Wireless network security testing
All security administrators have 802.11-based wireless
in their environments, right? Actually, many Windows administrators
would be inclined to answer "no" or "in limited areas" to this
question, which seems reasonable with all the "no wireless" and
"limited wireless" policies I've seen lately. Policies or no policies, though, the truth is that most organizations have more wireless systems -- especially more unsecured
wireless systems -- running than they ever bargained for. There is
planned wireless connectivity in training rooms, reception areas, and
satellite offices as well as unplanned/rogue wireless in the form of
Windows laptops running in ad-hoc mode and an access point set up by an
employee for the sake of convenience. Or, there could be a malicious
attacker running an "evil twin" access point to lure wireless users
into his den of iniquity.
Whether or not you officially support wireless networks,
various wireless security testing measures need to be on your security
review checklist. Not doing so seems awfully risky given that most new
computer systems have wireless built right in. This need for testing
for wireless issues stands true even if you think your local airwaves
are clear of network protocols or you only have one access point tucked
away where nobody can get to it. Even if you do support wireless and you think it's
secure, unless you're running a wireless IDS or IPS system, it's likely
you have vulnerabilities that a malicious external attacker or a rogue
insider could exploit. Here's what you can do about it.
|