Wireless network security testing

Wireless network security testing

All security administrators have 802.11-based wireless in their environments, right? Actually, many Windows administrators would be inclined to answer "no" or "in limited areas" to this question, which seems reasonable with all the "no wireless" and "limited wireless" policies I've seen lately.

Policies or no policies, though, the truth is that most organizations have more wireless systems -- especially more unsecured wireless systems -- running than they ever bargained for. There is planned wireless connectivity in training rooms, reception areas, and satellite offices as well as unplanned/rogue wireless in the form of Windows laptops running in ad-hoc mode and an access point set up by an employee for the sake of convenience. Or, there could be a malicious attacker running an "evil twin" access point to lure wireless users into his den of iniquity.

Whether or not you officially support wireless networks, various wireless security testing measures need to be on your security review checklist. Not doing so seems awfully risky given that most new computer systems have wireless built right in. This need for testing for wireless issues stands true even if you think your local airwaves are clear of network protocols or you only have one access point tucked away where nobody can get to it.

Even if you do support wireless and you think it's secure, unless you're running a wireless IDS or IPS system, it's likely you have vulnerabilities that a malicious external

    Requires Free Membership to View

    Login

    By submitting your registration information to SearchNetworking.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchNetworking.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

attacker or a rogue insider could exploit. Here's what you can do about it.

Wireless network security testing

 Home: Introduction
 Step 1: Build your arsenal of tools
 Step 2: Search for weaknesses
 Step 3: Dig in deep to demonstrate the threat

ABOUT THE AUTHOR: Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books including Hacking For Dummies, Hacking Wireless Networks For Dummies, Securing the Mobile Enterprise For Dummies (all by Wiley), as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver@principlelogic.com..
 Copyright 2006 TechTarget

This series originally appeared on SearchWindowsSecurity.com

Dig Deeper

This was first published in September 2006