Corporations more and more frequently opt for the introduction of wireless networks as part of their IT infrastructure, which enables employees and guests to make use of company resources and the Internet. Apart from its numerous benefits, the introduction of corporate wireless network poses new challenges concerning information protection within the company. As a result of uncontrolled access to the wireless network outside of the designated area as well as lack of mechanisms ensuring the integration of devices with the company’s IT security systems this kind of networks often becomes a serious security breach within the organization. The easiest and most effective way to examine security of corporate wireless network and, eventually, achieve the acceptable level of safety is to conduct a network audit performed by qualified specialists and to follow the post-audit recommendations.
The aim of wireless network security audits performed by NASK is to provide complete and reliable information concerning the actual security level of the examined infrastructure: to pinpoint protection shortcomings and suggest remedies, The wireless network security audit service includes the following actions:
- wireless network security-centered topology analysis – wireless network topology analysis taking into account standards and good practices connected with information security maintenance,
- examination of wireless network accessibility on and outside of company premises – an indispensable element of every wireless network security audit is a careful examination of network range followed by recording the results on a situation map; this allows for the identification of areas in which the network transgresses the planned limits and is accessible to random persons,
- analysis of the adopted protection measures – this is a crucial examination in the course of the audit, consisting of the analysis of the adopted wireless network protection mechanisms, users rights as well as data transmission security,
- penetration tests – attack simulations basing on discovered vulnerabilities: non-invasive or invasive attempts to break the employed protection measures by means of special tools devised by NASK experts,
- procedural audit – examination of completeness and correctness of procedures relating to wireless network security; this examination can include e.g. analysis of access rights granting procedure or periodical unauthorized access points detection procedure.
The result of audit team’s work is the final report – describing in detail the methods and results of respective examinations and formulating expert recommendations with regard to corrective activities.
Considering the default built-in security level of devices which serve in the construction of wireless networks, we recommend conducting the examinations already at the wireless network project and implementation stages. This allows right from the start for the implementation of cost-optimal security solutions well adapted to a given topology.
To receive detailed information about NASK services, please fill in our request for information.
|
