u8.9 802.11b Safeguards

Craig Parker
Mind Map by Craig Parker, updated more than 1 year ago
Craig Parker
Created by Craig Parker over 6 years ago


Masters Degree Network Security Mind Map on u8.9 802.11b Safeguards, created by Craig Parker on 02/23/2014.

Resource summary

u8.9 802.11b Safeguards
1 Treat Wireless as an untrusted NW
1.1 Firewall between wireless LAN and internal network
1.2 Intrusion detection at wireless LAN/internal network junction
1.3 Vulnerability assessments of wireless access points and other wireless infrastructure
1.4 VPN from wireless station into internal network, providing end-to-end encryption across the untrusted wireless network into the trusted network. However, consider whether the VPN can handle the changes when a station roams from one access point to another.
2 Security Policy & Architecture
2.1 define a policy for how wireless networks are to be used
2.1.1 specify what is allowed and what is not allowed What services, devices, protocols or departments can use the Wirelss LAN
3 Discover unauthorised use
3.1 search regularly in the following ways for unauthorised access points or wireless LAN cards.
3.1.1 Port Scanning Searching for unknown SNMP agents, web or Telnet interfaces that might indicate that an access point is present on the network
3.1.2 MAC Address sniffing Searching for MAC addresses that lie within known MAC ranges for access point and WLAN NIC manufacturers.
3.1.3 Warwalking Manual Scanning be aware you will detect signals that are not in your building
4 Access point audits
4.1 Standard configuration
4.2 Passwords should be strong and community strings should be correctly set.
4.3 Unnecessary administration interfaces should be shut down, and the remaining administration interfaces should use secure protocols to prevent administrator passwords being intercepted.
4.4 Access control lists on firewalls and routers should be used to ensure only administrators have access to the access point administration interfaces.
4.5 WEP keys should be strong (not generated from alphanumeric pass phrases) & should be secret. Backups of access point configurations should not store the WEP keys.
4.6 Stop transmitting SSID
5 Station Protection
5.1 Stations should have personal firewalls, IDS, AV
5.2 Standardises configs for stations.
5.3 Check stations regularly for config standards
6 Location of AP's
6.1 spread of the wireless radio signal outside the building should also be considered, to try to limit the possibility of the wireless signal being intercepted.
6.2 If access points have omni-directional antennae, they should be located in the centre of a building and not located by windows or on external walls.
6.3 The line of sight from the location of the access point to the outside should be limited.
6.4 Transmission strength should be turned down from the default maximum to limit the spread of the signal outside the building,
7 MAC Address locking
7.1 Use MAC address ACL's to allow only devices with MAC's in the ACL to connect to an AP
7.1.1 MAC's are spoofable so this is only good for low risk environments
Show full summary Hide full summary


CCNA Security 210-260 IINS - Exam 1
Mike M
CCNA Security 210-260 IINS - Exam 2
Mike M
SY0-401 Part 1 (50 questions)
CCNA Security 210-260 IINS - Exam 1
Ricardo Nuñez
CCNA Security 210-260 IINS - Exam 3
irvin pastora
1.3 Network and Security Components
DJ Perrone
Types of Attacks
River L.
CCNA Security 210-260 IINS - Exam 1
irvin pastora
U1. OSI 7 Layer Reference Model
Craig Parker
CCNA Security 210-260 IINS - Exam 2
irvin pastora
U1. Services and Layering Principles
Craig Parker