• Choose a category
• All
• Classic-Fiction

Responding to security incidents requires the same type of focus and training. You should plan a fake incident at your site, inform all those who will be involved that it’s coming, and then evaluate their response. You should evaluate the following items:

1. Was the evidence gathered and chain of custody maintained?

2. Did the escalation procedures follow the correct path?

3. Given the results of the investigation, would you be able to find and prosecute the culprit?

4. What was done that should not be done?

5. What could be done better?

Practice makes perfect, and there is no better time to practice your company’s response to an emergency than before one really occurs.

Step Five: Adjusting Procedures

After an incident has been successfully managed, it’s a worthwhile step to revisit the procedures and policies in place in your organization to determine what changes, if any, need to be made.

Answering simple questions can sometimes be helpful when you’re resolving problems. The following questions might be included in a policy or procedure manual:

■ How did the policies work or not work in this situation?

■ What did we learn about the situation that was new?

■ What should we do differently next time?

These simple questions can help you adjust procedures. This process is called a postmortem , and it’s the equivalent of an autopsy.

Working with Wireless Systems

Wireless systems, plainly put, are systems that don’t use wires to send information but rather transmit it through the air. The growth of wireless systems creates several opportunities for attackers. These systems are relatively new, they use well-established communications mechanisms, and they’re easily intercepted.

The following sections discuss the various types of wireless systems that you’ll encounter and mention some of the security issues associated with this technology. Specifically, they deal with Wireless Transport Layer Security (WTLS), the IEEE 802 wireless standards, WEP/WAP applications, and the vulnerabilities that each presents.

Wireless Transport Layer Security

Wireless Transport Layer Security (WTLS) is the security layer of the Wireless Application Protocol (WAP), discussed in the section “WEP/WAP.” WTLS provides authentication, encryption, and data integrity for wireless devices. It’s designed to utilize the relatively narrow bandwidth of these types of devices, and it’s moderately secure. WTLS provides reasonable security for mobile devices, and it’s being widely implemented in wireless devices.

Figure 4.16 illustrates WTLS as part of the WAP environment. WAP provides the functional equivalent of TCP/IP for wireless devices. Many devices, including newer cell phones and PDAs, include support for WTLS as part of their networking protocol capabilities.

The term gap in the WAP is used to describe the security concern that exists when converting between WAP and SSL/TLS.

FIGURE 4.16 WTLS used between two WAP devices

IEEE 802.11x Wireless Protocols

The IEEE 802.11x family of protocols provides for wireless communications using radio frequency transmissions. The frequencies in use for 802.11 standards are the 2.4GHz and the 5GHz frequency spectrum. Several standards and bandwidths have been defined for use in wireless environments, and—with the exception of 802.11a—tend to be compatible with each other:

802.11 The 802.11 standard defines wireless LANs transmitting at 1Mbps or 2Mbps bandwidths using the 2.4GHz frequency spectrum and using either frequency-hopping spread spectrum (FHSS) or direct-sequence spread spectrum (DSSS) for data encoding.

802.11a The 802.11a standard provides wireless LAN bandwidth of up to 54Mbps in the 5GHz frequency spectrum. The 802.11a standard also uses orthogonal frequency division multiplexing (OFDM) for encoding rather than FHSS or DSSS.

802.11b The 802.11b standard provides for bandwidths of up to 11Mbps (with fallback rates of 5.5, 2, and 1Mbps)