Wireless Network Security Position Paper. Overview for CEO s

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Wireless Network Security Position Paper. Overview for CEO s"

Transcription

1 Wireless Network Security Position Paper Overview for CEO s VERSION 1.1 December 2007

2 Acknowledgement This document was written with the assistance of the Department of the Premier and Cabinet.

3 Table of Contents 1. Purpose and Scope Position Statement Introduction What are the Risks? What Should be Done? Be aware of the technical and security implications Carefully plan the deployment of any wireless technology Recommendations...9 Recommendation 1 Develop a Strategy...9 Recommendation 2 Develop a Business Case...9 Recommendation 3 Develop Policies and Ensure Compliance...9 Recommendation 4 Monitor for Wireless Devices...10 Recommendation 5 Use only Best Practice WLAN Mode Conclusion...11 Department of Finance 3

4 1. Purpose and Scope The purposes of this paper are to raise awareness of security risks posed by wireless computer networks, and to provide some high-level guidance for establishing secure wireless networks. This paper targets security for Wireless Local Area Networks (WLANs) using the standard typically used to install WLANs in Western Australian Government agencies (IEEE ). Other wireless technologies and external networks, such as public Internet access points ( hot spots ) are outside the scope of this paper. A Wireless Network Security Position Paper - Technical has also been developed to provide more detailed guidance on the management, operational and technical issues and recommendations for the secure deployment of wireless local area networks to agencies management and technical staff. This paper and the Wireless Network Security Position Paper Technical have been developed in response to the Auditor General's Second Public Sector Performance Report 2007, Report 3 April Department of Finance 4

5 2. Position Statement Key findings of the Auditor General's Second Public Sector Performance Report 2007, Report 3 April 2007 show serious weaknesses at the strategic, policy and operational levels in almost all agencies audited that had deployed wireless networks. Premier s Circular 2004/09 (Computer Information and Internet Security) noted that on 20 January 2003, Cabinet directed that the Chief Executive Officer of each agency is responsible for ensuring their agency implements an appropriate level of information and Internet security. In light of the Auditor General s findings, agencies should consider and implement the recommendations laid out in this paper for new and existing wireless networks. Department of Finance 5

6 3. Introduction Wireless communications offer agencies and users many benefits, such as portability, flexibility, increased productivity, and lower installation costs. Wireless technologies cover a broad range of differing capabilities oriented toward different uses and needs. Wireless local area network (WLAN) devices, for instance, allow users to move their laptops from place to place within their offices without the need for wires and without losing network connectivity. Less wiring means greater flexibility, increased efficiency and reduced wiring costs. However, risks are inherent in any wireless technology. Some of these risks are similar to those of wired networks; some are exacerbated by wireless connectivity; some are new. Perhaps the most significant source of risks in wireless networks is that the technology s underlying communication medium, the airwave, is open to intruders, making it the equivalent of installing a wired network connection outside your building that anyone can access. Despite the additional security risks to networks, the use of wireless devices and WLANs is growing rapidly. In fact, many devices today such as laptops are now wireless enabled by default. Department of Finance 6

7 4. What are the Risks? The loss of confidentiality and integrity and the threat of denial of service attacks are risks typically associated with wireless communications. Unauthorised users may easily gain access to an agency s systems and information, corrupt data, consume network bandwidth, degrade network performance, launch attacks that prevent authorised users from accessing the network, or use the agency s resources to launch attacks on other networks. A particular danger with wireless technologies highlighted by the Auditor General is that they can be easily procured and installed without the knowledge of management. As well, laptops connected to the wired network with the wireless card enabled pose an ongoing risk to agencies networks. Department of Finance 7

8 5. What Should be Done? 5.1 Be aware of the technical and security implications Although wireless technologies offer significant benefits, they also pose unique security challenges over and above those posed by wired networks. The coupling of relative immaturity of the technology with poor legacy security standards, flawed implementations, limited user awareness, and lax security and administrative practices forms an especially challenging combination. In a wireless environment, data is broadcast through the air. There are no physical controls over the boundaries of transmissions or the ability to use the physical security controls typically available with wired connections. As a result, data may be captured beyond the physical location that the wireless network was intended to serve. Because of differences in building construction, wireless frequencies and attenuation, and the capabilities of high-gain antennas, the distances necessary for positive control for wireless technologies to prevent eavesdropping can vary considerably. 5.2 Carefully plan the deployment of any wireless technology To be effective, WLAN security should be incorporated throughout the life cycle of all WLAN solutions, involving everything from strategy and policy, through to procurement, operations and disposal. Department of Finance 8

