There needs to be additional security on OSI Layers 2 & 3, such as security at those layers that only allows certain devices to use certain IP addresses – based on their MAC address, and based on encryption standards that can be employed at Layers 2 & 3 of the OSI Layer Stack Model.
An example of this would be to have a set of encryption keys, based on a vendor of devices, that must connect to a private company-hosted database system on the Internet, for the device to fully connect to connected systems. Specific encryption keys could then be employed by the specific systems, to ensure that other devices don’t connect using the same MAC address / IP address combination.
Currently there is a problem with WiFi systems being accessed by satellite transceivers, as evident by MCE123 Security Department.
There is also the issue of the same encryption key being used by multiple devices on the WiFi network. This should be changed, so there is a unique encryption key for each device, so that devices that are connected to the WiFi network can’t see traffic that is being sent or received by other devices on the same network, simply because it has the passphrase.
There could be systems that employ unique passphrases for each individual system that is connected to the WiFi network, but this would still allow abuse, such as the use of a WiFi network in proximity that gathers credentials using the same SSID, transmitting and receiving in unison with the same WiFi network, in a way that takes over devices’ connections to the WiFi network, based on its gathering credentials, and then redirecting the traffic to the original WiFi network through a tunnel. This has been done at UNH Manchester.
There could also be a security awareness of BGP, by re-creating the Layer 7 instances that are transmitting and/or receiving information, based on protocol, port number, and other characteristics that are gathered through the packets or frames through BGP border gateway systems, specifically that link between multiple nations and/or undersea cables. The reason would be to identify harmful foreign traffic, and shut down, or enable hold down timers on the intelligence, based on a border-wide protocol that shares security between all of the devices and blocks all traffic related to that instance between the border gateway and internal network resources (the U.S. Internet).