u8.9 802.11b Safeguards

Descripción

Masters Degree Network Security Mapa Mental sobre u8.9 802.11b Safeguards, creado por Craig Parker el 23/02/2014.
Craig Parker
Mapa Mental por Craig Parker, actualizado hace más de 1 año
Craig Parker
Creado por Craig Parker hace casi 11 años
51
1

Resumen del Recurso

u8.9 802.11b Safeguards
  1. Treat Wireless as an untrusted NW
    1. Firewall between wireless LAN and internal network
      1. Intrusion detection at wireless LAN/internal network junction
        1. Vulnerability assessments of wireless access points and other wireless infrastructure
          1. VPN from wireless station into internal network, providing end-to-end encryption across the untrusted wireless network into the trusted network. However, consider whether the VPN can handle the changes when a station roams from one access point to another.
          2. Security Policy & Architecture
            1. define a policy for how wireless networks are to be used
              1. specify what is allowed and what is not allowed
                1. What services, devices, protocols or departments can use the Wirelss LAN
            2. Discover unauthorised use
              1. search regularly in the following ways for unauthorised access points or wireless LAN cards.
                1. Port Scanning
                  1. Searching for unknown SNMP agents, web or Telnet interfaces that might indicate that an access point is present on the network
                  2. MAC Address sniffing
                    1. Searching for MAC addresses that lie within known MAC ranges for access point and WLAN NIC manufacturers.
                    2. Warwalking
                      1. Manual Scanning
                        1. be aware you will detect signals that are not in your building
                  3. Access point audits
                    1. Standard configuration
                      1. Passwords should be strong and community strings should be correctly set.
                        1. Unnecessary administration interfaces should be shut down, and the remaining administration interfaces should use secure protocols to prevent administrator passwords being intercepted.
                          1. Access control lists on firewalls and routers should be used to ensure only administrators have access to the access point administration interfaces.
                            1. WEP keys should be strong (not generated from alphanumeric pass phrases) & should be secret. Backups of access point configurations should not store the WEP keys.
                              1. Stop transmitting SSID
                              2. Station Protection
                                1. Stations should have personal firewalls, IDS, AV
                                  1. Standardises configs for stations.
                                    1. Check stations regularly for config standards
                                    2. Location of AP's
                                      1. spread of the wireless radio signal outside the building should also be considered, to try to limit the possibility of the wireless signal being intercepted.
                                        1. If access points have omni-directional antennae, they should be located in the centre of a building and not located by windows or on external walls.
                                          1. The line of sight from the location of the access point to the outside should be limited.
                                            1. Transmission strength should be turned down from the default maximum to limit the spread of the signal outside the building,
                                            2. MAC Address locking
                                              1. Use MAC address ACL's to allow only devices with MAC's in the ACL to connect to an AP
                                                1. MAC's are spoofable so this is only good for low risk environments
                                              Mostrar resumen completo Ocultar resumen completo

                                              Similar

                                              CCNA Security 210-260 IINS - Exam 1
                                              Mike M
                                              CCNA Security 210-260 IINS - Exam 2
                                              Mike M
                                              SY0-401 Part 1 (50 questions)
                                              desideri
                                              CCNA Security 210-260 IINS - Exam 1
                                              Ricardo Nuñez
                                              CCNA Security 210-260 IINS - Exam 3
                                              irvin pastora
                                              1.3 Network and Security Components
                                              DJ Perrone
                                              U1. OSI 7 Layer Reference Model
                                              Craig Parker
                                              Types of Attacks
                                              River L.
                                              CCNA Security 210-260 IINS - Exam 1
                                              irvin pastora
                                              Network Security Vocabulary
                                              Shantal K Green
                                              Maximizing Efficiency: A Comprehensive Guide to Cloud Services for Your Business
                                              Andrew James