United States Trustee Program s Wireless LAN Security Checklist



Similar documents
XX-XXX Wireless Local Area Network Guidelines. Date: August 13, 2003 Date Adopted by NITC: Other:

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

Particularities of security design for wireless networks in small and medium business (SMB)

Payment Card Industry Self-Assessment Questionnaire

Network Security Guidelines. e-governance

SonicWALL PCI 1.1 Implementation Guide

Securing your Linksys Wireless Router BEFW11S4 Abstract

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Developing Network Security Strategies

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Wireless Security Overview. Ann Geyer Partner, Tunitas Group Chair, Mobile Healthcare Alliance

Catapult PCI Compliance

9 Simple steps to secure your Wi-Fi Network.

Configure WorkGroup Bridge on the WAP131 Access Point

WIRELESS NETWORKING SECURITY

MUNICIPAL WIRELESS NETWORK

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:

Network Security Administrator

WiFi Security Assessments

Recommended Wireless Local Area Network Architecture

74% 96 Action Items. Compliance

PwC. Outline. The case for wireless networking. Access points and network cards. Introduction: OSI layers and 802 structure

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

Access Point Configuration

Did you know your security solution can help with PCI compliance too?

Chapter 3 Safeguarding Your Network

ADM:49 DPS POLICY MANUAL Page 1 of 5

LogRhythm and PCI Compliance

Configuring Security Solutions

Topics in Network Security

Ebonyi State University Abakaliki 2 Department of Computer Science. Our Saviour Institute of Science and Technology 3 Department of Computer Science

Security Awareness. Wireless Network Security

Chapter 2 Configuring Your Wireless Network and Security Settings

CH ENSA EC-Council Network Security Administrator Detailed Course Outline

Name: Position held: Company Name: Is your organisation ISO27001 accredited:

ADDENDUM 12 TO APPENDIX 8 TO SCHEDULE 3.3

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

TABLE OF CONTENTS. Compensating Controls Worksheet ReymannGroup, Inc. PCI DSS SAQ Tool Version 2009 Page 1 of 51

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

THE 123 OF WIRELESS SECURITY AT HOME 家 居 WIFI 保 安 123

MN-700 Base Station Configuration Guide

How To Protect A Wireless Lan From A Rogue Access Point

PCI v2.0 Compliance for Wireless LAN

How To Protect Data From Attack On A Network From A Hacker (Cybersecurity)

Cisco Unified Wireless Network Solution Positioning for the New PCI DSS Wireless Guideline

The next generation of knowledge and expertise Wireless Security Basics

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Visa U.S.A Cardholder Information Security Program (CISP) Payment Application Best Practices

PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com

Achieving PCI-Compliance through Cyberoam

Best Practices For Department Server and Enterprise System Checklist

PCI DSS Requirements - Security Controls and Processes

HP RF Manager Release

Securing your Linksys WRT54G

Chapter 2 Wireless Settings and Security

Wireless Networks. Welcome to Wireless

Security in Wireless Local Area Network

Best Practices for Outdoor Wireless Security

Security and privacy in public WLAN networks

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

ehealth Ontario EMR Connectivity Guidelines

Security. TestOut Modules

Network Security Best Practices

March

General Information. About This Document. MD RES PCI Data Standard November 14, 2007 Page 1 of 19

Business ebanking Fraud Prevention Best Practices

University of Sunderland Business Assurance PCI Security Policy

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

WiPG Presentation Gateway

paypoint implementation guide

Chapter 1 Configuring Internet Connectivity

SECURING AN INTEGRATED SCADA SYSTEM. Technical Paper April 2007

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

WLAN Authentication and Data Privacy

Sitefinity Security and Best Practices

CMS Operational Policy for Firewall Administration

PCI PA - DSS. Point XSA Implementation Guide. Atos Worldline Banksys XENTA SA. Version 1.00

Industrial Communication. Securing Industrial Wireless

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

General Standards for Payment Card Environments at Miami University

Automation Suite for. 201 CMR Compliance

Secure SCADA Network Technology and Methods

PCI PA - DSS. Point ipos Implementation Guide. Version VeriFone Vx820 using the Point ipos Payment Core

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Setting up a WiFi Network (WLAN)

Unified Access Point Administrator's Guide

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

PCI Wireless Compliance with AirTight WIPS

Are Second Generation Firewalls Good for Industrial Control Systems?

