RE: Wireless Audit Reports

From: Jeff Gercken (JeffG@kizan.com)
Date: Thu Mar 30 2006 - 07:57:18 EST


I occasionally get asked to perform a wireless audit and typically will
use a product like Aeropeek to sniff the wireless spectrum while walking
the perimeter of the building. First on the outside, then on the
inside. If the average signal strength from each host/AP, is greater
outside than inside, I normally conclude the source is outside of the
building. If the measurements are close, I'll break out a parabolic
antennae and do it again.
 
-Jeff

-----Original Message-----
From: Matthew Webster [mailto:awakenings@mindspring.com]
Sent: Wednesday, March 29, 2006 9:47 AM
To: pen-test@securityfocus.com
Subject: Wireless Audit Reports

Hi,

      I work in an environment that has a policy that does not permit
wireless devices. We still do an "audit" of the area to ensure that
there are no wireless devices in our area. I wish to prove that there
are no devices. Being in a city, there are literally hundreds of
wireless networks present - perhaps up to 50 in any one given area of
our building. I have tracked the signals down and have determined that
there are no rogue access points or peer networks hidden in our portion
of the building.

      Now a traditional wireless audit would be easy. I could report
the signal strengths of our devices, if the SSID's are correct, are
non-broadcast, etc. That would be an easy report to create after data
collection. In this case, I am trying to prove a negative. I can list
networks, signal strengths, etc. but I feel like I am fluffing the
report with meaningless and time wasting statistics. Does anyone have
any experience in what they would report under these circumstances?

Matt

------------------------------------------------------------------------
------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to
proactively protect your applications from hackers. Cenzic has the most
comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go
with a managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm
your results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------
------

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:46 EDT