Wireless Administrator Checklist

http://networksecurity.weebly.com/

Daily Tasks

Physically locate rogue wireless devices within AOR Identify rogue devices with wireless discovery device Physically locate rogue devices Verify authorization for device or disable Document wireless device information for rogue devices located outside AOR Document and report wireless device information for rogue devices located within

AOR through approved reporting channels Track visit request to coordinate/prevent wireless enabled devices from

entering/leaving AOR

Review Wireless Access Point audit logs Identify and research system warning and error messages Identify and research failed access attempts Identify and research communication problems Track/monitor performance and activity

Review Wireless IDS audit logs Research generated alerts Identify and research system warning and error messages Identify and research failed access attempts Identify and research communication problems Track/monitor performance and activity

Review Wireless I/A device (i.e. RADIUS) audit logs Identify and research failed logon attempts Identify and research system warning and error messages Track/monitor performance and activity

Virus scan devices that are part of the wireless infrastructure Use approved virus scanner to scan wireless devices (where appropriate)

Weekly Tasks

Wireless device configuration management Check vendor sites for patch and firmware updates Update Wireless IDS signature files Update Anti-Virus signature files Monitor security news sources for wireless security related information

Compare wireless network device configuration files against a baseline for changes

Check for Unnecessary Services

Archive Audit logs Archive audit logs to a media/device with one-year retention

Monitor wireless device performance Verify wireless encryption/authentication devices (RADIUS, IPSEC service, etc)

for proper performance and activity Run hardware integrity diagnostics on wireless network devices Synchronize clock/time on wireless devices

Perform/verify weekly backup Run and verify that a successful backup of wireless network devices has been

completed

Monthly Tasks

Perform Self-Assessment Security and Policy Review Use Wireless Checklist to perform Self-Assessment Security Review Use Network Checklist to perform Self-Assessment Security Review Ensure wireless infrastructure complies with site Wireless Policy Develop plan to implement remediation actions to mitigate deviations Implement corrective actions to mitigate deviations Run an approved Vulnerability scanner (SCCVI)

Wireless device configuration management Compare device configuration with documented secure baseline Verify physical location of wireless devices Verify physical integrity of wireless devices (have devices been modified or

opened) Verify equipment has not been replaced or moved Verify antenna location, position, and direction

Verify wireless client security configuration Spot check the configuration on a sample of wireless client devices (25% of

wireless devices) Identify wireless profiles that indicate wireless client is accessing unauthorized

wireless networks

Quarterly Tasks

Wireless device configuration management

Change administrator/management passwords on wireless network devices Change Pre-Shared Key (PSK) on all appropriate devices

Test backup/restore procedures Restore backup files to a test system to verify procedures and files are usable

Wireless signal strength mapping Use mobile device to identify/document signal coverage of wireless network

devices Use mobile device to identify/document residential/commercial wireless devices

that are visible during site surveys

Annual Tasks

Review and update site policies and training Ensure site Acceptable Use Policy addresses current Wireless Security Policy Ensure personnel Annual Security Awareness Training addresses current site

Wireless Security Policy Ensure site Certification and Accreditation documents reflect the current wireless

infrastructure Ensure wireless users are informed about increased level of threat associated with

wireless usage Ensure wireless users receive additional training related to wireless attack

detection and prevention

Initial

Tasks as Required

Wireless device configuration management Delete clients from the MAC address filtering list and access control list that no

longer require wireless network access Install vendor security patches Update VMS for IAVMs Update wireless device firmware Schedule downtime for system/device reboots Change all default passwords on new equipment

Wireless user account management Maintain list of authorized wireless users Verify list of authorized wireless users still require wireless access Verify User Account Configuration Remove access from users that are no longer authorized for wireless access Ensure new wireless users have signed a site Wireless Usage Agreement

Authorized wireless device tracking Maintain list of authorized wireless devices Remove devices that are no longer approved for wireless access

After administrator personnel departure Change encryption keys on all wireless network devices Change administrator passwords Change passwords on wireless network devices Remove departing administrator’s wireless access

INFOCON Status requirement changes Adjust wireless security review/configuration to reflect current INFOCON

requirements

After system configuration changes Verify changes accomplish the desired objectives Create Emergency System Recovery Data Create new system configuration baseline Document System Configuration Changes Review and update SSAA Update VMS for Asset Changes Run and verify that a successful backup of the device has been performed Note the locations of wireless routers, APs, repeaters, dependent security devices,

and antenna on installation maps and floor plans Use mobile device to identify/document signal coverage of wireless network

devices (same process as Monthly Task)

After security incident involving wireless infrastructure Perform all tasks identified in this checklist

----------------------------------------------------------------