9 6. Recommendations Implementing the recommendations presented in this paper for a new or existing WLAN will ensure that accepted wireless networking best practice is met, and will provide reasonable assurance that an agency is protected against most currently known WLAN security threats. Recommendation 1 Develop a Strategy Agencies wishing to deploy wireless devices must be able to provide an overall documented vision for how the WLAN would support their business mission, creating a high-level strategy for the WLAN s implementation. Recommendation 2 Develop a Business Case In light of the security issues, any deployment of wireless technology on an agency's computing network must be subject to usual risk management processes and underpinned by a sound business case as to why this technology should be used. Recognising and documenting the benefits, costs and risks in a business case is something that can be done relatively easily and does not require voluminous documentation. A business case should specify business and functional requirements for a WLAN solution. A business case for a WLAN is strengthened if it can link to an overall WLAN strategy. Recommendation 3 Develop Policies and Ensure Compliance The cornerstone of an effective WLAN security strategy involves documenting, deploying and enforcing WLAN security policies and practices. A security policy, and compliance therewith, is the foundation on which other operational and technical countermeasures are rationalised and implemented. Department of Finance 9

10 Recommendation 4 Monitor for Wireless Devices All agencies should develop, and exercise, the capability to monitor for rogue wireless networks. Even agencies that do not believe they have any wireless devices on their network should have the capability to detect any rogue wireless devices that may have been installed without the knowledge or authority of the persons responsible for such matters. Creating a wireless access point or intercepting wireless signals can be done simply and cheaply and must therefore be monitored. As well, laptops connected to the wired network with the wireless card enabled pose an ongoing risk to agencies networks and should be monitored for by wireless or wired network detection capabilities. Agencies with WLANs installed should also periodically review security arrangements such as the strength of transmission signals and co-channel interference from other wireless networks in the vicinity. Recommendation 5 Use only Best Practice WLAN Mode An IEEE802.11i RSN using AES-CCMP with IEEE 802.1X and EAP-TLS authentication should be the only mode used for any government WLANs. The technical details of this mode are detailed in the Wireless Network Security Position Paper Technical. At the time of writing, this is consistent with the mode required for the transmission of classified information (below Top Secret) in Commonwealth Government agencies that are bound by the security specifications set out in the Defence Signals Directorate Australian Government Information Security Manual (ISM). Whilst State Government agencies are not bound by the ISM it is regarded as best practice to follow the security instructions from this manual. Department of Finance 10

11 7. Conclusion The deployment of insecure wireless networks poses new security threats to agencies computer networks and information. The Auditor General has identified serious weaknesses at the strategic, policy and operational levels in almost all agencies audited that had deployed wireless networks. The Chief Executive Officer of each agency is responsible for ensuring their agency implements an appropriate level of information and Internet security. To this end, agencies should consider and implement the recommendations above. More detailed and technical information is available in the Wireless Network Security Position Paper Technical. Any queries on the issues discussed in this paper or general requests for further information can be directed to: Gail Holt, Principal Policy Officer, Department of Finance on Department of Finance 11

12 Optima Centre 16 Parkland Road, Osborne Park WA 6017 Postal Address: Locked Bag 11, Cloisters Square, Perth WA 6850 E: W:

Wireless Network Security Position Paper - Technical

Wireless Network Security Position Paper - Technical Wireless Network Security Position Paper - Technical Management, Operational and Technical Issues and Recommendations for the Secure Deployment of Wireless Local Area Networks VERSION 1.1 December 2007

More information

INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ WWW.LIVINGSTONNJ.ORG ITMC TECH TIP ROB COONCE, MARCH 2008

INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ WWW.LIVINGSTONNJ.ORG ITMC TECH TIP ROB COONCE, MARCH 2008 INFORMATION TECHNOLOGY MANAGEMENT COMMITTEE LIVINGSTON, NJ WWW.LIVINGSTONNJ.ORG What is wireless technology? ITMC TECH TIP ROB COONCE, MARCH 2008 In our world today, this may mean sitting down at a coffee

More information

Wireless Networking Policy September 2009 Newman University College IT Services. Wireless Networking Policy

Wireless Networking Policy September 2009 Newman University College IT Services. Wireless Networking Policy This policy document relates specifically to wireless networking at Newman University and should be read in conjunction with the General Conditions of Use of Computing and Network Facilities. The Wireless

