Solutions Fast Track - Monitoring and Intrusion

[Guest arigano.spagety@gmail.com]

Dear Reader,

 

Designing for Detection

----------------------------

- Get the right equipment from the start. Make sure all of the

features you need, or will need, are available from the start.

 

- Know your environment. Identify potential physical barriers and

possible sources of interference.

 

- If possible, integrate security monitoring and intrusion detection

in your network from its inception.

 

Defensive Monitoring Considerations

------------------------------------------

- Define your wireless network boundaries, and monitor to know if

they’re being exceeded.

 

- Limit signal strength to contain your network.

 

- Make a list of all authorized wireless Access Points (APs) in your

environment. Knowing what’s there can help you

 

immediately identify rogue APs.

 

Intrusion Detection Strategies

-----------------------------------

- Watch for unauthorized traffic on your network. Odd traffic can be a

warning sign.

 

- Choose an intrusion detection software that best suits the needs of

your environment. Make sure it supports customizable

 

and updateable signatures.

 

- Keep your signature files current.Whether modifying them yourself,

or downloading updates from the manufacturer, make sure

 

this step isn’t forgotten.

 

Conducting Vulnerability Assessments

-------------------------------------------

- Use tools like NetStumbler and various client software to measure

the strength of your 802.11b signal.

 

- Identify weaknesses in your wireless and wired security

infrastructure.

 

- Use the findings to know where to fortify your defenses.

 

- Increase monitoring of potential trouble spots.

 

Incident Response and Handling

--------------------------------------

- If you already have a standard incident response policy, make

updates to it to reflect new potential wireless incidents.

 

- Great incident response policy templates can be found on the

Internet.

 

- While updating the policy for wireless activity, take the

opportunity to review the policy in its entirety, and make

 

changes where necessary to stay current. An out-of-date incident

response policy can be as damaging as not having one at all.

 

Conducting Site Surveys for Rogue Access Points

-------------------------------------------------------

- The threat is real, so be prepared. Have a notebook computer handy

to use specifically for scanning networks.

 

- Conduct walkthroughs of your premises regularly, even if you don’t

have a wireless network.

 

- Keep a list of all authorized APs. Remember, Rogue APs aren’t

necessarily only placed by attackers.A well-meaning employee

 

can install APs as well.

 

--- Thank You ---

 

James Conack

http://www.centronet.uni.cc