572672
Description
Mind Map by Craig Parker, updated more than 1 year ago
|
Created by Craig Parker
almost 11 years ago
|
|
u8.9 802.11b
Safeguards
- Treat Wireless as an
untrusted NW
- Firewall between wireless LAN and internal network
- Intrusion detection at wireless
LAN/internal network junction
- Vulnerability assessments of wireless access
points and other wireless infrastructure
- VPN from wireless station into internal network, providing end-to-end
encryption across the untrusted wireless network into the trusted
network. However, consider whether the VPN can handle the changes
when a station roams from one access point to another.
- Firewall between wireless LAN and internal network
- Security Policy & Architecture
- define a policy for how wireless
networks are to be used
- specify what is allowed and
what is not allowed
- What services, devices, protocols or
departments can use the Wirelss LAN
- What services, devices, protocols or
departments can use the Wirelss LAN
- specify what is allowed and
what is not allowed
- define a policy for how wireless
networks are to be used
- Discover unauthorised use
- search regularly in the following ways for
unauthorised access points or wireless LAN cards.
- Port Scanning
- Searching for unknown SNMP agents, web or Telnet interfaces that
might indicate that an access point is present on the network
- Searching for unknown SNMP agents, web or Telnet interfaces that
might indicate that an access point is present on the network
- MAC Address sniffing
- Searching for MAC addresses that lie within known MAC
ranges for access point and WLAN NIC manufacturers.
- Searching for MAC addresses that lie within known MAC
ranges for access point and WLAN NIC manufacturers.
- Warwalking
- Manual Scanning
- be aware you will detect signals
that are not in your building
- be aware you will detect signals
that are not in your building
- Manual Scanning
- Port Scanning
- search regularly in the following ways for
unauthorised access points or wireless LAN cards.
- Access point audits
- Standard configuration
- Passwords should be strong and
community strings should be correctly set.
- Unnecessary administration interfaces should be shut down,
and the remaining administration interfaces should use secure
protocols to prevent administrator passwords being intercepted.
- Access control lists on firewalls and routers should
be used to ensure only administrators have access
to the access point administration interfaces.
- WEP keys should be strong (not generated from
alphanumeric pass phrases) & should be secret. Backups of
access point configurations should not store the WEP keys.
- Stop transmitting SSID
- Standard configuration
- Station Protection
- Stations should have personal firewalls, IDS, AV
- Standardises configs for stations.
- Check stations regularly for config standards
- Stations should have personal firewalls, IDS, AV
- Location of AP's
- spread of the wireless radio signal outside the
building should also be considered, to try to limit the
possibility of the wireless signal being intercepted.
- If access points have omni-directional antennae,
they should be located in the centre of a building
and not located by windows or on external walls.
- The line of sight from the location of the
access point to the outside should be limited.
- Transmission strength should be turned
down from the default maximum to limit the
spread of the signal outside the building,
- spread of the wireless radio signal outside the
building should also be considered, to try to limit the
possibility of the wireless signal being intercepted.
- MAC Address locking
- Use MAC address ACL's to allow only devices
with MAC's in the ACL to connect to an AP
- MAC's are spoofable so this is only
good for low risk environments
- MAC's are spoofable so this is only
good for low risk environments
- Use MAC address ACL's to allow only devices
with MAC's in the ACL to connect to an AP
Want to create your own Mind Maps for free with GoConqr? Learn more.