Wireless network security testing

Policies or no policies, though, the truth is that most organizations have more wireless systems -- especially more unsecured wireless systems -- running than they ever bargained for. There is planned wireless connectivity in training rooms, reception areas, and satellite offices as well as unplanned/rogue wireless in the form of Windows laptops running in ad-hoc mode and an access point set up by an employee for the sake of convenience. Or, there could be a malicious attacker running an "evil twin" access point to lure wireless users into his den of iniquity.

Whether or not you officially support wireless networks, various wireless security testing measures need to be on your security review checklist. Not doing so seems awfully risky given that most new computer systems have wireless built right in. This need for testing for wireless issues stands true even if you think your local airwaves are clear of network protocols or you only have one access point tucked away where nobody can get to it.

Even if you do support wireless and you think it's secure, unless you're running a wireless IDS or IPS system, it's likely you have vulnerabilities that a malicious external attacker or a rogue insider could exploit. Here's what you can do about it.

Wireless network security testing

 Home: Introduction
 Step 1: Build your arsenal of tools
 Step 2: Search for weaknesses
 Step 3: Dig in deep to demonstrate the threat

ABOUT THE AUTHOR: Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books including Hacking For Dummies, Hacking Wireless Networks For Dummies, Securing the Mobile Enterprise For Dummies (all by Wiley), as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver@principlelogic.com..
Copyright 2006 TechTarget

This series originally appeared on SearchWindowsSecurity.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Chapter 3: WLAN Security Which wireless network transmits business-sensitive data reliably? Securing Wireless Systems -- 'Build Your Own Security Lab: A Field Guide for Network Testing,' Chapter 9 Wireless LAN vulnerabilities WLAN Security Where can I find a wire driver that unblocks recognized passwords? Will using a VPN protect me against fake wireless hotspots? Fluke gets WLAN design, management, security cred with AirMagnet Is WPA2 secure enough for a commercial business wireless network? Health center cut cost securing wireless network edge with Aerohive Wi-Fi RTLS for WLAN management, location-based security, asset tracking Wireless LAN performance management and security standards beefed up How can I hide my WLAN's SSID in an Aruba AP-61? Wireless LAN security: SonicWall joins crowded WLAN market Stolen laptop recovery using remote access and wireless network SSIDs Troubleshooting Wireless Networks Meru reinvents wireless LAN troubleshooting and management APs drop connection in WLAN configured as a wireless mesh network How to plan for 802.11n wireless LAN upgrades Vendors strive to automate wireless LAN troubleshooting and management Fluke gets WLAN design, management, security cred with AirMagnet Wi-Fi RTLS for WLAN management, location-based security, asset tracking How radio frequency (RF) of microwaves alter wireless signal strength Distributed antenna systems and WLAN: A network management burden Wireless LAN management platforms key differentiator for WLAN vendors How is wireless access point (AP) coverage affected by frequency? Troubleshooting Wireless Networks Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary 802.11a  (SearchNetworking.com) home agent  (SearchNetworking.com) iDEN  (SearchNetworking.com) radio frequency  (SearchNetworking.com) repeater  (SearchNetworking.com) spectrum analyzer  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary