The Policy Settings for Wi-Fi networks has been expanded to allow administrators to set the risk level for different kinds of man-in-the-middle attacks and to add additional external URLs used to detect man-in-the-middle attacks.
These settings can be configured by navigating to Settings > Policy Settings > WiFi Network.
Changing the Risk Level for the types of man-in-the-middle attacks
The administrator can change the risk level for SSL Stripping, SSL Interception (Basic), and SSL Interception (Advanced) to one of the following levels:
- High (Device Alert) - default
- Medium (Device Alert)
- Medium (No Device Alert)
- Medium (Dismissive Device Alert)
- No Risk
MitM attack that intercepts all network traffic redirection from HTTP to HTTPS and "strips" the HTTPS call leaving the traffic as HTTP.
SSL Interception (Basic)
MitM attack that intercepts HTTPS traffic by using an invalid certificate that does not exist on the device's trusted certificates or not trusted by a root CA.
SSL Interception (Advanced)
MitM attack that intercepts HTTPS traffic by using a valid certificate that does not match the certificate of the server.
Configuring additional external URLs for man-in-the-middle detection
Man-in-the-middle attacks are detected by making https function calls from the device to a honeypot. In case an attacker managed to drop or intercept the connection to the known honeypot, the man-in-the-middle detection will fail to detect the attack. Allowing the administrator to enter additional external URLs to the inspection list, the man-in-the-middle detection is extended to check more websites, making it harder for attackers to circumvent the man-in-the-middle detection.
Adding websites used by your organization for day-to-day business is recommended.