More information

HANDBOOK 8 NETWORK SECURITY Version 1.0

HANDBOOK 8 NETWORK SECURITY Version 1.0 Australian Communications-Electronic Security Instruction 33 (ACSI 33) Point of Contact: Customer Services Team Phone: 02 6265 0197 Email: assist@dsd.gov.au HANDBOOK 8 NETWORK SECURITY Version 1.0 Objectives

More information

1.2 The Policy is maintained and regulated by the University s Information Services department.

1.2 The Policy is maintained and regulated by the University s Information Services department. WIRELESS POLICY 1 INTRODUCTION 1.1 Wireless networking is a fast emerging technology and is set to continue to grow for the foreseeable future. It is recognised that wireless networking could offer benefits

More information

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks. Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted

More information

Security Requirements for Wireless Local Area Networks

Security Requirements for Wireless Local Area Networks Information Technology Security Guidance Security Requirements for Wireless Local Area Networks Overview ITSG-41 March 2013 Foreword The ITSG-41 Security Requirements for Wireless Local Area Networks document

More information

Lecture 24 Wireless Network Security. modified from slides of Lawrie Brown

Lecture 24 Wireless Network Security. modified from slides of Lawrie Brown Lecture 24 Wireless Network Security modified from slides of Lawrie Brown Wireless Security Overview concerns for wireless security are similar to those found in a wired environment security requirements

More information

WIRELESS LOCAL AREA NETWORK (WLAN) IMPLEMENTATION

WIRELESS LOCAL AREA NETWORK (WLAN) IMPLEMENTATION United States Department of Agriculture Marketing and Regulatory Programs Grain Inspection, Packers and Stockyards Administration Directive GIPSA 3140.5 11/30/06 WIRELESS LOCAL AREA NETWORK (WLAN) IMPLEMENTATION

More information

Wireless LANs and Healthcare: Understanding Security to Ensure Compliance with HIPAA

Wireless LANs and Healthcare: Understanding Security to Ensure Compliance with HIPAA : Understanding Security to Ensure Compliance with HIPAA Healthcare is a natural environment for wireless LAN solutions. With a large mobile population of doctors, nurses, physician s assistants and other

More information

The Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard

The Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard The Impact of Wireless LAN Technology on to the PCI Data Security Standard 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Wireless LANs and PCI Retailers today use computers

More information

Notes on Network Security - Introduction

Notes on Network Security - Introduction Notes on Network Security - Introduction Security comes in all shapes and sizes, ranging from problems with software on a computer, to the integrity of messages and emails being sent on the Internet. Network

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 1.0 Date: November 2012 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 CORE REQUIREMENTS...

More information

Industrial Communication. Securing Industrial Wireless

Industrial Communication. Securing Industrial Wireless Industrial Communication Whitepaper Securing Industrial Wireless Contents Introduction... 3 Wireless Applications... 4 Potential Threats... 5 Denial of Service... 5 Eavesdropping... 5 Rogue Access Point...

More information

WIRELESS NETWORKING SECURITY

WIRELESS NETWORKING SECURITY WIRELESS NETWORKING SECURITY Dec 2010 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

Wireless Local Area Networking (WLAN) Security Assessment And Countermeasures

Wireless Local Area Networking (WLAN) Security Assessment And Countermeasures Wireless Local Area Networking (WLAN) Security Assessment And Countermeasures (IEEE 802.11 Wireless Networks) James Burrell Research project submission for the partial fulfillment of the requirements for

More information

Potential Security Vulnerabilities of a Wireless Network. Implementation in a Military Healthcare Environment. Jason Meyer. East Carolina University

Potential Security Vulnerabilities of a Wireless Network. Implementation in a Military Healthcare Environment. Jason Meyer. East Carolina University Potential Security Vulnerabilities of a Wireless Network Implementation in a Military Healthcare Environment Jason Meyer East Carolina University Abstract This paper will look into the regulations governing

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security Objectives Overview of IEEE 802.11 wireless security Define vulnerabilities of Open System Authentication,

More information

INFORMATION & COMMUNICATIONS TECHNOLOGY (ICT) PHYSICAL & ENVIRONMENTAL SECURITY POLICY

INFORMATION & COMMUNICATIONS TECHNOLOGY (ICT) PHYSICAL & ENVIRONMENTAL SECURITY POLICY INFORMATION & COMMUNICATIONS TECHNOLOGY (ICT) PHYSICAL & ENVIRONMENTAL SECURITY POLICY 1. PURPOSE In respect to this policy the term physical and environmental security refers to controls taken to protect

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

Guideline for department and agency implementation of the Information Security Penetration Testing standard SEC/STD/03.

