C844 Emerging Technologies in Cyber Security Task 2 PASSED TASK 2025
Western Governors University
C844 Task 2
A. WLAN Vulnerabilities
First Vulnerability for WLAN
• Extended Range from Outdoor Access Point: The outdoor wireless access point (WAP)
servicing Alliah's back patio area extends the network’s range beyond the building’s
physical security perimeter. This setup allows anyone nearby, even those not inside
the building, to detect and potentially access the WLAN. Such exposure can lead to
unauthorized access attempts, data capture, and potential "Evil Twin" attacks, where
an attacker sets up a decoy network to capture employee credentials and sensitive
data (Doherty, 2021).
Second Vulnerability for WLAN
• Lack of Encrypted Connections Between Headquarters and Remote Servers: Alliah’s
website servers, located 100 miles from headquarters, are remotely accessed by IT
staff via Ethernet connections. Without an encrypted channel, such as a Virtual Private
Network (VPN), data sent across this distance could be intercepted by attackers using
packet-sniffing techniques, making it vulnerable to Man-in-the-Middle (MITM) attacks.
Sensitive company data and customer information could be compromised without
securing these communications (“What is a Network Intrusion Detection System? |
DataDome,” 2022).
B. Mobile Vulnerabilities
First Vulnerability for Mobile Devices
• Unsecured Public Wi-Fi Usage by Traveling Employees: Alliah’s account representatives,
who travel frequently, may connect to public Wi-Fi networks, which are inherently
insecure. Without protections, using public Wi-Fi exposes devices to interception, data
theft, and unauthorized access through attacks like MITM. This is particularly concerning
for Alliah, as these employees handle sensitive customer data and company information
(Nield, 2020).
Second Vulnerability for Mobile Devices
, • Risk of Device Theft: Account representatives carry company-issued laptops, tablets,
and smartphones, each containing sensitive data. With employees spending significant
time on the road, these devices are at risk of loss or theft. If a device is stolen and lacks
encryption or remote-wipe capability, the thief could gain access to proprietary data
and potentially gain access to Alliah’s network (“6 Best Software to Remote Wipe
(Official & Licensed MDM),” n.d.).
C. Mitigation
First Mitigation for WLAN
• Mitigation for Extended Outdoor Access Point Range: Implement WPA3 encryption
across all WAPs to strengthen security. Enable MAC address filtering and hide the SSID
to prevent unauthorized devices from connecting. To further reduce risk, physically
limit the signal range of outdoor WAPs and consider using physical barriers like
reflective films to contain the signal within designated areas.
• Tools: WPA3 encryption protocols, MAC filtering software, WAP configuration settings.
• Documentation: Souppaya & Scarfone,
2012. Second Mitigation for WLAN
• Mitigation for Lack of Encryption for Remote Server Access: Deploy a VPN solution,
such as Cisco AnyConnect or Google Cloud VPN, to encrypt traffic between
headquarters and remote servers. This will ensure data integrity and confidentiality
by creating a secure, encrypted tunnel for sensitive data transmission.
• Tools: VPN software, multifactor authentication for VPN access.
• Documentation: “The Top 11 Enterprise VPN Solutions | Expert Insights,” last
updated Nov 06, 2024.
First Mitigation for Mobile Devices
• Mitigation for Unsecured Wi-Fi Usage: Implement a company-wide VPN for mobile
devices. Require VPN connections for all remote work over public Wi-Fi, ensuring all
communications are encrypted. Train employees to use only secure protocols (e.g.,
HTTPS) and enable device firewalls to further reduce risk.
• Tools: VPN software, device firewalls, employee training materials.
• Documentation: Nield, 2020.
Second Mitigation for Mobile Devices
Western Governors University
C844 Task 2
A. WLAN Vulnerabilities
First Vulnerability for WLAN
• Extended Range from Outdoor Access Point: The outdoor wireless access point (WAP)
servicing Alliah's back patio area extends the network’s range beyond the building’s
physical security perimeter. This setup allows anyone nearby, even those not inside
the building, to detect and potentially access the WLAN. Such exposure can lead to
unauthorized access attempts, data capture, and potential "Evil Twin" attacks, where
an attacker sets up a decoy network to capture employee credentials and sensitive
data (Doherty, 2021).
Second Vulnerability for WLAN
• Lack of Encrypted Connections Between Headquarters and Remote Servers: Alliah’s
website servers, located 100 miles from headquarters, are remotely accessed by IT
staff via Ethernet connections. Without an encrypted channel, such as a Virtual Private
Network (VPN), data sent across this distance could be intercepted by attackers using
packet-sniffing techniques, making it vulnerable to Man-in-the-Middle (MITM) attacks.
Sensitive company data and customer information could be compromised without
securing these communications (“What is a Network Intrusion Detection System? |
DataDome,” 2022).
B. Mobile Vulnerabilities
First Vulnerability for Mobile Devices
• Unsecured Public Wi-Fi Usage by Traveling Employees: Alliah’s account representatives,
who travel frequently, may connect to public Wi-Fi networks, which are inherently
insecure. Without protections, using public Wi-Fi exposes devices to interception, data
theft, and unauthorized access through attacks like MITM. This is particularly concerning
for Alliah, as these employees handle sensitive customer data and company information
(Nield, 2020).
Second Vulnerability for Mobile Devices
, • Risk of Device Theft: Account representatives carry company-issued laptops, tablets,
and smartphones, each containing sensitive data. With employees spending significant
time on the road, these devices are at risk of loss or theft. If a device is stolen and lacks
encryption or remote-wipe capability, the thief could gain access to proprietary data
and potentially gain access to Alliah’s network (“6 Best Software to Remote Wipe
(Official & Licensed MDM),” n.d.).
C. Mitigation
First Mitigation for WLAN
• Mitigation for Extended Outdoor Access Point Range: Implement WPA3 encryption
across all WAPs to strengthen security. Enable MAC address filtering and hide the SSID
to prevent unauthorized devices from connecting. To further reduce risk, physically
limit the signal range of outdoor WAPs and consider using physical barriers like
reflective films to contain the signal within designated areas.
• Tools: WPA3 encryption protocols, MAC filtering software, WAP configuration settings.
• Documentation: Souppaya & Scarfone,
2012. Second Mitigation for WLAN
• Mitigation for Lack of Encryption for Remote Server Access: Deploy a VPN solution,
such as Cisco AnyConnect or Google Cloud VPN, to encrypt traffic between
headquarters and remote servers. This will ensure data integrity and confidentiality
by creating a secure, encrypted tunnel for sensitive data transmission.
• Tools: VPN software, multifactor authentication for VPN access.
• Documentation: “The Top 11 Enterprise VPN Solutions | Expert Insights,” last
updated Nov 06, 2024.
First Mitigation for Mobile Devices
• Mitigation for Unsecured Wi-Fi Usage: Implement a company-wide VPN for mobile
devices. Require VPN connections for all remote work over public Wi-Fi, ensuring all
communications are encrypted. Train employees to use only secure protocols (e.g.,
HTTPS) and enable device firewalls to further reduce risk.
• Tools: VPN software, device firewalls, employee training materials.
• Documentation: Nield, 2020.
Second Mitigation for Mobile Devices
