4.3 CONDUCTING A VULNERABILITY ASSESSMENT A vulnerability assessment is an explicit study that uses penetration testing and observation to identify security weaknesses that could be exploited, and the risks. The results obtained are then evaluated to determine severity and steps to reduce or eliminate the threats. To be truly effective, assessments should be carried out regularly to spot out newly-introduced vulnerabilities and verify that installed security measures are working as intended. Assessments maybe performed by in-house or third-party staff, with full, partial, or no knowledge of the organization network and security implementation. In the following sections, I present the techniques and tools that can be useful for conducting a WLAN vulnerability assessment from wireless device discovery and penetration testing, to security event monitoring and spectrum analysis. A sample worksheet, provided in appendix, illustrates how assessment results can be documented for review and remediation.
Share with your friends: |