Guideline for department and agency implementation of the Information Security Penetration Testing standard SEC/STD/03. Information Security Penetration testing Guideline Guideline for department and agency implementation of the Information Security Penetration Testing standard SEC/STD/03. Keywords: Information security

More information

DEPARTMENT OF TRAINING AND WORKFORCE DEVELOPMENT

DEPARTMENT OF TRAINING AND WORKFORCE DEVELOPMENT DEPARTMENT OF TRAINING AND WORKFORCE DEVELOPMENT STRATEGIC PLAN 2014-2018 STRATEGIC PLAN 2014-2018 OUR VISION All Western Australians can be part of a skilled workforce to meet the economic and community

More information

Guideline for department and agency implementation of the Information Security Penetration Testing standard SEC/STD/03.

Guideline for department and agency implementation of the Information Security Penetration Testing standard SEC/STD/03. Whole of Victorian Government Guideline Information Security Penetration testing Guideline Guideline for department and agency implementation of the Information Security Penetration Testing standard SEC/STD/03.

More information

Security Analysis on Wireless LAN protocols

Security Analysis on Wireless LAN protocols Security Analysis on Wireless LAN protocols HORI Yoshiaki hori@csce.kyushu-u.ac.jp Kyushu University / ISIT ETRI-ISIT 1st joint seminar 1 Contents ETRI-ISIT 1st joint seminar 2 Wireless LAN and Security

More information

Wireless Intrusion Detection Systems (WIDS)

Wireless Intrusion Detection Systems (WIDS) Systems (WIDS) Dragan Pleskonjic CONWEX Dragan_Pleskonjic@conwex.net dragan@empowerproduction.com Motivation & idea Wireless networks are forecasted to expand rapidly (Wi-Fi IEEE 802.11a/b/g ) WLANs offer

More information

UF IT Risk Assessment Standard

UF IT Risk Assessment Standard UF IT Risk Assessment Standard Authority This standard was enacted by the UF Senior Vice President for Administration and the UF Interim Chief Information Officer on July 10, 2008 [7]. It was approved

More information

Introduction. The steps involved in using this tool

Introduction. The steps involved in using this tool Introduction This tool is designed to cover all the relevant control areas of ISO / IEC 27001:2013. All sorts of organisations and Because it is a general tool, you may find the language challenging at

More information

Security in Wireless Local Area Network

Security in Wireless Local Area Network Fourth LACCEI International Latin American and Caribbean Conference for Engineering and Technology (LACCET 2006) Breaking Frontiers and Barriers in Engineering: Education, Research and Practice 21-23 June

More information

ITL BULLETIN FOR AUGUST 2012

ITL BULLETIN FOR AUGUST 2012 ITL BULLETIN FOR AUGUST 2012 SECURITY OF BLUETOOTH SYSTEMS AND DEVICES: UPDATED GUIDE ISSUED BY THE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST) Shirley Radack, Editor Computer Security Division

More information

Wireless Local Area Network Deployment and Security Practices

Wireless Local Area Network Deployment and Security Practices HIGHLIGHTS AUDIT REPORT Wireless Local Area Network Deployment and April 24, 2014 Report Number HIGHLIGHTS BACKGROUND: The U.S. Postal Service is committed to providing a high quality, secure, and cost-effective

More information

XX-XXX Wireless Local Area Network Guidelines. Date: August 13, 2003 Date Adopted by NITC: Other:

XX-XXX Wireless Local Area Network Guidelines. Date: August 13, 2003 Date Adopted by NITC: Other: Nebraska Information Technology Commission TECHNICAL STANDARDS AND GUIDELINES Wireless Local Area Network Guidelines Category Title Number Security Architecture Wireless Local Area Network Guidelines Applicability

More information

A COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2)

A COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2) A COMPARITIVE ANALYSIS OF WIRELESS SECURITY PROTOCOLS (WEP and WPA2) Vipin Poddar Suresh Gyan Vihar School of Engginering And Technology, Jaipur, Rajasthan. Hitesh Choudhary, Poornima University, Jaipur,

More information

Is your WLAN secure? George Bailey Ivy Tech Community College Information Security

Is your WLAN secure? George Bailey Ivy Tech Community College Information Security Is your WLAN secure? George Bailey Ivy Tech Community College Information Security Topics Overview Availability WLAN standards Best Practices Home/SOHO user Access Control Monitoring Privacy Enterprise

