Scope/Results of Wireless Assessment

The following information should ideally be obtained/enumerated when carrying out your wireless assessment. All this information is needed to give the tester, (and hence, the customer), a clear and concise picture of the network you are assessing. A brief overview of the network during a pre-site meeting at which the customer should allow you to estimate the time line required to carry out the assessment out.

• Site Map
• RF Map

Lines of Sight
Signal Coverage

• Standard Antenna
• Directional Antenna
• Physical Map

Triangulate APs
Satelite Imagery

• Network Map
• MAC Filter

Authorised MAC Addresses
Reaction to Spoofed MAC Addresses

• Encryption Keys utilised

WEP

Key Length
Crack Time
Key

WPA/PSK

• TKIP

Temporal Key Integrity Protocol, (TKIP), is an encryption protocol desgined to replace WEP
Key
Attack Time

• AES

Advanced Encryption Standard (AES) is an encryption algorithm utilised for securing sensitive data.
Key
Attack Time

802.1x

Derivative of 802.1x in use

• Access Points

ESSID
Extended Service Set Identifier, (ESSID). Utilised on wireless networks with an access point
Broadcast ESSIDs

BSSIDs
Basic service set identifier, (BSSID), utilised on ad-hoc wireless networks.
Vendor
Channel
Associations
Rogue AP Activity

• Wireless Clients

MAC Addresses
Vendor
Operating System Details
Adhoc Mode
Associations

Intercepted Traffic
Encrypted
Clear Text

There are a few different procedures you can perform to temporarily fix problems with WEP.

• Use longer WEP encryption keys, which makes the data analysis task more difficult. If your WLAN equipment supports 128-bit WEP keys, use it and don't accept anything less.
• Change your WEP keys frequently. There are devices that support "dynamic WEP" which is off the standard but allows different WEP keys to be assigned to each user. Increasing the number of WEP keys in use increases the difficulty a hacker with encounter in cracking it. Since dynamic WEP is non-standard, implementations from different vendors are usually inoperable; stick with one manufacturer.
• Place APs only on their own firewalled interface. Locate all access points outside your internal LAN, on a separate firewall interface on the firewall server/device.
• Use a VPN for any protocol, including WEP, that may include sensitive information.
• Implement a different technique for encrypting traffic, such as IPSec over wireless. To do this, you will probably need to install IPsec software on each wireless client, install an IPSec server in your wired network, and use a VLAN to the access points to the IPSec server. (Obviously, this is not an inexpensive proposition.) Using this method, WLAN users establish an IPSec tunnel to the IPSec server, thereby encrypting all wireless traffic through this tunnel. IPSec clients and servers are available from a number of vendors; there's even an open source implementation.
• There's also the option of upgrading firmware on your network devices.