IT Auditing. Using Controls to Protect Information Assets
Authors: Davis C. Schiller M. Wheeler K.
 Published year: 2004
 Pages: 100-103/159
Buy this book on amazon.com >>

Additional Considerations

Additional considerations might exist for your environment depending on your size , your geographic reach, and what kind of data exist on your network. Some of these additional considerations might include

  • License management for software tracked by the number of users.

  • Verify that processes exist for international support for diverse or geographically scattered organizations.

  • Categorize the types of data typically stored on corporately managed mobile devices and the level of protection typically required in accordance with your information classification policy.

  • Evaluate the switching and routing infrastructure as it relates to these components .



Tools and Technology

Here is a list of tools discussed in this chapter and others you might find useful:

  • http://www.netstumbler.com

  • http://www.kismetwireless.net

  • Introduction to kismet: http://www.wi-fiplanet.com/tutorials/article.php/3595531

  • BackTrack: http://www.remote-exploit.org/index.php/BackTrack

  • Operator: http://www.ussysadmin.com/operator

  • PHLAK: http://www.public.planetmirror.com/pub/phlak/?fl=p

  • Knoppix-STD: http://www. knoppix-std .org/download.html

  • Wardriving hardware: http://www.wardrivingworld.com

  • Software tools: http://www.wardrive.net/security/tools

  • http://www. paraben -forensics.com



Knowledge Base

Following is a list of URLs and books where readers can find more information. We can't discuss everything, but we can point to other places where others discuss more than a reader could possibly want to know.

  • NIST Special Publication 800-48: Wireless Network Security: http://www.csrc.nist.gov/ publications /nistpubs/800-48/NIST_SP_800-48.pdf

  • http://www.standards.ieee.org/regauth/oui/oui.txt

  • Wireless tutorials: http://www.wi-fiplanet.com/tutorials

  • http://www. paraben -forensics.com/cell_models.html

  • http://www.good.com

  • http://www.blackberry.com



Master Checklists

Auditing Wireless LANs

Checklist for Auditing Wireless LANs

  1. q Ensure that access points are running the latest approved software.

  2. q Evaluate the use and controls around centralized WLAN management.

  3. q Verify that your mobile clients are running protective software.

  4. q Evaluate the security of the chosen authentication method.

  5. q Evaluate the security of the chosen communications method.

  6. q Evaluate the use of security monitoring software and processes.

  7. q Verify that rogue access points are not used on the network.

  8. q Evaluate procedures in place for tracking end- user trouble tickets.

  9. q Ensure that appropriate security policies are in place for your WLAN.

  10. q Evaluate disaster-recovery processes in place to restore wireless access should a disaster happen.

  11. q Evaluate whether effective change-management processes exist.

Auditing Mobile Devices

Checklist for Auditing Mobile Devices

  1. q Ensure that mobile device gateways are running the latest approved software and patches.

  2. q Verify that mobile clients have protective features enabled if they are required by your mobile device security policy.

  3. q Determine the effectiveness of device security controls around protecting data when a hacker has physical access to a device.

  4. q Evaluate the use of security monitoring software and processes.

  5. q Verify that unmanaged devices are not used on the network. Evaluate controls over unmanaged devices.

  6. q Evaluate procedures in place for tracking end-user trouble tickets.

  7. q Ensure that appropriate security policies are in place for your mobile devices.

  8. q Evaluate disaster recovery processes in place to restore mobile device access should a disaster happen.

  9. q Evaluate whether effective change management processes exist.

  10. q Evaluate controls in place to manage the service life cycle of personally owned and company-owned devices and any associated accounts used for the gateway.


IT Auditing. Using Controls to Protect Information Assets
Authors: Davis C. Schiller M. Wheeler K.
 Published year: 2004
 Pages: 100-103/159
Buy this book on amazon.com >>

Similar books