Today, I will be going over Control 15 from version 7 of the CIS top 20 Critical Security Controls – Wireless Access Control. I will go through the ten requirements and offer my thoughts on what I’ve found.
Key Takeaways for Control 15
- Reduce your attack surface. So much of control 15 is about limiting your usage of wireless technologies. Where you are using wireless, utilize best practices with encryption to prevent attacks on wireless data.
- Search out for more tools. Using a vulnerability scanner or wireless intrusion detection system for detecting rogue access points is overkill for these tools. If you already have them at your disposal, then reuse them without having to spend more money. If you don’t have them and you need to address control 15 immediately, there are plenty of other tools that can do the same job at a fraction of the price.
Requirement Listing for Control 15
1. Maintain an Inventory of Authorized Wireless Access Points
Description: Maintain an inventory of authorized wireless access points connected to the wired network.
Notes: Creating a baseline is the starting point in securing any part of the enterprise network. Even if this is done in an Excel spreadsheet, getting data down on paper to reference later should be done.
2. Detect Wireless Access Points Connected to the Wired Network
Description: Configure network vulnerability scanning tools to detect and alert on unauthorized wireless access points connected to the wired network.
Notes: This may also be the starting point for requirement one, as well. In fact, this may even be part of Control 1 as you are deploying tools to detect devices on the network. However, don’t think that you are limited to just network vulnerability scanning tools to find wireless access points. There are (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Travis Smith. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/20-critical-security-controls-control-15-controlled-access/