WLAN and Mobile Device Auditing Essentials | It Auditing: Using Controls to Protect Information Assets [IT AUDITING -OS N/D]

WLAN and data-enabled mobile device auditing requires an understanding of how the technology is implemented in your organization. WLAN typically is managed by networking teams, whereas data-enabled mobile devices sometimes are jostled back and forth between networking, help desk, e-mail, productivity, and other teams in the organization.

Both WLAN and data-enabled mobile devices require at a conceptual level

Physically wired network gateways
Management software
Clients
Some agreed-on method of communicating wirelessly between the wired network gateway and the wireless clients

For the purpose of our discussion, wired network gateways include those items physically touching our network and acting as the interface or gateway between the wireless world and our organization's network. An audit of the wired network components includes verifying the security of the underlying platform and the settings on that platform. Management software for our purposes includes the software that manages the process enabling our mobile clients to communicate with the network. This may be Cisco's software that manages our access points or Blackberry Enterprise Server's software that manages client access. The management software may or may not run on the gateway component that isolates clients from your physical network. The clients in our case present unique risks to data theft, and we'll explore some very easy and very common methods for mitigating the risk. Finally, the method used to transmit your data wirelessly may be of concern if you are using older protocols or unsecure methods to transmit data. An audit of this transmission may include something as simple as reading up on and verifying the use of secure protocols, or it may include more complex hacking attempts and wardrives.

Understand that this is how we will approach the technical portion of the two audits conceptually. Specific tools and other necessary components are discussed in line with the audit steps.

In addition to the technical component of the audit, there are a number of critical intangibles that affect the ongoing operations of mobile users. These include such things as problem tracking for end-user issues, security policies, wireless system monitoring, and general continuity of operations. Collectively, we'll address these as operational components. Too often ignored, any one of these could undermine the best intentions of your organization to roll out robustly secure and effective mobile solutions.