Wireless Security Best Practices Tutorial

15.1 Wireless Security Standards

Now that were almost at the end of the course. Let's discuss some of the things we've learned. Let's talk about wireless security best practices. Now these are things that you can do that are really between industry and government sources and professional organizations and security folks. These are the things that you can do to secure your networks wireless and wired To make them work together in the best possible way. That's kind of why they call them Best Practices. So these best practices are offered to secure wireless networks. Now a lot of these best practices are not necessarily required for your organization, unless you're under some sort of governance that may require them. For example, the Department of Defense is required to use Best Practices. Known as the STIGs, the Secure Technical Implementation Guides. But most of the time, organizations are not required to use best practices, but it's still a very good idea to do it. To ensure that you have maximum layered security measures on your wireless network. Now some of the best practices that we'll discuss with the next few sessions include things like policies of course, standards, design, clients, access points and even external or dual connections Now polices are obviously a good best practice. Simply because everything starts with policy. You can't implement something and you can't develop procedure for something unless you have a policy for it typically. Because you don't know what you are protecting and you don't know to the extent of your protecting it. Standards obviously is very important to us because we want to know to what degree something requires protecting. And we want to know exactly how we'll protect it, how far we'll go using what type of technology. What level of encryption, for example. And that's where standards come in. We talk about design best practices as well, simply because designing the network, both a wireless and a wired network, is very important in that that's where security really needs to start. Security doesn't need to start after the network has already been designed, built, and is working. And put it in as an afterthought. Security has to be engineered from the beginning to make sure that you cover everything that needs to happen in order for security controls to work. We also look at best practices with clients because that's one half of the equation. You have a client, and an access point, and the most fundamentalist. Most fundamental types of discussions on wireless networks. So you have to secure the clients in how they connect to the access point. We're going to talk about best practices for those, too. We're also going to of course look at the access point themselves. And we already talked about some best practices associated with them such as changing the default SSID and so forth. But there are plenty of other best practices we'll discuss. We'll also look at external connections. And these could be connections that maybe you have on your network where you have connections that go to the outside world or to a different wired or wireless networks. Now they should be secured to prevent data from passing between networks that shouldn't. We also look at dual connections. Form the perspective that some devices connect to both wired and wireless networks at the same time. So, we've kind of got to figure out how to keep data from passing from one network to the other, though this device. Or to keep unwanted hackers of course from using a wired network to attack a wireless or vice versa. So we'll look at best practices for those networks as well. Now where to these best practices come from? Well they come from Standards buy and large. We have several Standards to choose from When designing and building and securing wireless networks. And some of these are wireless standards in particular. And some of these are standards that may come from other practices, such as wired network practices or security practices. You can have standards that come from the WiFi Alliance for example. The group of vendors that actually produce WiFi equipment and you can also have them come from governmental agencies. Such as the Department of Defense for example. They have the wireless Secure Technical Implementation Guides or STIGS they're useful in securing DOD networks. But commercial entities Would get some value out of them as well. You also have the NIST special publications that we discussed earlier that can gie you really good guidelines for securing wireless networks. And there's plenty of them out there. And we'll discuss a few of those as we go along. There's also vendor recommendations. Vendors like Linksys, Cisco, D-Link, and so forth, have their own security recommendations that you should pay attention to when using their devices. We also have professional standards bodies such as the IEEE, for example. Those are the folks who actually produce the formal wireless standards. 802.11 A, B, G and N as well as 802.11 I. So they offer standards as well that we should pay attention to. Finally, security standards can also come from professional security organizations, people like Isaca or ISC Squared. Can produce best practices that you should go over and try to apply to your networks. So there's all kinds of standards out there that we'll discuss. And we'll talk about best practices for each of these areas that we just mentioned.

