Ransomware now crawling networks


#1

With the increasing sophistication of ransomware and its ability to crawl networks searching for other devices, I’m wondering about how to make sure we have appropriate client isolation. Is there a recommended setup that makes sure C5s are isolated from eachother, so that if one user on a G2 gets infected, the ransomware can’t crawl the network outside of that G2? (We use a Meraki MX64 for routing and DHCP of all C5s and G2s instead of the A5 on our network.)


#2

Hi Christian,

The first step is to ensure that you have the latest firmware installed so that all of the security updates have been applied. The next step would be to verify/configure client isolation on each SSID.

For A5/C5: http://ap.help.mimosa.co/ap-ug-wireless-ssid

Client isolation is on by default with both WiFi Interop and SRS protocols. In WiFi Interop, client isolation may be turned off for a given SSID on the A5 SSID page, but this is not recommended for most use cases. In SRS mode, client isolation cannot be turned off, but the ability to disable it is on our firmware roadmap.

For G2: http://wifi.help.mimosa.co/gw-ug-wireless-lan-ssids

Client isolation is also configured at the SSID level.