Solutions Fast Track - Monitoring and Intrusion

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Dear Reader,

Designing for Detection
- Get the right equipment from the start. Make sure all of the
features you need, or will need, are available from the start.

- Know your environment. Identify potential physical barriers and
possible sources of interference.

- If possible, integrate security monitoring and intrusion detection
in your network from its inception.

Defensive Monitoring Considerations
- Define your wireless network boundaries, and monitor to know if
they=92re being exceeded.

- Limit signal strength to contain your network.

- Make a list of all authorized wireless Access Points (APs) in your
environment. Knowing what=92s there can help you

immediately identify rogue APs.

Intrusion Detection Strategies
- Watch for unauthorized traffic on your network. Odd traffic can be a
warning sign.

- Choose an intrusion detection software that best suits the needs of
your environment. Make sure it supports customizable

and updateable signatures.

- Keep your signature files current.Whether modifying them yourself,
or downloading updates from the manufacturer, make sure

this step isn=92t forgotten.

Conducting Vulnerability Assessments
- Use tools like NetStumbler and various client software to measure
the strength of your 802.11b signal.

- Identify weaknesses in your wireless and wired security

- Use the findings to know where to fortify your defenses.

- Increase monitoring of potential trouble spots.

Incident Response and Handling
- If you already have a standard incident response policy, make
updates to it to reflect new potential wireless incidents.

- Great incident response policy templates can be found on the

- While updating the policy for wireless activity, take the
opportunity to review the policy in its entirety, and make

changes where necessary to stay current. An out-of-date incident
response policy can be as damaging as not having one at all.

Conducting Site Surveys for Rogue Access Points
- The threat is real, so be prepared. Have a notebook computer handy
to use specifically for scanning networks.

- Conduct walkthroughs of your premises regularly, even if you don=92t
have a wireless network.

- Keep a list of all authorized APs. Remember, Rogue APs aren=92t
necessarily only placed by attackers.A well-meaning employee

can install APs as well.

--- Thank You ---

James Conack

Site Timeline