15.2 Designing the Network

No discussion of wireless security best practices would be complete without talking about design. Actually that's some of the fundamental best practices you need to adhere to. Security has to be designed into the network when you first put it on paper before you even open the box and install any equipment or configure it. You shouldn't be doing this later. And the reason for this is that you need to know what security features your going to be including in your network and plan for them. Many times a lot of systems both wired, wireless, and otherwise are connected together without thought of security, and once their in use, and once you've configured them, sometimes it's too late to back in and configure security. Without undoing everything you've done. So, you should be thinking about this before you design the network, before you even put the design on paper, before you even open the box and set anything up. Now, one thing about design is, you have to look at the network from a holistic point of view. You have to look at the entire network. And the organization itself. You have to determine what the true needs are, both from functionality and from security. You have to determine how things are going to connect together from an interface perspective. So you've really got know security in the design stage and you have to know how it affects the entire environment. Entire network and the people that use it. You should look at using layered security for all of your networks and what that means is don't rely on anyone's specific security feature or control by itself. Because that security control fails then you've got a wide open network. You should use layered security controls. Use a firewall, but also use encryption. Also use authentication and so forth. So use a multi layered approach in your design. Also look at it from a risks perspective. One of the risks of wired networks by allowing a wireless network access point to connect to them. How is the risk there from outsiders coming into your wired network It doesnt do you a lot of good to have a firewall setup on your perimeter of the wired network if you got a back door in the the form of an unsecured wireless access point connecting into it behind the firewall. So those a risks obviously. Now you'd mitigate those risk by securing that access point and maybe even putting a firewall behind it as it goes to the wired network. So you have to look at risks and you have to look at mitigating those risks One of the best design or best practices you can do is seperate the wireless LAN from the wired LAN by security devices such as firewalls and so forth. Now access controls. You want to require authentication to the wired LAN. Don't just allow anyone connect to wired LAN through the access point You also want to specify which resources the wireless LAN user can access on the wired lan. You don't want them to just be allowed to access anything. They only need to be able to access what they need to do their job. You may also want to use separate security profiles for different wireless LANs when you need to. If you have multiple wireless LANs connecting it may be a good idea to have different security profiles. Maybe one is for guest or public use. Maybe one is for security users. Maybe one is for general users. So you may want to look at it like that to segment everything out. [BLANK_AUDIO] You want to avoid dual-connected clients when possible. And these are clients that connect to both a wireless and a wired network at the same time. And the reason you want to avoid this is because you want to not allow an extra back door into the wired network through a wireless connection that's not controlled or vice versa. So you want to pay attention to any devices that have multiple connection interfaces. And these could be things like laptops with both blue tooth and wired connections, and wireless going at the same time. Cell phones that use cell technologies and wireless, tablets, and so forth. Because what you're putting there when it's connecting two different sources at the same time Your established a bridge between a controlled network and an uncontrolled network. So you may want to implement policies both technically and administratively to prevent devices from connecting two networks at once. For example, when a laptop connects to the wired network, it's wireless interface gets turned off. In vice versa. This is just things you can do to separate those networks and prevent those bridges from being established where you don't want them. Now you should look at standardizing all wireless connections to the extent that possibly can. Now this means having security policies that are identical It may not necessarily mean having the same keys. You may have different keys on different wireless networks. You may also have different authorizations for different wireless and wireless networks. But the policy should still be the same in terms of how strong your security is. You definitely also need the standardized hardware protocols, policies and architecture. Across the network and environment. You don't want to typically use a wide variety of hardware out there that may not work together. You also want to standardize your protocols. It wouldn't be a good idea, for example, to have a non-secure protocol such as FTP running on one network And secure show running on the other because obviously the network that has the non-secure protocol is wide open, so standardize those protocols. Also standardize your policies and your architecture. And finally, as far as design best practices go, you always want to document and update your architecture as you need. Don't let it be a stale document, make it a living document, and change it when something changes on the network. And document it so that the next person that comes along can read it and understand it and know how you secured the network and how they can continue to secure it as well.

