Wireless network security testing

Policies or no policies, though, the truth is that most organizations have more wireless systems -- especially more unsecured wireless systems -- running than they ever bargained for. There is planned wireless connectivity in training rooms, reception areas, and satellite offices as well as unplanned/rogue wireless in the form of Windows laptops running in ad-hoc mode and an access point set up by an employee for the sake of convenience. Or, there could be a malicious attacker running an "evil twin" access point to lure wireless users into his den of iniquity.

Whether or not you officially support wireless networks, various wireless security testing measures need to be on your security review checklist. Not doing so seems awfully risky given that most new computer systems have wireless built right in. This need for testing for wireless issues stands true even if you think your local airwaves are clear of network protocols or you only have one access point tucked away where nobody can get to it.

Even if you do support wireless and you think it's secure, unless you're running a wireless IDS or IPS system, it's likely you have vulnerabilities that a malicious external attacker or a rogue insider could exploit. Here's what you can do about it.

Wireless network security testing

 Home: Introduction
 Step 1: Build your arsenal of tools
 Step 2: Search for weaknesses
 Step 3: Dig in deep to demonstrate the threat

ABOUT THE AUTHOR:

Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books including Hacking For Dummies, Hacking Wireless Networks For Dummies, Securing the Mobile Enterprise For Dummies (all by Wiley), as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver@principlelogic.com.. Copyright 2006 TechTarget

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Firewalls Network security assessment for network infrastructure Hacking for Dummies, 2nd edition: Chapter 9 How can I disable file transfer in MSN Messenger? Hacking for Dummies: Test your firewall rules Setting up IPsec bypass Automatic exceptions: IPsec bypass The hacker handbook: Eleven tips in eleven minutes Cisco patches flaws in multiple products Rootkits: Managing the threat with prevention measures Windows Hardening Expert Advice Microsoft Windows Network Security Are tougher NACs needed in your shop? Setting your Windows security assessment expectations, step by step Restricting user permissions in folders Windows XP folder permissions management NTFS permissions control: Who will watch the watcher? Top Windows server hardening tips of 2006 Safe and secure Windows logging practices Eliminate zero-day threats with virtual server technology Permitting Ping: ICMP Exceptions Stop unauthorized access Intrusion Detection Systems Buffer overflows can be prevented by GS cookies PatchGuard defends against rootkits in Windows Vista How did a rootkit get on my Windows machine? Can an antivirus program stop phishing attacks? An introduction to Google Hack Honeypots Step 3: Application-level filters Step 4: Software restriction with Group Policy Challenge 9: The Root of the Problem Malware removal handbook Penetration testing for Windows systems Intrusion Detection Systems Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Security Descriptor Definition Language  (SearchWindowsSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary