guests here today. Great perspective. Thank you. I can keep talking about- and I didn’t know before we got on this call that you were a Red Raider, but I wore this shirt subliminally just for you.

Matt Tankersley  
I’m gonna save some comments until we hear from the rest of our guests here today. Great perspective!

Trace Meeks  
Thank you, I can keep talking about this all day.

Matt Tankersley  
And I didn’t know before he got on the call that you were a Red Raider. But I wore this shirt subliminally just for you.

Trace Meeks  
Appreciate that!

Lauren Lev  
All right. Yisbel, talk to us about Cisco.

Yisbel Calzada  
Absolutely, so I like to actually rate what Trace mentioned. I think that he touched kind of like a sensitive fabric and that is the end point. So I think that and even before COVID, the approach to that is the threat is outside and past change. In the sense like, we need to be more conscious, like the biases that are readying your network that might be compromised. And that’s when actually zero trust policies come into place and having that layer of security from the access protection at the endpoint access layer and at the edge as well. So from the Cisco, Meraki standpoint, we can actually start the protection with the endpoints through our MDM solution. So we actually manage and secure or automate the onboarding process of those devices in the network. So we actually create protection to have a certificate based authentication when they’re trying to board in the network. And as well, the integration with older upgraded products from the Cisco portfolio like eyes for device pictures like it will actually automatically switch policies to the devices, you will identify the device has any type of antivirus or has been compromised, or what actually is even the operating system that the device is running, or it may have any type of vulnerabilities there that can be exploited by any hackers and it will not allow it access to the network. From the wireless standpoint, we actually offer protocols for encode protection of the encryption of the SSID that have been broadcast as well as segmentation when we’re actually talking about like IOT devices, guest users will be like best practices, when I talk with my customer. This cannot be just one flat neck where when you have your servers or when you actually have your printers or when your home where you have your refrigerator or your TV. So once you actually let something vulnerable share the same broadcast domain, you’re compromising your entire infrastructure. So you can actually start with segmentation at the access layer as well. And the other thing is like the protection that comes with the content filtering that IDS and IPS systems that are built in with all Cisco wireless, to detect that intrusion detection in your network. And another great integration as well with Meraki wireless portfolio is the umbrella to have that DNS layer protection. So even before the client tries to connect to a side, we can actually stop that connection. Knowing if it’s malicious, it is actually an IP address that has been even defined as a malicious IP address. And that can be stopped there as the importance with that, and I was a long time ago, I was actually the target of many individual attacks. So basic and DNS voice and catch as well. So I was on a public WiFi like a hotspot and I needed to connect to the internet. I was actually not even USA based, I was in another country. And to connect to the internet devices securely connected, open WiFi, and what you needed to enter is like a little car so you can actually buy Internet access by hour so you can actually enter on the portal of that Ethernet provider and I was thinking at the moment that I was actually accessing the portal or the internet provider as the end. But, I was actually transferring that body to someone else that was actually putting that through and detecting that traffic from there. So simple things like that. That actually happens when you don’t take in consideration or you don’t take the security on your wireless seriously.

Lauren Lev  
In researching for this episode and it might sound super simple, but piggybacking off what Yisbel just said, I learned that whenever you join, like a coffee shop or hotel WiFi, it’s important to go ask them like, Hey, what’s your WiFi? What’s your password directly, not just connect, because malicious actors will just make up a name that’s similar and then you’re joining it and giving them all your information. So I actually have started doing that. Because I didn’t know and I just joined networks left and right.