15.3 Configuring Wireless Clients

Let's discuss another aspect of best practices in wireless security. And that's the client. Now we have to configure clients to securely access the network. And that means that security controls have to be enabled on them. So we want to configure clients to the highest level of security that their own hardware, their OS and the AP will support. Now, obviously we still have some clients out there that are a little bit older, that may have to use 802.11b network cards. And that typically means that WEP is about the only thing they can use in terms of encryption. Well, we want to get rid of those whenever possible, so that we can install something else, something newer in terms of operating system and network cards so that they can use higher security levels. You really need to ensure that your organization does not need this legacy hardware and OS When you're trying to upgrade this equipment folks should have to really have to justify hard to use these types of apps, the OSs that are older such as 2000 and so forth. And the legacy editor 2.11 B cards. s a very important so that you can use new things like WPA WPA two. 802.1x and so forth. You also need to review and approve and record all the client devices that are going to be used on your network. Don't just let anyone connect without permission. Take it through a, even if it's a small review process, at least do that so you can verify if they have the right kind of system that has the right kind of security of controls built into it To connect. You want to standardize client devices throughout the organization as much as possible. That includes configuration, hardware, and so forth. Now obviously if you're Here using organizationally supplied devices. That's fairly easy to do by an large. You may have two or three different sets of hardware or configurations. But that's not really bad to manage. What gets bad is when you You employ the Bring-Your-Own-Device mentality and a lot of organizations are seeing some cost savings by doing that but it also brings a lot of security issues with it. The Bring-Your-Own-Device mentality means that They can bring stuff from home, cellphones, tablets, laptops and connect to the corporate network. Now obviously you cant control the configurations on those devices because they dont belong to you. But you can enforce the fact that these devices cannot connect to your network, unless they meet certain security specifications. So first of all I would tell you limit this to only whats absolutely necessary If you have some important users that really need to bring their own device, maybe you need to think about buying them a company device. But if they bring their own, you are going to have to enforce device configurations and. Policies when they're used. You want to require corporate guest users also to submit an approval for devices that they use. And it needs to detail the devices type and configuration, what OS it uses, the MAC address on the card they're going to use and so forth so you can keep that in case you need to go back and revisit that list later to know who connected when. You want to be able to approve or reject those device request and for those who are approved, you want to record this information somewhere so you know who belongs to what device. Obviously restricted monitor guest access to wireless network as much as possible The other things we'll talk about with client best practices involve how to secure them in terms of wireless connections. We want to use WPA and WPA2 only. No WEP at all. And again this goes back to our legacy clients. If WEP is all they support you need to get rid of those clients. You need to upgrade them, buy new ones, and make sure that they can support newer security features. Now I realize all this is pie in the sky, idealistic type of best practices. But in a large organization you really need to try to push this. Because Those devices, especially those legacy devices, are going to be your weak links in the chain. Use 802.1 x throughout the wireless network in a large enterprise environment. This obviously means you'll have to have some other infrastructure, things like PKI certs and so forth. But it's a good idea in a big enterprise environment. You also might consider limiting the number of connections to each wireless access point if you need to. This would make them easier to manage and you would probably improve bandwidth for them. If you have 100 devices connecting to a very small access point, you're probably not going to have good bandwidth and throughput. And obviously, I would tell you to audit client connections whenever possible. Either by looking at the logs on a Wireless Access Point or in another network device, such as a firewall or other network access control device. And you might want to audit this by MAC address, wireless MAC card address. You also might want to audit it by user. And so forth. Audit these connections to the wireless network, so you know who connected when, and what they accessed from that point. This will help you if you need to have the information for any emergencies, incidents, or investigations.

