572672
Beschreibung
Mindmap von Craig Parker, aktualisiert more than 1 year ago
|
Erstellt von Craig Parker
vor fast 11 Jahre
|
|
u8.9 802.11b
Safeguards
- Treat Wireless as an
untrusted NW
- Firewall between wireless LAN and internal network
- Intrusion detection at wireless
LAN/internal network junction
- Vulnerability assessments of wireless access
points and other wireless infrastructure
- VPN from wireless station into internal network, providing end-to-end
encryption across the untrusted wireless network into the trusted
network. However, consider whether the VPN can handle the changes
when a station roams from one access point to another.
- Firewall between wireless LAN and internal network
- Security Policy & Architecture
- define a policy for how wireless
networks are to be used
- specify what is allowed and
what is not allowed
- What services, devices, protocols or
departments can use the Wirelss LAN
- What services, devices, protocols or
departments can use the Wirelss LAN
- specify what is allowed and
what is not allowed
- define a policy for how wireless
networks are to be used
- Discover unauthorised use
- search regularly in the following ways for
unauthorised access points or wireless LAN cards.
- Port Scanning
- Searching for unknown SNMP agents, web or Telnet interfaces that
might indicate that an access point is present on the network
- Searching for unknown SNMP agents, web or Telnet interfaces that
might indicate that an access point is present on the network
- MAC Address sniffing
- Searching for MAC addresses that lie within known MAC
ranges for access point and WLAN NIC manufacturers.
- Searching for MAC addresses that lie within known MAC
ranges for access point and WLAN NIC manufacturers.
- Warwalking
- Manual Scanning
- be aware you will detect signals
that are not in your building
- be aware you will detect signals
that are not in your building
- Manual Scanning
- Port Scanning
- search regularly in the following ways for
unauthorised access points or wireless LAN cards.
- Access point audits
- Standard configuration
- Passwords should be strong and
community strings should be correctly set.
- Unnecessary administration interfaces should be shut down,
and the remaining administration interfaces should use secure
protocols to prevent administrator passwords being intercepted.
- Access control lists on firewalls and routers should
be used to ensure only administrators have access
to the access point administration interfaces.
- WEP keys should be strong (not generated from
alphanumeric pass phrases) & should be secret. Backups of
access point configurations should not store the WEP keys.
- Stop transmitting SSID
- Standard configuration
- Station Protection
- Stations should have personal firewalls, IDS, AV
- Standardises configs for stations.
- Check stations regularly for config standards
- Stations should have personal firewalls, IDS, AV
- Location of AP's
- spread of the wireless radio signal outside the
building should also be considered, to try to limit the
possibility of the wireless signal being intercepted.
- If access points have omni-directional antennae,
they should be located in the centre of a building
and not located by windows or on external walls.
- The line of sight from the location of the
access point to the outside should be limited.
- Transmission strength should be turned
down from the default maximum to limit the
spread of the signal outside the building,
- spread of the wireless radio signal outside the
building should also be considered, to try to limit the
possibility of the wireless signal being intercepted.
- MAC Address locking
- Use MAC address ACL's to allow only devices
with MAC's in the ACL to connect to an AP
- MAC's are spoofable so this is only
good for low risk environments
- MAC's are spoofable so this is only
good for low risk environments
- Use MAC address ACL's to allow only devices
with MAC's in the ACL to connect to an AP
Möchten Sie kostenlos Ihre eigenen Mindmaps mit GoConqr erstellen? Mehr erfahren.