Ivan Paynter  
But that’s the whole idea behind that, you know, a pineapple, right? It is that man in the middle. So bravo for you that you’re taking that step a lot of people don’t, especially executives, right? So if I were to sit into a hotel and say, you know, this is a high speed access point for X, there’s a high probability that somebody is going to do that. And even to spoof somebody’s email, somebody’s password is very simple. Look, Ivan can be spelled with a capital I, or a lowercase L. Right. So how do you choose which one is correct? There’s so much you guys have touched on. I love the fact that it’s both Fortinet and Meraki, Cisco, because they both have such great solutions for both of these things. I know I’m going crazy and there’s so much to talk about here. This is what I’ll talk about endpoints and as did Trace, you know, but think of botnets that are out there that are wireless. So some of the attacks, we haven’t even talked about the DDoS type scenario that you know, just 1000s of wireless devices. I’ve got probably eight cameras on my front of my house alone, that all have just a user and pass oh my God, the worst thing in the world we’ve ever come up with was a password. We’re not using multi-factor authentication we’ve already lost. Because, you know, that’s part of that protection. But we don’t have that for wireless, because they’re very small and simple devices. So it was really tough to build all that in. There’s so many things I want to talk about. All this would- I heard zero day. Look, there’s zero hours that are out there right now and the fact that there’s so many places to hide, there is slack space in hard drives that we don’t even look at right now to hide malware upon. No, there’s so much to talk about here. At the end of the day, both of these organizations bring to us and my organization has a whole bunch of suppliers. But you know, there’s so many different ways we can look at access points in the data that we’re transmitting. And we have to be very, very careful corporations. I heard Trace talk about the guest networks, right. Everybody has a guest network? Well, yes. But we have to have multiple networks. I have all my cameras on their own network. My wife has her own network, because I don’t trust what she’s doing. My kids come here, they get their own network. So my company in my own house gets several networks. Yes, I run three firewalls there. Do they all go to the same point? Yes, they do. And is there an access point there? Yes, I’m running Ubiquity here because I don’t have a Fortinet or Meraki. But the bottom line is, you know, a lot of folks don’t run those firewalls, right? They don’t look at their logs, they’re not security conscious. So we have to make it simple for them. But when we make it simple, we make it easy for the bad guys too. So I take this right back to what I call dough, and that is the human firewall. And, Matt, I think you brought that up originally, we all as individuals have to be more cognizant. Organizations must provide that level of security awareness training, because no matter what the subject matter is, we’ve got to be conscious about what we do. And Lauren, that’s just like when you went to the front desk, and asked what is the password? What am I actually logging into? That’s where we start with the greatest amount of security that we can have. So I’ve got so much energy around this because it is a great subject, and there’s so much more we can talk about, and there’s not enough time. So this is commercial, Matt, I would really refer back to these guys at TechOnPurpose, reach out to them, because there’s a lot more here that we’re not even going to touch on.

Matt Tankersley  
Absolutely. I’m gonna get you fired up one more time. Most people know, right, and we’re kind of biased, the only providers we work with are you two guys. There are other solutions out there in the marketplace. In fact, sometimes I’m forced to work on unify and I feel like I’m going to the wrong side of the tracks or something when I do that. But, you know, since we’re talking about wireless, I’ll bring up something that you brought up probably in episode zero or two or something like that. And reminder, we’re in episode 14 now, and he brought up something I had never heard said this way and it was just a huge lightbulb and it’s all about wireless and it’s all about compromise and risk cases. We all talk about BYOD all the time and he came in and said you know what? It’s not just BYOD it’s BYON. So we’ve taken this corporate device and we’ve extended it to say go work from home and what are they working on at home? Their own network, which has all these IoT devices and the wife’s things and the kids’ Xbox. And I love that you’re making it separate, that works. Really, it’s genius, because I guarantee I’ve got about five around here myself, but BYON man, this is something we could talk about forever and ever, and there’s just not enough time.

Ivan Paynter  
Just real quick on BYON, right? It actually happened, where you know, somebody is working on their corporate system, which is relatively locked down, and it’s got the protections in place, but their kid is upstairs and he’s downloading software from I know what it is now steam, right? I didn’t know what steam was, I know it’s something that comes out of the shower. But he’s downloaded from steam, and it was a piece of malware. And that malware then infected that environment and then did what any good hacking device or any good malware is going to do, it’s going to look around and there’s that zero day that Trace is out there looking for, that Yisbel talked about. And that effectively infected the corporate device that didn’t have the protections around it that the firewalls would have given us if it was there. So both of them have spoken about that, endpoint protection is so valuable. And it can’t just be an AV, it’s got to be that next generation, it’s got to be that EDR. Bring it to an XDR I don’t care what you do. But we’ve got to have that level of protection in there. Matt, you just get me so riled up about this stuff. I love it.