15.4 Configuring Access Points

Now that we've discussed client security best practices, let's take a look at the wireless access point itself. And we've discussed some of these issues earlier when we talked about how to secure an AP, and how to configure it. But let's go over a few things again, and add a few others. We can secure access points really in three ways. By hardening the access point itself. By controlling client access to the access point. And by controlling the traffic that goes through it. So let's discuss all three of these. First of all Let's look at hardening the access points. We need to do this as much as practical while keeping functionality in mind. Now, obviously, there's some things right out of the box we want to configure. We want to change the administrator account and password, and we want to configure remote administration. We don't want to allow just anyone to remotely administer the box. And we want to configure secure protocols such as HTTPS in order to do that. And even possibly limit the number of clients that can perform remote administration on the access point. We also may look at changing the SSID, or SSID broadcast, to off. And changing that default SSID definitely. Now obviously this is security through obscurity. And really it's not very effective because modern sniffers can pick that information up. It can pick up the wireless network even if the SSID is not broadcast. And it can figure out through the use of beacon frames and so forth What kind of access point it is. However, this may slow the attacker down. And it may prevent them from figuring out what kind of access point you have. And the reason we may want to do that is to keep them from knowing what kind of vulnerabilities are inherent to those access points and taking advantage of them. For example, a given access point may have some known vulnerabilities. And by changing all of this information so it makes it harder to guess what kind of access point you're using. It may keep them from exploiting non vulnerabilities with those access points. So you're really protecting the AP itself. Not necessarily the wireless network. By the same token you may want to change it's default IP address range, and DHCP range. To something a little more obscure as well. Don't leave them in the factory default configurations because again those are easy to guess and it may make it easier to hack your wireless network. You also So what's change the host name as well to something unobtrusive don't leave it link says router or D link or whatever. Now channel and band you may want to change for a couple of different reasons. First maybe security because if you're in a different channel or using a different band that maybe hard to detect your wireless network and hack into it. But you'll also may want to change this for security reasons. because if a wireless hacker is out there sniffing and they find yours, then it makes it easier to hack. Interference would be another reason you might want to change that. Now we also want to control access To the access points from the clients. And there's several different ways we've discussed already. Let's reiterate, MAC filtering is one good best practice. It may keep unwanted clients from attaching themselves to your wireless access point, although we know that that's not extremely effective due to MAC spoofing. We know that using WPA and WPA2 encryption and authentication is very effective. And we definitely want to do that. If you're in an enterprise environment using 802.1X authentication is a very good best practice. It's almost a necessity in fact. In order to do that you have to have things like PKI certificates. Which means additional infrastructure in your network. You would have to install the PKI server and issue out certificates to clients and users. Obviously if your going to use preshort keys those need to be strong keys not weak keys and you would want to follow all of the standard rules for passphrase and password creation. Upper and lower special case numbers lengthen complexity of a pre shared key or password. Obviously you can use wi-fi protected setup where practical. And that would help you administer your network. A little bit easier and set up your clients a little bit easier to connect to the network. As far as controlling traffic through the access point itself, there's several different things you can use. You can do port and service filtering. And we saw how that worked on the access point we looked at. Whereas you can block or allow certain ports or services. In conjunction with that, you can also turn on the firewall services. Now obviously it would probably be better in an enterprise environment to use an enterprise-level device, such as a firewall or NAC, or so forth, behind that wireless access point so that you get more in-depth filtering, more robust security, and more robust access control. So think about that if you're in a bigger environment But if you're not, if you're in a SoHo environment, definitely turn on the firewall services on the access point itself. One thing that I put on the screen here is parental controls. And you'll find those on new Wireless Access Points. Now if you're in a home environment, that's probably a must. But you can still use that same feature in a small office environment to keep your employees from going to Bad sites and so forth, even if you don't have the benefit of a larger firewall or proxy server. They call them parental controls, but they can keep any user from going out and accessing things like hacker sites, pornography sites. And so forth. So if you have that on your WAP you may want to turn it on. So there's different ways you can control traffic through the access points. If you're in an enterprise environment, look at enterprise solutions as well.

