Jump to content

Zero Trust Networks


Recommended Posts

Hey all. For a semester paper, I’m writing about the risk that rogue APs pose for companies as their workers increasingly work from home. 

Zero Trust models gained in popularity and I want to focus on them in one chapter. I tried to research what threat evil twins/rogue APs pose for them but only found broad statements like ‘MiTM attacks don’t pose a threat in Zero Trust environmemts’. 

Is it true that they are relatively immune to MiTM WiFi attacks like performed through the Pineapple? What weaknesses, if any, exist? 

Apologies for the crude noob questions. I‘ve been reading up a lot but am very new to Zero Trust security and stuck. I’d like to learn more - any and all pointers would be helpful.

Happy to share the paper afterwards. 
Thanks! 

Link to post
Share on other sites

Jugru - 

Good luck with the paper, and please share it with us when it's complete.

In discussing this exact topic with others in the industry that are adopting the zero trust model, it's clear that - as always - the humans are the weakest link. It's for this reason that modules like Evil Portal, which are able to spin up a captive portal, are so valuable. By mimicking not only a preferred network, but a recognized landing page, credentials and other PII can be captured. Mobile devices are especially vulnerable to this attack because many, like Samsung for instance, do not display a URL bar when loading the captive portal.

And while attacks like sslstrip/sslsplit may not be as effective as they once were, DNSMasq Spoof is great for redirecting traffic to a site to capture loot. Depending on the scope of engagement, this can be very effective.

Cheers!

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...