More information

AuditorGeneral. of British Columbia. Wireless Networking Security in Government: Phase 2

AuditorGeneral. of British Columbia. Wireless Networking Security in Government: Phase 2 2 0 0 9 / 2 0 1 0 : R e p o r t 1 0 O F F I C E O F T H E AuditorGeneral of British Columbia Wireless Networking Security in Government: Phase 2 March 2010 Library and Archives Canada Cataloguing in Publication

More information

AUDITOR GENERAL S REPORT. Protection of Critical Infrastructure Control Systems. Report 5 August 2005

AUDITOR GENERAL S REPORT. Protection of Critical Infrastructure Control Systems. Report 5 August 2005 AUDITOR GENERAL S REPORT Protection of Critical Infrastructure Control Systems Report 5 August 2005 Serving the Public Interest Serving the Public Interest THE SPEAKER LEGISLATIVE ASSEMBLY THE PRESIDENT

More information

Wireless Threats To Corporate Security A Presentation for ISACA UK Northern Chapter

Wireless Threats To Corporate Security A Presentation for ISACA UK Northern Chapter Wireless Threats To Corporate Security A Presentation for ISACA UK Northern Chapter Introduction Who are we? Matt Moore, Senior Consultant @ PenTest Ltd. Mark Rowe, Technical Director @ PenTest Ltd. What

More information

WHITE PAPER. Wireless LAN Security for Healthcare and HIPAA Compliance

WHITE PAPER. Wireless LAN Security for Healthcare and HIPAA Compliance WHITE PAPER Wireless LAN Security for Healthcare and HIPAA Compliance Wireless LAN Security for Healthcare and HIPAA Compliance Wireless deployments in healthcare institutions have accelerated as mobility

More information

THE IMPORTANCE OF CRYPTOGRAPHY STANDARD IN WIRELESS LOCAL AREA NETWORKING

THE IMPORTANCE OF CRYPTOGRAPHY STANDARD IN WIRELESS LOCAL AREA NETWORKING International Journal of Electronics and Communication Engineering & Technology (IJECET) Volume 6, Issue 9, Sep 2015, pp. 65-74, Article ID: IJECET_06_09_008 Available online at http://www.iaeme.com/ijecetissues.asp?jtype=ijecet&vtype=6&itype=9

More information

PwC. Outline. The case for wireless networking. Access points and network cards. Introduction: OSI layers and 802 structure

PwC. Outline. The case for wireless networking. Access points and network cards. Introduction: OSI layers and 802 structure PwC Outline Wireless LAN Security: Attacks and Countermeasures 1. Introduction 2. Problems with 802.11 security 3. Attacks on and risks to Wireless Networks 4. Defending wireless networks ISACA Hong Kong

More information

CS 356 Lecture 29 Wireless Security. Spring 2013

CS 356 Lecture 29 Wireless Security. Spring 2013 CS 356 Lecture 29 Wireless Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter

More information

WLAN Security Why Your Firewall, VPN, and IEEE 802.11i Aren t Enough to Protect Your Network

WLAN Security Why Your Firewall, VPN, and IEEE 802.11i Aren t Enough to Protect Your Network WLAN Security Why Your Firewall, VPN, and IEEE 802.11i Aren t Enough to Protect Your Network 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Executive Summary Wireless

More information

THE BCS PROFESSIONAL EXAMINATIONS BCS Level 5 Diploma in IT. October 2009 EXAMINERS' REPORT. Computer Networks

THE BCS PROFESSIONAL EXAMINATIONS BCS Level 5 Diploma in IT. October 2009 EXAMINERS' REPORT. Computer Networks THE BCS PROFESSIONAL EXAMINATIONS BCS Level 5 Diploma in IT October 2009 EXAMINERS' REPORT Computer Networks General Comments The responses to questions were of marginally better quality than April 2009

More information

Table of Contents 1 WLAN Security 1-1

Table of Contents 1 WLAN Security 1-1 Table of Contents 1 WLAN Security 1-1 Overview 1-1 Authentication Modes 1-1 WLAN Data Security 1-2 Client Access Authentication 1-3 WLAN Security Policies 1-5 i 1 WLAN Security Overview WLAN networks feature

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Running Head: WIRELESS DATA NETWORK SECURITY FOR HOSTPITALS