15.5 Securing Users

You may not think that configuring your users is a good idea, however since users are the most complex piece of your network. You might as well give it a try. And there's several things you can do to help your users secure your network. So let's look at configuring your users. The first thing you'd want to do obviously is to educate your users on security best practices, but do it on their level. You don't have to give them the technical details of how WPA or WPA2 works. But you do have to educate them on things that can go wrong on the wireless network. Obviously you've probably already been educating them on things like phishing and malware and use of their privileges and how to construct and use a password. But you can also educate them on how the wireless network works on a very basic level. And why encryption and authentication are important Why they have to use those long pass phrases to connect and so on. So educate them on those best practices. You also from a legal and professional and governance perspective need to have your users read and sign an acceptable use agreement. Have them read this carefully and you also need to explain to them to make sure they understand it. And you need to have things in this agreement that detail what they can and can't do and what the consequences will be if they violate the rules and make them agree to it. Also let them know in that agreement that their use is subject to monitoring. And that you do actually look at their traffic. That's a big deterrent but it also can protect you legally. Now before allowing access to the wireless network, you might want to review the job requirements of employees before granting that accessing or by granting them any excessive privileges or resource access. If an employee does not need wireless access to the network because they don't travel or telecommute, or something like that, then they shouldn't get it. If they use a desk computer all day long, they probably are connected to the wired network anyway. In any case get approval from their bosses, formal approval before granting access requests. Because you don't want to just give this access to everybody for a lot of different reasons. Security obviously is one of them, provisioning is another, managing all those users is headache sometimes. So the fewer the better. Probably limit those request to only people who work from home, who come in to the office occasionally with a laptop. People who travel and so forth. You definitely want to monitor your users actions on the network as much as you legally and ethically can and you need to let them know that you do this. This doesn't need to be in secret. If you tell people that you're watching them and you reinforce this. And you put it in the user agreement they have to sign then you're legally protected. You want to do this because just the knowledge that you're monitoring them can be a deterrent to computer misuse or misusing the wireless network. So this shouldn't be a secret keep your audit logs from your wireless devices and hosts and so forth, and review them frequently. This will tell you if anyone's abusing the network, or if a client is connecting to the wireless network that should not be You want to maintain an investive capability in house for your organization to detect user misuse, intrusion from the outside and possible hacking. And that includes not only your wireless devices but your wired devices as well but you want to make sure that you really watch the wireless network for those things because those are entry points into the wired network. And finally, don't necessarily look at your users as the worst piece of the puzzle. They actually can be very helpful in securing your network and helping you do that. From a good customer service perspective, you probably ought to take the time to figure out and discover what realistic Connection and wireless access needs the users have. And you should probably try to accommodate them as much as you can, but don't compromise security in the process. Remember that security is a balance between functionality, security, and resources. Often, you can have a lot of security, but not much functionality. Or you would like to have more security, but you don't have the resources for it. So it is a balance. You need to keep that balance. Big successful users and keep a dialogue open. This will help you uncover possible problems that their having on the wireless network and the wired network. Faster and easier. You may detect problems that way that you wouldn't detect by reviewing logs. So these are some best practices for your users. Education, obviously, auditing, definitely, having them sign the user agreement and knowing what the expectations are, all of these best practices will help you secure your users.

15.6 Connecting Different Networks

Let's look at best practices when connecting wireless networks to other networks. Now obviously, we may not have just a wireless network in our organization. We're probably connecting it to a corporate wired network because we have mobile users that may travel around the company campus or come in from telecommuting with a wireless laptop And sit down in a type of hotel type of office, a general use office, and connect to the network. So, you need to initiate some best practices to keep that connection secure. So, you've got to control the connections between wireless networks to wired networks, obviously, and wireless clients to those networks. Some of the things you have to look at include interfaces, both on the clients and on the access points and servers. Also authentication, resource access, and so forth. The bottom line for network connections is secure design obviously, and risk management. Now all connections to other networks, such as the wired network, or even the Internet, must be protected by border devices. And I'm talking firewalls, border routers and so forth. What you would do is you would have a wireless access point, or multiple wireless access points, and behind each of them there would be a firewall or a centralized connection device Where all of them go through first before they connect to the wired network. And this would protect you from intrusions this would also prevent unauthorized protocols and traffic from coming into the network. So you would only allow protocols into the wired network. From that wireless concentrator that are necessary. You also need to only allow a certain prescribed set of users in from the wireless network. Every employee probably shouldn't have access to the wireless network into the wired. Only those who really need it. Who may telecommute from home and come in occasionally, one or two days a week. They sit in the breakroom with a laptop and connect to the network for a few minutes. Those kinds of users are probably the ones you want. Or mobile users, sales associates, things like that. In any case, only a certain set of users should be allowed to. You want to use 802.1X authentication for both devices and users so that you can track And manage which clients can connect, which devices can connect to the wired network. As well as which which users can, as well, and you can do this using 802.1X authentication because it can use a multiple of different authentication protocols such as EP, ETLS, it can also use certificate based. Authentication, which is probably the best and most robust authentication you can use. Use the highest encryption method as well. Now, when we're talking about using 802.1x You may have to also implement some other kinds of infrastructure in your network, like a certificate server for example. This will enable you to issue client and user certificates that would allow devices and users to connect to the network. Now once you've allowed them to connect, you only want wireless clients to be able to access limited resources. Perhaps if they're sitting on the wireless network they can access a great many things. But if they're on the wireless network coming in Maybe you should only allow them access to things like the email server, or a certain file share. Or a certain share point site, for example. So you limit those resources because they don't need access to everything. If they need more access, then maybe you need to think about plugging them in to a wired interface. You may want to look at separating groups of wireless users by what they do, by their job, their privilege level and their access need. Obviously guests would be separated from everyone else because their access needs would be very limited. Normal users and administrators too would need to be separated. And you would need probably tighter security on those wireless users that were also administrators and performing administrative functions on the network. But even among regular users, you might have separate groups such as, marketing and finance and so forth that have separate access needs. For example, the finance folks who use the wireless network only need access to the finance records File shares, servers, and so forth. Marketing folks may not need that. So you'd want to separate these groups of wireless users if you need to. Another thing you may want to look at is disallowing multiple connections from devices while they're connected to the corporate network. So when I'm connected with a wireless client to the wireless access point that goes into the corporate network, maybe I use VPN blocking to prevent any Internet access that doesn't go through the corporate firewall. Or maybe I have a device and I don't use Or allow a wired connection and a wireless connection at the same time. Because that's basically serving as a router per se into your network. So you might want to have it configured to turn another interface off automatically when another one is turned on. So you also want to allow wireless connections into the wired network from Only certain locations. Maybe a common office area that folks come in from home and they use when they connect. Common office area where the wireless access point is, or maybe some other area. Obviously, you'd want to protect that wireless access point, but you don't want to necessarily allow people to drive into the parking lot and be able to access it. So they would have to come in and sit in a certain room Controlled area to what access a wireless network. So that's one way of protecting it as well. So all these are best practices for securing a wireless network or connections.

