 |
|
| Security Channel Tips: |
|
|
|
NETWORK SECURITY
Assessing Wi-Fi vulnerability: A checklist
Lisa Phifer
12.04.2006
Rating: --- (out of 5)
|
Vulnerability assessments are the key to keeping your customers' WLAN secure. Use this checklist, originally part of the Wireless Security Lunchtime Learning series on SearchSecurity.com, to make sure you know how to help your customers prevent attacks.
Vulnerability assessments can help you find and fix WLAN weaknesses before attackers take advantage of them. But where do you start? What should you look for? Have you covered all the bases? This checklist will help to answer these questions.
1. Discover nearby wireless devices
You can't assess a WLAN's vulnerabilities if you don't know what's out there. Start by searching for wireless devices in and around your customer's office, creating a foundation for subsequent steps.
[IMAGE] Which channels have active traffic in the 2.4 GHz band?
[IMAGE]Which channels have active traffic in the 5 GHz band?
[IMAGE]Are there sources of non-802.11 interference in these frequency bands?
For each discovered 802.11 access point, document:
For each discovered 802.11 station, document:
2. Investigate rogue devices
For non-802.11 sources of interference (e.g., microwave ovens, Bluetooth, cordless phones), a spectrum analyzer can help you fingerprint the source. For 802.11 devices, compare survey results to the existing inventory to isolate unknown devices that require further investigation. Note that looking for activity in bands and channels that your customer doesn't normally use can help you spot devices trying to evade detection.
3. Test your customer's access points
Next, turn you attention to your own WLAN resources, starting with the APs that deliver wireless services to users. Those APs are located in a network that may contain both trusted and untrusted devices. As such, they should be subjected to the same penetration tests that you run against perimeter firewalls and access routers that face the Internet. Questi
To continue reading for free, register below or login
To read more you must become a member of SearchSecurityChannel.com
ons that you should try to answer about each AP include the following:
4. Test your customer's stations
Some stations may not have been active during your survey, so make sure to hit every 802.11-capable device on the asset inventory, including laptops, desktops, PDAs, VoIP handsets, printers, scanners and headsets. You may want to "ping scan" wireless subnets to locate stealth devices that eluded earlier detection. Then, try to answer the following questions about each wireless station that your customer owns:
5. Test your customer's WLAN infrastructure
Finally, assess the security of any network infrastructure devices that participate in the wireless subnet, including wireless switches, firewalls, VPN gateways, DNS servers, DHCP servers, RADIUS servers, Web servers running captive portal login pages and managed Ethernet switches.
Like the APs, all of these devices should be subject to the same penetration tests normally run against Internet-facing servers. For example, captive portals should be subject to tests normally run against a DMZ Web server, including tests designed to assess that program/version for known vulnerabilities that may need to be patched.
Most infrastructure tests are not specific to wireless, but additional tests may be appropriate for 802.1X infrastructure. For example, you may test the RADIUS server's ability to gracefully reject badly-formed EAP messages, including bad EAP lengths and EAP-of-death.
6. Apply your test results
Unfortunately, no checklist can help you with this final step. It's time to review your test results and assess the vulnerabilities you may have uncovered. Eliminate vulnerabilities where possible, and narrow the window of opportunity for exploiting the rest. For example, if you found Telnet on the APs, decide whether and how to disable that service. Can your customer use SSH instead of Telnet to administer your APs? Can you restrict SSH to Ethernet so the daemon can't be probed over wireless?
Once you've applied fixes, repeat tests to verify the result is now what you expected. Ideally, vulnerability assessments should be repeated at regular intervals to detect and assess new wireless devices and configuration changes. Also look for opportunities to automate your tests, making them faster, more consistent and more rigorous.
About the author
Lisa Phifer owns Core Competence, Inc., a consulting firm specializing in network security and management technology. Core Competence produces The Internet Security Conference (TISC), an annual symposium for network security professionals. Phifer has been involved in the design, implementation, and evaluation of data communications, internetworking, security, and network management products for nearly 20 years.
This tip originally appeared on SearchSecurity.com.
|
|
|
|
|
|
|
|
|
| TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of . |
|
| |
All Rights Reserved, , TechTarget |
|
|
|
|
|