Matt Tankersley  
Well, Lauren I think we ought to give our guests a little bit of last words. And I would suggest focusing again on any recommended best practices for our viewing audience who’ve made it this far and the simple things. We’ve talked about specific things that you guys do intentionally, but you know, what kind of encryption they’re using. I think, Isabel, you mentioned that early on in the process. We talked about 801 X, I think, along the process, so any of those best practices, let’s maybe summarize a quick round of those. And anything else I had, I think I know it was, if you’re listening, and I hope most people are right, we were on 14 of 21. And what I love about both of these cast members that we have with us today, they are a whole lot more than wireless security. So you’re gonna come to me and I’ve got multiple vendors for all 21 of these and more often than not, one of the things you’re gonna find is that I’m solving four or five or six or eight or 10 of those with these vendors right here. So let’s close out with best practices and final words. Lauren, we’ll follow your lead.

Lauren Lev  
Yisbel, do you want to go first? 

Yisbel Calzada  
Absolutely. So I will say regarding best practices, if you are not sure where to start, just visit us. Listen to these amazing podcasts, try to contact Fortinet, Cisco Meraki, whatever vendors you like, go with and talk to about security. First, that I actually will recommend as well is that endpoint security. As well as don’t put all your devices, IoT, like your servers, your printers on your same VLAN. Apply that simple step of VLAN segmentation, as well, it will add a little bit of security or layer security where the visibility that you actually may have for what your devices are doing once they are connected, or with your devices as well as today comes as well with the endpoint security that you may have there. I would say start with asking and it goes back to the consciousness as well as what you don’t know yet about how secure your network is. I think that would be kind of a good starting point for them there.

Matt Tankersley  
Yeah, you know what’s interesting, and then we’re gonna pass the buck over to the rest of the team to close this out. You said two things that are interesting. And last thing is, you got to assess risk, guys. I’ll be honest with you, if you’re trying to figure out where to go first, that’s what this entire campaign is about. We are providing free NIST cybersecurity risk assessments, we’ll find those gaps for you really quickly, and we’ll be able to point you in the right direction. And I love what you said about printers, putting printers on their own networks. I haven’t even thought about that. You know, those log4J compromises that just went around. There were a lot of printers that were potentially affected by that. If they are on the same network that you know, endpoint devices are, boom, right? We actually saw someone that had that problem, hadn’t thought about it. That’s definitely something we’re going to do going forward is recommend those devices, those IoT devices, let’s separate these endpoints. I like it. Okay, Trace. 

Trace Meeks  
Alright, thank you. Yes, very well put as well. I agreed with everything you’ve said today. I think in closing, there’s so much to learn. And I think people, customers, and users get overwhelmed with all that’s out there and one bit of advice is find your trusted partner and listen to them. The expertise, you don’t have to know everything about everything trust people like Matt, Yisbel, Ivan, TechOnPurpose. Trust the people who know, let them advise you and think about security first. But don’t don’t think about the cost first. And I know that cost is ever important. But cost has come down on a lot of this stuff. And hey, Rome wasn’t built in a day, neither is your network. You can do this over time. That’s one of the reasons we at Fortinet have a very open API system, we don’t expect you to come rip out your entire network and then replace core to edge with all Fortinet, you can start a building process. I think, you know, from our company’s perspective, probably the first thing to go would be the firewall. And then you can build out your security philosophy from there. The WiFi explosion is not slowing down, you’ve got to have- Yisbel mentioned earlier that you do need to have the scanning radios on the AP detecting for rogue devices and looking for man in the middle and phishing SSIDs. We call them fake APS or fake SSIDs. You need to have the strongest layer or level of security and encryption on your SSID as possible. Please do network segmentation, whether it be tunneled SSIDs or multiple VLANs, separate this traffic and inspect it to know what’s going on. Know what the device is before it gets on your network and also know what it does with high visibility once it gets on the network. But just take security seriously, because ransomware- I was at a conference a couple months ago that had a gentleman from the FBI, who gave a very good presentation. And he mentioned that where the first wave of ransomware started with Fortune 100, you know, we all heard about the pipelines and the major hotels that are attacked and the major corporations that are attacked, they’re starting to now trickle down to even smaller organizations. We’ve seen it hit K through 12 Pretty hard over the last couple of years. Now they’re starting to hit SMB markets as well. And their ransoms aren’t going down. It’s just their targets are widening. So security can’t be an afterthought. You have to think about it and get serious about it now.