15.7 Corporate Policies

Let's discuss best practices, with regards to security policies. Now security policies aren't a technical control, however, they start everything in the organization, as far as security is concerned. You have wireless policies, network policies, and so forth. And you also have procedures and standards that help you implement these policies. Policies are requirements. We don't just turn certain protocols on or off, or buy security equipment just because we want to. We do it because there's a requirement. And that typically comes from policy or governance. So governance and policy drives whatever we do to secure the wireless network. Now as far as policies go, we need to ensure that they're written And they're proved policies for a wide variety of things. And on the screen there are just a few examples of those things that policies need to be developed for. Standardization of equipment is one, and technologies. Because we don't want to have a hodge podge of different equipment out there that has different security technologies configured on it. One wireless access point may not be able to do WPA2, for example, and another one can. So you want standardization so you can have the same level of security across the network. We also want an approved design policy. We want the design to be looked at and to be approved by management as well as the technology folks. So that everybody knows what's being implemented on the network. We definitely want a configuration change and control process policy. Because you don't want people arbitrarily making changes to the wireless network. It's. Technologies, its protocols, and so forth, unless there's a process in place to review and approve those changes. A change that's arbitrarily made will definitely impact the security and probably the functionality of the entire wireless network, and you don't want to find out on a Monday morning that someone changed something over the weekend that they shouldn't have And now no one can access the wireless network. So that's why you have this process in place. Another policy we mentioned earlier was an acceptable use policy. This tells users what they can and can't do on the organization's wireless network. It tells them how they can connect, what they can connect with in terms of clients and devices. It tells them what password and pass phrase requirements they have to have. It talks about encryption, authentication, and so forth. It may also discuss resource access. However you develop the policy, just make sure that the users know what it is, review it, and sign it. And that will protect you legally. Other policies may include encryption and authentication requirements that specify the use of things like WPA or WPA2 or 802.1x. If there's no policy and you're configuring encryption on wireless access point You may have certain pockets of users that insist that they don't have to follow that. Because there's no written policy, they can use WEP instead because it's easier. If there's an overall organization policy that will help you enforce security requirements. A policy for device and network connection is also necessary so that you don't just have any arbitrary device connecting to the wireless network Obviously policies on privileged use should be there because normal users should not have administrative privileges on the wireless networks. And administrators who do have those privileges also need to be monitored and controlled. You also need a policy probably for security testing. This will involve the ability to test your network for vulnerabilities. You need to specify in the policy that not just anyone can do that. because you don't want normal users and employees hacking into your network and claiming that they were checking for security vulnerabilities. That should be against the policy. So you'll have a policy for security testing. You need to tell who's responsible for doing it, when it's done and how it's done. Now wireless policies should complement and be a part of the organization's overall network and security policies. They shouldn't replace or override any of those policies. They just become a natural part of them. And some policies may cover wide variety of things. Your acceptable use policy both wired and wired networks. Your network connection policy may cover both. So you probably aren't going to do too many policies that are very wireless specific. Now policies, obviously, should not be documents that just sit and never get looked at. They should be reviewed periodically for change because new technologies come out and new threats emerge. So you have to keep your policies fresh and updated with those things. So you would plan on reviewing them every now and then, periodically. And changing them when necessary.

