NETW 05A: APPLIED WIRELESS SECURITY Functional Policy: Monitoring - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

NETW 05A: APPLIED WIRELESS SECURITY Functional Policy: Monitoring

Description:

This work is supported by the National Science Foundation under Grant Number DUE ... NETW 05A: APPLIED WIRELESS SECURITY. Functional Policy: Monitoring & Response ... – PowerPoint PPT presentation

Number of Views:80
Avg rating:3.0/5.0
Slides: 16
Provided by: bcc66
Category:

less

Transcript and Presenter's Notes

Title: NETW 05A: APPLIED WIRELESS SECURITY Functional Policy: Monitoring


1
NETW 05A APPLIED WIRELESS SECURITY Functional
Policy Monitoring Response
  • By Mohammad Shanehsaz
  • Spring 2005

2
Objectives
  • Security management
  • Explain the necessary criteria for regular
    wireless LAN security reporting and documentation
  • Implement and conduct timely and consistent
    reporting procedures
  • Implement maintain wireless LAN security
    checklist

3
Objectives
  • Explain how to identify and prevent social
    engineering
  • Educate staff and security personnel
  • Implementation and enforcement of corporate
    policy regarding social engineering
  • Security marketing and propaganda campaigns to
    heighten awareness

4
This lecture covers
  • Physical Security
  • Social Engineering
  • Reporting
  • Response Procedures

5
Physical Security
  • Physical security begins with allowing only
    authorized personnel into and out of the
    organizations premises, by implementing security
    and educating staff about the risks prevent
  • placement of Rogue access points and Ad Hoc
    networks on the wired network, and
  • data flooding.
  • RF jamming is more difficult to prevent, detect,
    or block, but it can be done by putting up high
    fences that block RF transmissions around
    facility, or using mesh substances in the wall

6
Physical Security
  • Security policy must include documentation on
    physical security,
  • procedures for authorizing visitors or
    technicians who show up to repair and upgrade
    systems,
  • how rogues will be found,
  • how often the area will be scanned and
  • what to do when rogues are found

7
Social Engineering
  • By training employees and help desk staff we can
    raise their awareness to recognize and prevent
    social engineering.
  • Social engineering attacks come in many forms
    such as
  • Dumpster diving - searching through the trash
  • Phone calls - attackers try to locate willing and
    helpful people from whom to obtain information
    such as usernames and password
  • Email and IM (instant messaging ) - a social
    engineer gathers a phone directory and
    information on the standard naming conventions
    for IM, and then masquerades as a legitimate
    employee

8
Social Engineering Prevention
  • Some of the procedures support and administrative
    personnel should adhere to are
  • Positively identify the person that is calling or
    requesting help
  • Use established, secure channels for passing
    security information
  • Report suspicious activity or phone calls
  • Establish procedures that eliminate password
    exchanges
  • Shred company documents before throwing them in
    the trash

9
Social Engineering Prevention
  • A well-educated employee is the best defense
    against social engineering attempts, they must
    become familiar with what types of attacks may
    occur, what to look for, and how to respond to
    incident
  • An organizations security policy should dictate
    proper response procedures for social engineering
    threat

10
Social Engineering Audits
  • To reduce the threat of social engineering have
    defenses tested for weaknesses by penetration
    tests, including social engineering attacks
    against organizational staff, performed by
    security professionals

11
Reporting
  • Reports that are generated as part of security
    monitoring procedures can provide valuable
    information on how the network is being utilized
    as well as where attacks are occurring.
  • A proper reporting policy will include
    information on who is accountable for generating
    the reports and who is responsible for reading
    the reports in a timely manner
  • Training should also be required for the
    reviewers
  • System logs and IDS logs can be used to detect
    anomalies and attacks on a network
  • Traffic baselining of data flow establishes which
    users or devices are utilizing the most WLAN
    bandwidth

12
Response Procedures
  • Response procedures endeavor to detect and
    properly react to intrusions
  • A security policy should define the steps to take
    after an intrusion has been recognized, to
    prevent the attack from occurring again

13
Recommended steps for response procedures
  • Positive identification
  • Administrator must be properly trained to
    distinguish between an attack and false positives
  • Confirmed attack
  • After an attack has taken place, damage must be
    assessed and confirmed, and appropriate managers
    should be notified

14
Recommended steps for response procedures
  • Immediate action
  • If an attack has taken place follow the
    documented security policy to implement the
    appropriate procedures for each type of attack
    scenario
  • Documentation
  • Document all attack findings in a standard form
    generated by the organization and add to the
    security policy
  • Reporting
  • Notify the appropriate authorities, Corporate
    legal counsel, police and even IT forensics
    experts

15
Resources
  • CWSP certified wireless security professional,
    from McGraw-Hill
Write a Comment
User Comments (0)
About PowerShow.com