Getting started with Network Integrity
Network Integrity automatically detects and validates rogue Wi-Fi networks and spoofed carrier networks. Whenever these types of suspicious networks are detected, Network Integrity protects the user devices by either disconnecting from the network or establishing a policy-driven Smart VPN tunnel.
Quick Setup > Network Integrityhas an interactive setup to help you configure and test Network Integrity features. Widgets and KPIs are also available. See:
What is Network Integrity?
Network Integrity gives you insight into whether users are connecting to an evil twin or suspicious network. Attackers set up evil twin hotspots, which are Wi-Fi access points that an attacker sets up. The fake hotspot imitates a legitimate hotspot, including the primary network name of a nearby business, such as a coffee shop that provides free Wi-Fi access to its customers. By imitating a legitimate hotspot and tricking users into connecting to it, an attacker can then steal account names and passwords and redirect victims to malware sites or phishing sites.
Network integrity prevents you from various network attacks and attacks on browsers when users:
- Connect to suspicious networks
- Connect to networks with previous detections
- Connect to evil twin networks
Step 1: Define corporate hotspots
You can add or remove corporate Wi-Fi names (SSIDs) that the users may connect and they are used in the protection actions that Network Integrity offers. It prevents you from fake or evil twin hotspot that mirrors the corporate Wi-Fi. Corporate Wi-Fi can also be added to the default Network Integrity policy.
The client identifies rogue Wi-Fi networks by checking whether the hotspot uses different properties than the SSIDs. If the client detects a suspicious network, it either automatically disconnects itself or asks the user to disconnect from the network. If the client detects a rogue hotspot, it does not allow users to connect to that Wi-Fi connection through your corporate VPN.
Step 2: Add detection resources
You can add or remove organization's specific domains or your own Internet URLs to define detection resources and run subset of network tests, such as man-in-the-middle (MITM) check using Network Integrity. For example, you can add the organization webmail domain (mail.company.com).
Step 3: Choose remediation options
You can define or change different remediation options in the Network Integrity policy. By default, the policy is not applied to any devices or device groups. You can use the default policy or create another policy that is based on the defaults.
The policy contains the following settings:
- Protection against network threats
- Protection against suspicious networks
- Protection against open networks
For more information, see:
Step 4: Add trusted certificates
Symantec has products like Web Security Service (WSS) or ProxySG that have a security feature to inspect Secure Sockets Layer (SSL) and to detect online threats. When you purchase these products, you get a certificate to inspect the SSL traffic in your network. This works by implementing a certificate validation mechanism.
Typically, you allow trusted certificates so that Network Integrity does not interfere with these types of certificates. You have the option to add your own certificate by uploading it. After you add a certificate, it becomes trusted. Now, if there is an SSL decryption by a legitimate vendor, you cannot raise this up as a threat.