15.8 Security Testing

To round out our discussion on best practices, let's look at wireless security testing best practices. Now this has been a major topic during the course of our discussion and it's a good idea to talk about just some general best practices that we may not have mentioned already. With regards to wireless security testing. Wireless security can be done informally. Obviously some of the hacking things we've discussed are informal types of tests. However. Penetration testing relay is a formalized security assessment. You want to do this the right way. And when we say formalized, that means you get an agreement and a test plan in coordination with the manager or the customer that owns the wireless network you're testing. Now it could be an internal network that you own and you want to periodically test. Or you may be testing a customer's network. Either way, document this carefully and make sure everyone knows what's going on who needs to know. Managers, customers, and so forth. You want to get agreement and you want to provide a test plan so that you don't unnecessarily interrupt the operations of the network. You also may want to let them know what you're doing and to a certain extent, how you're doing it. So they can plan on outages, if necessary, or backing up equipment, if necessary. Now, as far as the formal security assessments go, these may be on a periodic basis, once a year, once every two years, once every six months. It [INAUDIBLE] It really depends upon the customer. If you own the network, let's say you're the security administrator. You may also want to randomly audit certain aspects of the network on a continual basis. Maybe audit so many devices per month. Or maybe audit passwords once a month, or something like that. You also may want to check for rogue access points every now and then. One technique that you need to do is scan the wireless network both as an authenticated user with the right credentials and as an outsider to see if you can actually bypass security mechanisms in either case. [BLANK_AUDIO] You need to test both encryption and authentication controls. To make sure that those controls are functioning the way they were intended to. Make sure encryption is working. Make sure your authentication system is working correctly, and so forth. You want to perform wireless sniffing and packet capturing on your wireless networks, to see what's coming through that's not encrypted. You may want to capture and attempt to crack keys, obviously, WPA and WEP keys. You also may try to capture and attempt to crack passwords, especially if you see them in plain text. This will help you to determine if users are using the right password strength rules. Or if they're using good passwords or bad passwords. And you definitely want to know if they're encrypted or not. You may want to attempt packet injection in the network in an attempt to de-authenticate clients, or for some other kinds of attacks you may come up with. You also, obviously, want to scan for rogue or unapproved access points that may be entry points into your network that aren't allowed or that may persuade your users to connect to these rogue access points, to steal their data. So check for those periodically. Definitely attempt to bypass wireless network access controls. And see how far you can get access to the wired network. If you're able to successfully crack the wireless network and get through to the wired, see how far you can go Provided you have the right tools and permissions. You will want to be able to tell your manager or customer not only the issues with the wireless network, but what other issues in the wireless network that may be there that are weaknesses that may allow wireless attackers to get into your wired network and steal data. So within the parameters of your test and the permissions you have, see how far you can get on a wired network as well. You want to provide a detailed comprehensive report to your customer or manager whenever you do wireless hacking or whenever you, Find something especially wrong with the wireless network that could lead to data disclosure or destruction or modification. If you periodically or randomly scan wireless networks, just provide a simple report that tells what you're doing on an ongoing basis. If it's a single event that maybe only happens once a year or something, it's probably going to be a more detailed, comprehensive report. In addition to telling the customer or the manager what's wrong, you also want to tell them how to fix it. So, provide good recommendations on how to fix these issues. For example. Whether they need to implement WPA2, or 802.1X and so forth. Whether their users need to use stronger passwords and so forth. Tell them how they can fix their problems, and how they can mitigate the risks. That come along with the wireless network. As a penetration tester, especially a wireless one, you want to keep up with the latest wireless attacks by reading publications, by looking at blogs, or just keeping up with the profession. And learn how these attacks work and how you can test for them to see if your networks are vulnerable And more importantly how to defend against them and fix them so that they're not an issue anymore. And there are plenty of other wireless security testing best practices out there, and there are some good references that you can use to get some of these best practices and use them, but obviously, experience is probably going to give you some of the best practices you'll ever have.

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Work Email*
Phone Number*
Job Title*