How to Identify Security Mismatch and Protect Networks - Wyebot

How to Identify Security Mismatch and Protect Networks

November 25, 2019

Schools take wireless network security seriously.  They ensure that each Access Point (AP) is configured with the proper security profile so that the only devices that can connect are those allowed to have access to the network.

But what if one or two APs get configured with the wrong security?  Suddenly, the network is vulnerable.  

This recently happened with one of Wyebot’s education customers.  Upon plugging in Wyebot’s Wireless Intelligence Platform™ (WIP) to get network analytics, the school was very surprised to get an alert that one of their APs was completely open, allowing anyone access to the school’s network.  This made the school vulnerable both to hackers, who could steal secure information, and also to any unauthorized user looking for free WiFi, who could now consume the network’s bandwidth, slowing down the network for students trying to access E-learning resources.

This situation is known as a security mismatch.  When it happens, it results in APs with either a weaker security profile, or, as in the case of this school, no security at all.  There are a number of reasons why the mismatch could occur, including:

  • a bug after a software upgrade; 
  • one of the APs might have been missed in the initial configuration; 
  • a security profile was changed for testing purposes and then not changed back.  

Whatever the reason, the important thing is catching the mismatch and restoring the AP to a proper security configuration.  This isn’t always easy.

K-12 schools can have anywhere from 100-500 APs on campus.  The only way to manually discover the mismatch is to look at each individual AP’s configuration, an extremely time-consuming process.  It’s also a process that should be done regularly, to proactively ensure that there aren’t any security vulnerabilities on the network.  That’s why, to best support IT, we recommend using the Wireless Intelligence Platform™(WIP) and its synthetic network test suite.


  • Continuously monitors the health of the entire wireless ecosystem, enabling IT to focus on other mission-critical tasks
  • Automatically notifies administrators if any network test fails – for example, if an AP doesn’t show the proper security  
  • Gives IT the knowledge that the network is optimized, unless otherwise alerted
  • Provides full details on any test failure so that IT can proactively resolve the issue before it negatively impacts the network

Network tests can be set to run on a scheduled basis so, regardless of how the network changes, WIP is always monitoring, providing full and continuous coverage.  With WIP, there are no long hours spent trying to identify and resolve problems. Any problems that occur, or might occur, are identified for IT, and actionable steps for resolution are automatically provided for quick resolution.  

Don’t wait for a security issue to appear on your network.  Use WIP for Wyebot Assurance and ensure optimized network security now.