4.1.3 Wireless Devices & Site Surveys
Wireless security involves the deployment of physical site assessments and robust management policies to protect mobile devices and network infrastructure from unauthorized access.
Wireless Site Surveys and Analysis To ensure a secure and efficient wireless perimeter, administrators must conduct physical and logical assessments of the environment. - Site Survey: The process of planning and designing a wireless network, often involving a Heat Map to visualize signal strength and identify dead zones or leakage outside the building. - Wireless Survey/Stumbling: Using tools (like Wi-Fi analyzers) to detect nearby access points, security protocols (WPA3 vs. WPA2), and channel interference. - Indicators of Compromise (IoC): Artifacts left by attackers on a wireless network, such as unexpected spikes in outbound traffic, unauthorized Rogue Access Points, or strange changes in system file permissions.
Mobile Device Deployment Models Organizations must choose a management strategy that balances user privacy with data protection. - BYOD (Bring Your Own Device): Users use personal devices for work. This increases the risk of data loss and privacy concerns for the individual but reduces hardware costs. - MDM (Mobile Device Management): Software that centrally manages devices, allowing the organization to enforce encryption, lock devices, and perform Remote Wipes if a device is stolen. - Risk Mitigation: Users must be trained on the responsibilities of carrying work data on personal hardware and accept that MDM software grants the organization some level of control over their device.
Securing the Wireless Environment Securing 802.11 networks requires more than just passwords; it requires a layered defense. - Cryptographic Protocols: Modern networks should prioritize WPA3 over older, vulnerable protocols like WEP or WPA to ensure confidentiality. - NIDS/NIPS: Network-based Intrusion Detection and Prevention systems monitor wireless traffic for malicious patterns, providing a way to detect attacks in real-time. - EDR (Endpoint Detection and Response): Monitoring individual mobile devices and workstations for suspicious behavior that might bypass network-level defenses.
Security Training and Awareness Technical controls are ineffective without human cooperation, requiring diverse training techniques to combat "training fatigue." - Gamification: Turning security education into a competition with points, badges, and leaderboards to keep users engaged. - Capture the Flag (CTF): An instructional method where personnel practice offensive and defensive skills (like SQL injection or XSS) in a controlled, safe environment. - CBT (Computer-Based Training): Using videos and interactive modules to replace static memos and boring presentations.
Quick Recall - MDM: Essential for managing BYOD risks and performing remote wipes. - Heat Map: Used during a site survey to identify signal leakage. - IoC: Artifacts like high network latency or malware signatures that indicate a breach. - WPA3: The current standard for 802.11 wireless security. - Gamification: Used to increase engagement in ongoing security awareness training.