4.3.0 WLAN DISCOVERY The first step in any vulnerability assessment is identification of all wireless devices near the sites) under test. By so doing, all authorized devices will be isolated from the rest - whereas the authorized will be subjected to further assessment the rest will be scrutinized to determine ownership, impact on WLAN operation, and potential threat. WiFi Stumblers – which are free, easy to use for simple tasks, and available for most Operating Systems – is one of the tools that can be used for this purpose. One limitation of Stumblers is that they can find APs, but not Stations or noninterference sources. They may supply GPS latitude/longitude, but cannot pinpoint indoor location. For complete vulnerability assessment, a portable WLAN Analyzer that can scan all RF channels, export details about all wireless devices, accurately plot results on floor plans, and make it easy to find newly-discovered devices is ideal. Using the discovery tools, make a list of observed 802.11 and other devices. Record the following parameters a) for APs, record their ESSID, MAC address, IP address, channel, SNR, and observed X settings, b) generate a similar list of discovered Stations, noting whether they are associated to an Ad Hoc node, probing for multiple ESSIDs, and/or actively associated with specific AP(s). For non devices, a spectrum analysis is used to fingerprint type. To locate and indentify the unauthorized devices - including the owner -, use a "find" tool (or WIPS with rogue mapping.
Wireless Local Area Network (WLAN): Security Risk Assessment and Countermeasures Nwabude Arinze Sunday - 35 -