Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net (http://www.velocityreviews.com/forums/f29-asp-net.html)
-   -   Solutions Fast Track - Monitoring and Intrusion (http://www.velocityreviews.com/forums/t626753-solutions-fast-track-monitoring-and-intrusion.html)

origami.takarana@gmail.com 07-21-2008 02:49 AM

Solutions Fast Track - Monitoring and Intrusion
 
Dear Reader,

Designing for Detection
----------------------------
- Get the right equipment from the start. Make sure all of the

features you need, or will need, are available from the start.

- Know your environment. Identify potential physical barriers and

possible sources of interference.

- If possible, integrate security monitoring and intrusion

detection in your network from its inception.

Defensive Monitoring Considerations
------------------------------------------
- Define your wireless network boundaries, and monitor to know if

theyíre being exceeded.

- Limit signal strength to contain your network.

- Make a list of all authorized wireless Access Points (APs) in

your environment. Knowing whatís there can help you immediately

identify rogue APs.

Intrusion Detection Strategies
-----------------------------------
- Watch for unauthorized traffic on your network. Odd traffic can

be a warning sign.

- Choose an intrusion detection software that best suits the needs

of your environment. Make sure it supports customizable and

updateable signatures.

- Keep your signature files current.Whether modifying them

yourself, or downloading updates from the manufacturer, make sure

this step isnít forgotten.

Conducting Vulnerability Assessments
-------------------------------------------
- Use tools like NetStumbler and various client software to

measure the strength of your 802.11b signal.

- Identify weaknesses in your wireless and wired security

infrastructure.

- Use the findings to know where to fortify your defenses.

- Increase monitoring of potential trouble spots.

Incident Response and Handling
--------------------------------------
- If you already have a standard incident response policy, make

updates to it to reflect new potential wireless incidents.

- Great incident response policy templates can be found on the

Internet.

- While updating the policy for wireless activity, take the

opportunity to review the policy in its entirety, and make changes

where necessary to stay current. An out-of-date incident response

policy can be as damaging as not having one at all.

Conducting Site Surveys for Rogue Access Points
-------------------------------------------------------
- The threat is real, so be prepared. Have a notebook computer

handy to use specifically for scanning networks.

- Conduct walkthroughs of your premises regularly, even if you

donít have a wireless network.

- Keep a list of all authorized APs. Remember, Rogue APs arenít

necessarily only placed by attackers.A well-meaning employee can

install APs as well.

--- Thank You ---

James Conack
http://www.centronet.uni.cc


All times are GMT. The time now is 09:21 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.