Understanding Wireless Security Audits and Best Practices

 
LM 10. Wireless Security
Audit
 
IT4833 Dr. Lei Li
 
 
Learning Objectives
 
After this module, student will be able to:
Explain what is security audit
Identify the types of security audit
Discuss the best practices for security audit
Discuss the purpose of security audit
Discuss the tools used for security audit
 
2
 
Security Audit
 
Systematic evaluation of the security
Identify security problems and gaps, as well as system
weaknesses
Establish a security baseline that future audits can be
compared with
Comply with internal organization security policies
Comply with external regulatory requirements
Determine if security training is adequate
Identify unnecessary resources
 
Types of Security Audit
 
 
Image source: https://searchcio.techtarget.com/definition/security-audit
 
Systems an Audit Cover
 
Network vulnerabilities
Security controls
Encryption
Software systems
Architecture management capabilities
Telecommunications controls
Systems development audit
Information processing
 
Steps Involved in a Security Audit
 
Agree on goals
Define the scope of the audit
Conduct the audit and identify threats
Evaluate security and risks
Determine the needed controls
 
Test vs. Assessment vs. Audit
 
An audit – validation
Test – check a specific system
Assessment – a planned test
 
Wireless Security Audit
 
Layer 1 Audit
Layer 2 Audit
WLAN Security Audit
Wired Infrastructure Audit
Social Engineering Audit
Wireless Intrusion Prevention System (WIPS) Audit
 
Layer 1 & 2 Auditing Tool
 
Layer 1 Audit – determine RF coverage
Layer 2 Audit – detect rogue device
Tools
Protocol sniffers/analyzers (ex. Wireshark)
2.4/5 GHz signal injectors.
Offensive tools (mdk3, Void11, Bugtraq, IKEcrack, FakeAP, etc.)
 
WLAN Security Audit Tool
 
How a WLAN may be compromised
Protocol sniffers/analyzers (ex. Wireshark).
Wireless discovery tools (ex. NetStumbler, Kismet, Win Sniffer, WiFiFoFum,
etc.).
Encryption/Authentication breaking (testing) tools (aircrack-ng, custom
scripts, all kinds of cryptoanalysis tools).
 
Wired Infrastructure Audit
 
Inspection of the firewall used to restrict WLAN user access to certain
network resources.
Switchport interfaces that are unused should be disabled.
A strong password should be used, and protocols with built-in
encryption should be used (HTTPS, SSH), if possible.
 
Social Engineering Audit
 
Uses non-technical approaches
Security awareness campaigns
 
Wireless Intrusion Prevention Systems
 
Detecting and preventing the usage of unauthorized wireless devices
A set of dedicated passive sensors
 
Image source: https://www.tutorialspoint.com/wireless_security/wireless_security_tools.htm
 
References
 
https://searchsecurity.techtarget.com/IT-security-auditing-Best-
practices-for-conducting-audits
https://www.tutorialspoint.com/wireless_security/wireless_security
_tools.htm
Slide Note

Wireless Security

IT4833/6833

Embed
Share

Explore the world of security audits with a focus on wireless networks. Learn about the types of security audits, best practices, and the steps involved. Discover the importance of systematic evaluations, identifying vulnerabilities, establishing baselines, and compliance considerations. Dive into the tools used, such as RF coverage detectors, protocol sniffers, and offensive tools for auditing wireless layers. Enhance your understanding of security audits for robust network protection.


Uploaded on Aug 04, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. LM 10. Wireless Security Audit IT4833 Dr. Lei Li

  2. Learning Objectives After this module, student will be able to: Explain what is security audit Identify the types of security audit Discuss the best practices for security audit Discuss the purpose of security audit Discuss the tools used for security audit 2

  3. Security Audit Systematic evaluation of the security Identify security problems and gaps, as well as system weaknesses Establish a security baseline that future audits can be compared with Comply with internal organization security policies Comply with external regulatory requirements Determine if security training is adequate Identify unnecessary resources

  4. Types of Security Audit Image source: https://searchcio.techtarget.com/definition/security-audit

  5. Systems an Audit Cover Network vulnerabilities Security controls Encryption Software systems Architecture management capabilities Telecommunications controls Systems development audit Information processing

  6. Steps Involved in a Security Audit Agree on goals Define the scope of the audit Conduct the audit and identify threats Evaluate security and risks Determine the needed controls

  7. Test vs. Assessment vs. Audit An audit validation Test check a specific system Assessment a planned test

  8. Wireless Security Audit Layer 1 Audit Layer 2 Audit WLAN Security Audit Wired Infrastructure Audit Social Engineering Audit Wireless Intrusion Prevention System (WIPS) Audit

  9. Layer 1 & 2 Auditing Tool Layer 1 Audit determine RF coverage Layer 2 Audit detect rogue device Tools Protocol sniffers/analyzers (ex. Wireshark) 2.4/5 GHz signal injectors. Offensive tools (mdk3, Void11, Bugtraq, IKEcrack, FakeAP, etc.)

  10. WLAN Security Audit Tool How a WLAN may be compromised Protocol sniffers/analyzers (ex. Wireshark). Wireless discovery tools (ex. NetStumbler, Kismet, Win Sniffer, WiFiFoFum, etc.). Encryption/Authentication breaking (testing) tools (aircrack-ng, custom scripts, all kinds of cryptoanalysis tools).

  11. Wired Infrastructure Audit Inspection of the firewall used to restrict WLAN user access to certain network resources. Switchport interfaces that are unused should be disabled. A strong password should be used, and protocols with built-in encryption should be used (HTTPS, SSH), if possible.

  12. Social Engineering Audit Uses non-technical approaches Security awareness campaigns

  13. Wireless Intrusion Prevention Systems Detecting and preventing the usage of unauthorized wireless devices A set of dedicated passive sensors Image source: https://www.tutorialspoint.com/wireless_security/wireless_security_tools.htm

  14. References https://searchsecurity.techtarget.com/IT-security-auditing-Best- practices-for-conducting-audits https://www.tutorialspoint.com/wireless_security/wireless_security _tools.htm

Related


More Related Content

giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#