Matt Tankersley  
Ivan, do you want to close us out?

Ivan Paynter  
Man, there’s so much there. You’ve got two awesome guests. And I want to thank both of them for being here and they’ve got great products. Trace said, trust your experts. I’m going to tell you right now, yes, do trust your experts. Don’t trust everything that you read online and don’t trust everything that you Google. Don’t be a Google expert. Talk to some folks that have been around for a while. Ransomware, Trace is spot on, it’s not going away, is getting smaller, you’re gonna see ransomware on people’s phone devices, right, you’re gonna see it on their backup devices. A printer is my favorite place in the world to hide once you access an environment, because people never secure them and they never patch them. If I was to tell you to do anything, it’s just like real estate patch, patch, patch. And then my second thing I want to tell you is to slow down. Everybody is moving too fast. We are all multitasking and don’t pay attention to what we’re doing. Go back to asking questions. And my favorite thing in the world is that- I don’t know where my button is. Oh, it’s on my skier back there- Stop clicking on stuff. Okay, I won’t say the bad word. Don’t click on bad stuff. We’ve got to pay attention to that. User education is massive, right? Trust your knowledgeable partners and get good equipment. Trace said Rome wasn’t built in a day. So you’ve got to crawl, walk and then run. I’m not necessarily going to replace the firewalls first. I want to protect endpoints first. I think that to me, is the most valuable. Trust your resources, folks. TechOnPurpose is a great place to trust, it’s a great place to start. Give them a call. My organization is right there. These are two of the best suppliers in the world that they’ve got on right now. I’m not doing a commercial for them and they’re not paying me. They don’t even give me equipment. Right, but I’m telling you, I know what they do and I know what they have, they’re awesome. I sound like a commercial. There’s so much more to talk about here. Lauren and Matt, thank you both for having us and this was a great series. Wireless is phenomenal, it’s also as dangerous as all get out. 

Matt Tankersley  
Absolutely. Lauren, you’ve got the floor, close us out.

Lauren Lev  
Well if nobody has any other comments, thank you Ivan for those words of affirmation. We appreciate it and I’ll Venmo you that money I owe you after this, don’t worry. Alright guys, that’s a wrap. Thanks, Ivan, Yisbel, and Trace for joining us today. Next week we’re talking remote access and how best security practices ensure your mission critical data and systems are secure. Allowing your business staff and clients to securely connect and work from anywhere on any device at any time. Check out that episode and all of our episodes on LinkedIn, YouTube, Facebook, and Spotify, or get them delivered straight to your inbox by signing up at TechOnPurpose.net/blog. Like we said before, to start a free trial from any of these solution partners, send an email to ">. And sign up for our free cybersecurity risk assessment that Matt spoke about earlier at WhosInYour.Cloud. Thanks, everybody, and we’ll see you next week.

 

Ready for your free cybersecurity survey? Discover potential vulnerabilities for your business and get a copy of our #TOPcyber21 Best Security Practices to help get you started on the road to #secure, reliable, trusted technology! Subscribe to our blog to get episodes of “Who’s In Your Cloud?” delivered direct to your inbox weekly.
Claim Your Free Cybersecurity Sruvey