Running Head: WIRELESS DATA NETWORK SECURITY FOR HOSTPITALS Wireless Data Network Security 1 Running Head: WIRELESS DATA NETWORK SECURITY FOR HOSTPITALS Wireless Data Network Security for Hospitals: Various Solutions to Meet HIPAA Requirements. Jody Barnes East

More information

Bluetooth TM Approach

Bluetooth TM Approach Wireless Networks for Hospitals Bluetooth TM Approach This paper discusses the potential of Hospital Wireless networks. Using Bluetooth wireless technology, Hospital networks can provide rapid access to

More information

Security and Risk Analysis of VoIP Networks

Security and Risk Analysis of VoIP Networks Security and Risk Analysis of VoIP Networks S.Feroz and P.S.Dowland Network Research Group, University of Plymouth, United Kingdom e-mail: info@network-research-group.org Abstract This paper address all

More information

Wireless Local Area Network Deployment and Security Practices

Wireless Local Area Network Deployment and Security Practices Wireless Local Area Network Deployment and Security Practices Audit Report Report Number IT-AR-14-005-DR April 24, 2014 Highlights Our objectives were to determine whether the Postal Service has effective

More information

White Paper. Overview of WLAN Security Functions WLAN Access Point. WLAN Security Functions Release 01 06/10. Technical Support

White Paper. Overview of WLAN Security Functions WLAN Access Point. WLAN Security Functions Release 01 06/10. Technical Support White Paper Overview of WLAN Access Point Technical Support HAC.Support@Belden.com The naming of copyrighted trademarks in this manual, even when not specially indicated, should not be taken to mean that

More information

WHITE PAPER: Lessons learned: Making WiFi work in outdoor industrial environments

WHITE PAPER: Lessons learned: Making WiFi work in outdoor industrial environments WHITE PAPER: Lessons learned: Making WiFi work in outdoor industrial environments Summary: As computer technology and applications have extended into industrial operations, the need for robust wireless

More information

A CompuCom Perspective - Wireless LAN Security:

A CompuCom Perspective - Wireless LAN Security: A CompuCom Perspective - Wireless LAN Security: A White Paper Prepared by CompuCom s ConvergeMobile and Security Practices September 2003 Introduction... 2 Benefits of Wireless LANs... 2 Productivity...

More information

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd. Wireless LAN Attacks and Protection Tools (Section 3 contd.) WLAN Attacks Passive Attack unauthorised party gains access to a network and does not modify any resources on the network Active Attack unauthorised

More information

Tutorial: An Overview of Wireless Security

Tutorial: An Overview of Wireless Security Tutorial: An Overview of Wireless Security Jung-Min Jerry Park (jungmin@vt.edu) Dept. of Electrical & Computer Engineering Virginia Tech CESCA Research Day March 2013 Some of the material presented here

More information

Wireless Security and Healthcare Going Beyond IEEE 802.11i to Truly Ensure HIPAA Compliance

Wireless Security and Healthcare Going Beyond IEEE 802.11i to Truly Ensure HIPAA Compliance Going Beyond IEEE 802.11i to Truly Ensure HIPAA Compliance 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Wireless LANs are prevalent in healthcare institutions. The

More information

Cloud Computing and Records Management

Cloud Computing and Records Management GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version

More information

Building the Mobility Security Eco System in the Cloud for Universal Communications Fact Sheet.

Building the Mobility Security Eco System in the Cloud for Universal Communications Fact Sheet. Building the Mobility Security Eco System in the Cloud for Universal Communications Fact Sheet. [Type text] You ve probably heard about the Bring Your Own Device (BYOD) schemes that allow employees to

More information

2.0 RECOMMENDATIONS Members of the Committee are asked to note the information contained within this report.

2.0 RECOMMENDATIONS Members of the Committee are asked to note the information contained within this report. REPORT TO: SCRUTINY COMMITTEE 25 JUNE 2013 REPORT ON: REPORT BY: INTERNAL AUDIT REPORTS CHIEF INTERNAL AUDITOR REPORT NO: 280-2013 1.0 PURPOSE OF REPORT To submit to Members of the Scrutiny Committee a

More information

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Wireless Security All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Portability Tamper-proof devices? Intrusion and interception of poorly

More information

UIIPA - Security Risk Management. June 2015

UIIPA - Security Risk Management. June 2015 UIIPA - Security Risk Management June 2015 1 Introduction Tim Hastings, Chief Information Security Officer State of Utah - Department of Technology Services Tim Hastings has more than 16 years of experience