IPv6 SECURITY. May The Government of the Hong Kong Special Administrative Region

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Transcription:

United States Trustee Program s Wireless LAN Security Checklist In support of a standing trustee s proposed implementation of Wireless Access Points (WAP) in ' 341 meeting rooms and courtrooms, the following wireless LAN security checklist must be completed and submitted to the United States Trustee for approval prior to implementation. Completion of this checklist will assist the United States Trustee in determining the strength of the security controls the standing trustee has or will have in place prior to implementation. The checklist reflects guidance provided by the National Institute of Standards and Technology (NIST) on implementing secure WAPs (see NIST Special Publications 800-48, AWireless Network Security, which is available, along with other helpful information, at www.csrc.nist.gov/publications/nistpubs). The checklist consists of two sections. Section one lists the mandatory security requirements, and requires the signature of the standing trustee to attest that they are in place or will be in place immediately upon approval of the WAP by the United States Trustee. Section two lists best practices which, while not required for approval, are strongly recommended. Wireless access connections should be regarded in the same manner as any physical Internet connection and protected accordingly. WAPs should never be connected directly to any United States Trustee Program network. All business communications over a wireless or other un-trusted network, such as the Internet, must use a Virtual Private Network (VPN) solution to encrypt all communications. WAPs must be connected to a firewall that only allows access to a VPN service.

1 Security policy that addresses the use of wireless technology, including IEEE 802.11x technologies. 2 3 Comprehensive security assessments performed at regular and random intervals (including validating that rogue WAPs do not exist in the IEEE 802.11x WLAN) to fully understand the wireless network security posture. Default shared keys replaced every 90 days. 4 Administrator WAP password changed every 90 days or post compromise. 5 Network users trained in the risks associated with wireless technology. 6 Complete inventory of all WAPs and IEEE 802.11x wireless devices conducted. 7 WAPs maintained in secured areas to prevent unauthorized physical access and user manipulation. 8 9 When disposing of WAPs no longer required, WAP configuration settings cleared to prevent disclosure of network configuration, keys, passwords, etc. If the WAP supports logging, logging turned on and logs reviewed on a regular basis. 10 Default SSID* and default IP address changed in the WAPs.

11 SSID* character string validated to establish that it does not reflect the trustee=s name. 12 All insecure and nonessential management protocols on the WAPs disabled. 13 14 All security features of the WLAN product, including the cryptographic authentication and the strongest encryption algorithm available (WPA2 or better), enabled. Encryption in use and the encryption key size at a minimum of 256 bits. 15 All WAPs meet requirements of trustee s internal network security. 16 AAd hoc mode@ for IEEE 802.11 disabled. 17 User authentication mechanisms enabled for the management interfaces of the WAP. 18 MAC filtering enabled and in use. 19 Anti-virus software installed and latest anti-virus definitions maintained on all wireless clients. 20 SSL/TLS used for Web-based management of WAPs. 21 If using SNMP agent, SNMPv3 or equivalent cryptographically protected protocol used to enhance the security of WAP management traffic.

22 Personal firewall software installed on all wireless clients. 23 Software patches and upgrades fully tested and deployed on a regular basis. 24 Security impact of deploying a wireless product fully understood. * SSID B Short for Service Set Identifier, a 32-character unique identifier attached to the header of packets sent over a Wireless LAN (WLAN) that acts as a password when a mobile device tries to connect to the Wireless LAN. The SSID differentiates one LAN from another, so all access points and all devices attempting to connect to a specific Wireless LAN must use the same SSID. A device will not be permitted to join the WLAN unless it can provide the unique SSID. Because an SSID can be sniffed in plain text from a packet it does not supply any security to the network. An SSID is also referred to as a network name because essentially it is a name that identifies a wireless network. I declare that the above information is true and correct to the best of my knowledge and belief. Practices are in place or will be immediately upon activation of wireless devices. Chapter 13 Standing Trustee Date

WIRELESS LAN SECURITY CHECKLIST FOR STANDING TRUSTEES SECTION TWO (RECOMMENDED BEST PRACTICES) Recommended Best Practices Yes No 1 WAPs turned off when not in use (e.g., after hours and on weekends). 2 Broadcast SSID* feature disabled in WAPs. If no, plans to implement? By when? 3 WAP channels at least five channels different from any other nearby wireless networks to prevent interference. 4 Intrusion detection agents deployed on the wireless part of the network to detect suspicious behavior or unauthorized access and activity. 5 Technology deployed to analyze auditing records and logs for suspicious activity. * SSID B Short for Service Set Identifier, a 32-character unique identifier attached to the header of packets sent over a Wireless LAN (WLAN) that acts as a password when a mobile device tries to connect to the Wireless LAN. The SSID differentiates one LAN from another, so all access points and all devices attempting to connect to a specific Wireless LAN must use the same SSID. A device will not be permitted to join the WLAN unless it can provide the unique SSID. Because an SSID can be sniffed in plain text from a packet it does not supply any security to the network. An SSID is also referred to as a network name because essentially it is a name that identifies a wireless network. Submitted by: Chapter 13 Standing Trustee Date

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information