October 2011 - Auditing Wireless Networks

Topic

Implementation of wireless technology in enterprises has grown dramatically in both scale and diversity. The instance most commonly thought of is Wi-Fi, but wireless takes many forms, including Bluetooth, 802.11.x, RFID, NFC, and Cellular (GSM/CDMA/3G/LTE), all with different functions, hardware, and risk profiles. Although other audit issues exist (e.g., cost effectiveness, QA, etc.) this presentation focuses on security auditing.

Security auditing of wireless networks presents a challenge due to the diversity of implementations, the ever-changing state of art, and the growing demand in the enterprise for newer technologies with faster deployment time (e.g., the “CEO wants an iPad” phenomenon). We will cover the following topics to help meet the challenge:

  1. Prove that It Matters
  2. Identify Wireless Technologies
    • Wi-Fi (802.11x)
    • Cellular (GSM, CDMA, 3G, LTE)
    • Bluetooth
    • RFID
    • NFC
  3. Identify Risks and Threats
    • Inherent Risks
    • Threat Profiling
    • Organization Specific Risks and Regulatory Issues
  4. Security Assessments of Wireless Systems
    • How to Assess
    • Infrastructure
    • Devices
    • Internal vs. Hired Guns
  5. Evaluate Findings
  6. Repeat as necessary

Speaker

Ted Eull, VP of Technology Services viaForensics

Ted is the VP of Technology Services for viaForensics, the leading mobile security and forensics firm, offering mobile risk assessment, mobile app security testing, forensic training, and security services, and he has 10+ years experience in consulting and corporate IT development, management, and security.

Materials