More information

WHITEPAPER. Wireless LAN Security for Healthcare and HIPAA Compliance

WHITEPAPER. Wireless LAN Security for Healthcare and HIPAA Compliance WHITEPAPER Wireless LAN Security for Healthcare and HIPAA Compliance Wireless LAN Security for Healthcare and HIPAA Compliance Wireless deployments in healthcare institutions have accelerated as mobility

More information

Guideline on Wireless Security

Guideline on Wireless Security CMSGu2012-03 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Wireless Security National Computer Board Mauritius Version

More information

COMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2)

COMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2) COMPARISON OF WIRELESS SECURITY PROTOCOLS (WEP AND WPA2) Disha Baba Banda Singh Bahadur Engineering College Fatehgarh Sahib, Punjab Sukhwinder Sharma Baba Banda Singh Bahadur Engineering College Fatehgarh

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

ICANWK406A Install, configure and test network security

ICANWK406A Install, configure and test network security ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with

More information

Chapter 6: Fundamental Cloud Security

Chapter 6: Fundamental Cloud Security Chapter 6: Fundamental Cloud Security Nora Almezeini MIS Department, CBA, KSU From Cloud Computing by Thomas Erl, Zaigham Mahmood, and Ricardo Puttini(ISBN: 0133387526) Copyright 2013 Arcitura Education,

More information

Running Head: WIRELESS NETWORKING FOR SMALL BUSINESSES. Wireless Networking for Small Businesses. Russell Morgan. East Carolina University

Running Head: WIRELESS NETWORKING FOR SMALL BUSINESSES. Wireless Networking for Small Businesses. Russell Morgan. East Carolina University Wireless Networking for Small Businesses 1 Running Head: WIRELESS NETWORKING FOR SMALL BUSINESSES Wireless Networking for Small Businesses Russell Morgan East Carolina University Wireless Networking for

More information

Closing Wireless Loopholes for PCI Compliance and Security

Closing Wireless Loopholes for PCI Compliance and Security Closing Wireless Loopholes for PCI Compliance and Security Personal information is under attack by hackers, and credit card information is among the most valuable. While enterprises have had years to develop

More information

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006 WIRELESS SECURITY Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Wireless LAN Security Learning Objectives Students should be able

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

The following chart provides the breakdown of exam as to the weight of each section of the exam.

The following chart provides the breakdown of exam as to the weight of each section of the exam. Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those

More information

Link Layer and Network Layer Security for Wireless Networks

Link Layer and Network Layer Security for Wireless Networks Link Layer and Network Layer Security for Wireless Networks Interlink Networks, Inc. May 15, 2003 1 LINK LAYER AND NETWORK LAYER SECURITY FOR WIRELESS NETWORKS... 3 Abstract... 3 1. INTRODUCTION... 3 2.

More information

Wireless in the production plant

Wireless in the production plant ATS MES Excellence Centres Wireless in the production plant For various industries How to avoid trouble when setting up a wireless network ETSI: European Telecommunications Standards Institute (www.etsi.org,

More information

06100 POLICY SECURITY AND INFORMATION ASSURANCE

06100 POLICY SECURITY AND INFORMATION ASSURANCE Version: 5.4 Last Updated: 30/01/14 Review Date: 27/01/17 ECHR Potential Equality Impact Assessment: Low Management of Police Information (MoPI) The Hampshire Constabulary recognises that any information

More information

NXC5500/2500. Application Note. 802.11w Management Frame Protection. ZyXEL NXC Application Notes. Version 4.20 Edition 2, 02/2015

NXC5500/2500. Application Note. 802.11w Management Frame Protection. ZyXEL NXC Application Notes. Version 4.20 Edition 2, 02/2015 NXC5500/2500 Version 4.20 Edition 2, 02/2015 Application Note 802.11w Management Frame Protection Copyright 2015 ZyXEL Communications Corporation 802.11w Management Frame Protection Introduction IEEE 802.11w

More information

BSc (Hons.) Computer Science with Network Security. Examinations for 2011/2012 - Semester 2

BSc (Hons.) Computer Science with Network Security. Examinations for 2011/2012 - Semester 2 BSc (Hons.) Computer Science with Network Security BCNS/09/FT Examinations for 2011/2012 - Semester 2 MODULE: WIRELESS NETWORK SECURITY MODULE CODE: SECU 3105 Duration: 2 Hours 15 Minutes Reading time:

More information

Wireless Network Policy

Wireless Network Policy Wireless Network Policy Purpose Guide the deployment and integrity of wireless networking on the Kettering University campus to ensure reliable, compatible, and secure operation Protect the security of

