Physically locate rogue wireless devices within AOR
• Identify rogue devices with wireless discovery device • Physically locate rogue devices • Verify authorization for device or disable • Document wireless device information for rogue devices located outside AOR • Document and report wireless device information for rogue devices located within AOR through approved reporting channels • Track visit request to coordinate/prevent wireless enabled devices from entering/leaving AOR
Review Wireless Access Point audit logs
• Identify and research system warning and error messages • Identify and research failed access attempts • Identify and research communication problems • Track/monitor performance and activity
Review Wireless IDS audit logs
• Research generated alerts • Identify and research system warning and error messages • Identify and research failed access attempts • Identify and research communication problems • Track/monitor performance and activity
• Identify and research failed logon attempts • Identify and research system warning and error messages • Track/monitor performance and activity
Virus scan devices that are part of the wireless infrastructure
• Use approved virus scanner to scan wireless devices (where appropriate)
Weekly Tasks
Wireless device configuration management
• Check vendor sites for patch and firmware updates • Update Wireless IDS signature files • Update Anti-Virus signature files • Monitor security news sources for wireless security related information • Compare wireless network device configuration files against a baseline for changes • Check for Unnecessary Services
Archive Audit logs
• Archive audit logs to a media/device with one-year retention
Monitor wireless device performance
• Verify wireless encryption/authentication devices (RADIUS, IPSEC service, etc) for proper performance and activity • Run hardware integrity diagnostics on wireless network devices • Synchronize clock/time on wireless devices
Perform/verify weekly backup
• Run and verify that a successful backup of wireless network devices has been completed
Monthly Tasks
Perform Self-Assessment Security and Policy Review
• Use Wireless Checklist to perform Self-Assessment Security Review • Use Network Checklist to perform Self-Assessment Security Review • Ensure wireless infrastructure complies with site Wireless Policy • Develop plan to implement remediation actions to mitigate deviations • Implement corrective actions to mitigate deviations • Run an approved Vulnerability scanner (SCCVI)
Wireless device configuration management
• Compare device configuration with documented secure baseline • Verify physical location of wireless devices • Verify physical integrity of wireless devices (have devices been modified or opened) • Verify equipment has not been replaced or moved • Verify antenna location, position, and direction
Verify wireless client security configuration
• Spot check the configuration on a sample of wireless client devices (25% of wireless devices) • Identify wireless profiles that indicate wireless client is accessing unauthorized wireless networks
Quarterly Tasks
Wireless device configuration management
• Change administrator/management passwords on wireless network devices • Change Pre-Shared Key (PSK) on all appropriate devices
Test backup/restore procedures
• Restore backup files to a test system to verify procedures and files are usable
Wireless signal strength mapping
• Use mobile device to identify/document signal coverage of wireless network devices • Use mobile device to identify/document residential/commercial wireless devices that are visible during site surveys
Annual Tasks
Review and update site policies and training
• Ensure site Acceptable Use Policy addresses current Wireless Security Policy • Ensure personnel Annual Security Awareness Training addresses current site Wireless Security Policy • Ensure site Certification and Accreditation documents reflect the current wireless infrastructure • Ensure wireless users are informed about increased level of threat associated with wireless usage • Ensure wireless users receive additional training related to wireless attack detection and prevention
Initial
Tasks as Required
Wireless device configuration management
• Delete clients from the MAC address filtering list and access control list that no longer require wireless network access • Install vendor security patches • Update VMS for IAVMs • Update wireless device firmware • Schedule downtime for system/device reboots • Change all default passwords on new equipment
Wireless user account management
• Maintain list of authorized wireless users • Verify list of authorized wireless users still require wireless access • Verify User Account Configuration • Remove access from users that are no longer authorized for wireless access • Ensure new wireless users have signed a site Wireless Usage Agreement
Authorized wireless device tracking
• Maintain list of authorized wireless devices • Remove devices that are no longer approved for wireless access
After administrator personnel departure
• Change encryption keys on all wireless network devices • Change administrator passwords • Change passwords on wireless network devices • Remove departing administrator’s wireless access
INFOCON Status requirement changes
• Adjust wireless security review/configuration to reflect current INFOCON requirements
After system configuration changes
• Verify changes accomplish the desired objectives • Create Emergency System Recovery Data • Create new system configuration baseline • Document System Configuration Changes • Review and update SSAA • Update VMS for Asset Changes • Run and verify that a successful backup of the device has been performed • Note the locations of wireless routers, APs, repeaters, dependent security devices, and antenna on installation maps and floor plans • Use mobile device to identify/document signal coverage of wireless network devices (same process as Monthly Task)
After security incident involving wireless infrastructure