|
Posted by arigano.spagety@gmail.com on July 20, 2008, 11:14 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Dear Reader,
Designing for Detection
----------------------------
- Get the right equipment from the start. Make sure all of the
features you need, or will need, are available from the start.
- Know your environment. Identify potential physical barriers and
possible sources of interference.
- If possible, integrate security monitoring and intrusion detection
in your network from its inception.
Defensive Monitoring Considerations
------------------------------------------
- Define your wireless network boundaries, and monitor to know if
they=92re being exceeded.
- Limit signal strength to contain your network.
- Make a list of all authorized wireless Access Points (APs) in your
environment. Knowing what=92s there can help you
immediately identify rogue APs.
Intrusion Detection Strategies
-----------------------------------
- Watch for unauthorized traffic on your network. Odd traffic can be a
warning sign.
- Choose an intrusion detection software that best suits the needs of
your environment. Make sure it supports customizable
and updateable signatures.
- Keep your signature files current.Whether modifying them yourself,
or downloading updates from the manufacturer, make sure
this step isn=92t forgotten.
Conducting Vulnerability Assessments
-------------------------------------------
- Use tools like NetStumbler and various client software to measure
the strength of your 802.11b signal.
- Identify weaknesses in your wireless and wired security
infrastructure.
- Use the findings to know where to fortify your defenses.
- Increase monitoring of potential trouble spots.
Incident Response and Handling
--------------------------------------
- If you already have a standard incident response policy, make
updates to it to reflect new potential wireless incidents.
- Great incident response policy templates can be found on the
Internet.
- While updating the policy for wireless activity, take the
opportunity to review the policy in its entirety, and make
changes where necessary to stay current. An out-of-date incident
response policy can be as damaging as not having one at all.
Conducting Site Surveys for Rogue Access Points
-------------------------------------------------------
- The threat is real, so be prepared. Have a notebook computer handy
to use specifically for scanning networks.
- Conduct walkthroughs of your premises regularly, even if you don=92t
have a wireless network.
- Keep a list of all authorized APs. Remember, Rogue APs aren=92t
necessarily only placed by attackers.A well-meaning employee
can install APs as well.
--- Thank You ---
James Conack
http://www.centronet.uni.cc
|
| Similar Threads | Posted | | Intrusion *Prevention* on Cisco (IPS) | December 28, 2004, 9:55 pm |
| How to track down who's on what port on an IOS 6509? | February 5, 2005, 8:22 am |
| Intrusion Detection System | January 13, 2006, 12:26 pm |
| Newbie problem - How to track Bandwidth hog? | May 31, 2006, 2:46 pm |
| PIX NAT/PAT IP locks up, but static conduits continue - How to track bad pc? | September 10, 2007, 9:45 pm |
| PIX/Nokia Solutions | January 28, 2005, 12:58 pm |
| Adsl redundant solutions | December 23, 2004, 2:12 pm |
| VPN Client on WinXP 64 bit - Any Solutions? | April 18, 2006, 10:22 am |
| isakmp per info not found, some solutions | March 2, 2005, 8:45 am |
| Any one have Ebook about "Cisco Frame Relay Solutions" | November 30, 2005, 12:31 am |
|
|
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map