More information

Enterprise Computing Solutions

Enterprise Computing Solutions Business Intelligence Data Center Cloud Mobility Enterprise Computing Solutions Security Solutions arrow.com Security Solutions Secure the integrity of your systems and data today with the one company

More information

On Ubiquitous Network Security and Anomaly Detection *

On Ubiquitous Network Security and Anomaly Detection * On Ubiquitous Network Security and Anomaly Detection * Colin Van Dyke Çetin K. Koç Electrical & Computer Engineering Oregon State University {vandyke,koc}@ece.orst.edu Abstract As networking trends move

More information

ECC/DEC/(04)08 ELECTRONIC COMMUNICATIONS COMMITTEE

ECC/DEC/(04)08 ELECTRONIC COMMUNICATIONS COMMITTEE ELECTRONIC COMMUNICATIONS COMMITTEE ECC Decision of 09 July 2004 on the harmonised use of the 5 GHz frequency bands for the implementation of Wireless Access Systems including Radio Local Area Networks

More information

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION Security Controls Over Wireless Technology Were Generally in Place; However, Further Actions Can Improve Security September 26, 2011 Reference Number:

More information

Ten Deadly Sins in Wireless Security

Ten Deadly Sins in Wireless Security Ten Deadly Sins in Wireless Security The emergence and popularity of wireless devices and wireless networks has provided a platform for real time communication and collaboration. This emergence has created

More information

FREQUENTLY ASKED QUESTIONS

FREQUENTLY ASKED QUESTIONS FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

Information Security Team

Information Security Team Title Document number Add document Document status number Draft Owner Approver(s) CISO Information Security Team Version Version history Version date 0.01-0.05 Initial drafts of handbook 26 Oct 2015 Preface

More information

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

Neoscope www.neoscopeit.com 888.810.9077

Neoscope www.neoscopeit.com 888.810.9077 Your law firm depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine your practice without IT. Today,

More information

Wireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.

Wireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas. Wireless Security New Standards for 802.11 Encryption and Authentication Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.com National Conference on m-health and EOE Minneapolis, MN Sept 9, 2003 Key

More information

Government of Western Australia Department of Finance Government Procurement. Gateway. Business Case Workbook

Government of Western Australia Department of Finance Government Procurement. Gateway. Business Case Workbook Government of Western Australia Department of Finance Government Procurement Gateway Business Case Workbook ABOUT THIS WORKBOOK This workbook supports Gateway review Business Case. It is the second in

More information

Internal Audit. Final Report. Environment and Regeneration Services & Strategic Finance: Asset Management (Key Control Review) AUDITOR AUDIT MANAGER

Internal Audit. Final Report. Environment and Regeneration Services & Strategic Finance: Asset Management (Key Control Review) AUDITOR AUDIT MANAGER Internal Audit Final Report Environment and Regeneration Services & Strategic Finance: Asset Management (Key Control Review) AUDITOR AUDIT MANAGER May 2014 G:\2013_14 AUDIT\02 Environment & Economy\01

More information

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013

State of Minnesota. Enterprise Security Strategic Plan. Fiscal Years 2009 2013 State of Minnesota Enterprise Security Strategic Plan Fiscal Years 2009 2013 Jointly Prepared By: Office of Enterprise Technology - Enterprise Security Office Members of the Information Security Council

More information

10 Hidden IT Risks That Might Threaten Your Business

10 Hidden IT Risks That Might Threaten Your Business (Plus 1 Fast Way to Find Them) Your business depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine

More information

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,

More information

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3 ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3 TO THE Overview EXHIBIT T to Amendment No. 60 Secure Wireless Network Services are based on the IEEE 802.11 set of standards and meet the Commonwealth of Virginia

More information

Appendix 1c. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY

Appendix 1c. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY Appendix 1c DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY DISTRIBUTION LIST Audit Team Prakash Gohil, Audit Manager Steven Snaith, Risk

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

NSW Government. Wireless services (WiFi) Standard

NSW Government. Wireless services (WiFi) Standard NSW Government Wireless services (WiFi) Standard May 2014 CONTENTS 1. CONTEXT 2 1.1. Background 2 1.2. Purpose 2 1.3. Scope and application 2 2. STANDARDS GOVERNANCE 2 2.1. Standards to support the ICT

More information

MUNICIPAL WIRELESS NETWORK

MUNICIPAL WIRELESS NETWORK MUNICIPAL WIRELESS NETWORK May 2009 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information