Wireless Threat Triage and Response: Part 1, Evaluate the Threat
Author/Blog Contributor - Chia-Chee Kuan, CTO at AirMagnet
Date: September 16, 2010
Understanding how to evaluate and prioritize wireless LAN security threats and performance issues, and elicit quick responses without overburdening IT staff, can be a tricky balancing act. Which threats are most important and should be attended to first? When is it okay to put off addressing a threat? Just like a triage nurse quickly evaluate ER patients andchoose who receives attention first, IT managers can also use proven techniques to easily choose which wireless threats are most important and which can sit in the "waiting room" for a bit.
There are two basic tasks when dealing with wireless issues - triage and response. In a three-part blog post series we will explore techniques for triaging wireless threats, as well best practices for responding to these threats. In this initial post, we'll discuss the first, and most complex factor, you must consider when evaluating a wireless threat: severity.
The most important thing to recognize is that not ALL alarms pose the SAME threat. Wireless issues can vary in importance based on a variety of factors. Some issues are more important based on the nature of the threat itself. Other issues are important based on who or what they will affect. And some issues, while not high in importance separately, become a serious issue when they occur together. Because of this, your event triage MUST account for all factors.
Ask yourself, what is the threat severity? Does the threat have a particular intensity? A good response requires the ability to prioritize and escalate problems based on the underlying intensity of the issue, such as fragmentation and error rates or classification of rogue clients based on signal strength.
A common way to rank threats is into Priority Classes of Top, Second and Lower. Here are some examples of threats that fall into each category:
Top Priority Threats (unambiguous and bad)
- Hacking tools, DoS Attacks and penetrations
- Rogue devices connected to the wired network
- Unapproved associations
- Open devices
Second Priority Threats (issues, but common)
- Rogue clients
- Weak security configurations
- Ad-hoc devices
Lower Priority Threats (very common, but need to be tracked)
Top Priority Threats are the issues that could lead to data loss. It is important to have solutions in place that enable the prioritization of threats and alarms. Some solutions, such as AirMagnet Enterprise, even provide scoring for threats based on their danger, as well as custom response thresholds and severities, making it quick and simple to evaluate which threats require attention at what time.
In our next post we'll discuss the two other important factors for triaging wireless threats: who the threat will affect and correlation.
Jeniva Apr. 5, 2013 5:20 PM
What a handy little deicve! It creates wifi from my 3G dongle (O2) so that both my partner and I can share the internet on both our laptops and smart phones at the same time. It has a very descent range too, I have wifi throughout the house. Although it does drop strength while several rooms away, but that is to be expected. Ill admit that I chose this model because it was cheaper than the other options available but it does not compromise on quality. Well worth every penny.
tloufufel Apr. 7, 2013 2:45 AM
mRTnI0 , [url=http://unyqxhmippgi.com/]unyqxhmippgi[/url], [link=http://wpcrshqgwmbj.com/]wpcrshqgwmbj[/link], http://itrnrkcwepns.com/
Unlimited Satellite Internet
Jan. 20, 2015 6:13 AM
Excellent and decent post. I found this much informative, as to what I was exactly searching for. Thanks for such post and please keep it up.
Post a Comment: