Guest arigano.spagety@gmail.com Posted July 21, 2008 Posted July 21, 2008 Dear Reader, Designing for Detection ---------------------------- - Get the right equipment from the start. Make sure all of the features you need, or will need, are available from the start. - Know your environment. Identify potential physical barriers and possible sources of interference. - If possible, integrate security monitoring and intrusion detection in your network from its inception. Defensive Monitoring Considerations ------------------------------------------ - Define your wireless network boundaries, and monitor to know if they’re being exceeded. - Limit signal strength to contain your network. - Make a list of all authorized wireless Access Points (APs) in your environment. Knowing what’s there can help you immediately identify rogue APs. Intrusion Detection Strategies ----------------------------------- - Watch for unauthorized traffic on your network. Odd traffic can be a warning sign. - Choose an intrusion detection software that best suits the needs of your environment. Make sure it supports customizable and updateable signatures. - Keep your signature files current.Whether modifying them yourself, or downloading updates from the manufacturer, make sure this step isn’t forgotten. Conducting Vulnerability Assessments ------------------------------------------- - Use tools like NetStumbler and various client software to measure the strength of your 802.11b signal. - Identify weaknesses in your wireless and wired security infrastructure. - Use the findings to know where to fortify your defenses. - Increase monitoring of potential trouble spots. Incident Response and Handling -------------------------------------- - If you already have a standard incident response policy, make updates to it to reflect new potential wireless incidents. - Great incident response policy templates can be found on the Internet. - While updating the policy for wireless activity, take the opportunity to review the policy in its entirety, and make changes where necessary to stay current. An out-of-date incident response policy can be as damaging as not having one at all. Conducting Site Surveys for Rogue Access Points ------------------------------------------------------- - The threat is real, so be prepared. Have a notebook computer handy to use specifically for scanning networks. - Conduct walkthroughs of your premises regularly, even if you don’t have a wireless network. - Keep a list of all authorized APs. Remember, Rogue APs aren’t necessarily only placed by attackers.A well-meaning employee can install APs as well. --- Thank You --- James Conack http://www.centronet.uni.cc
Recommended Posts