|
Title: Article for school. Post by: cleanwithit0607 on April 21, 2009, 07:45:08 PM Hello all. I'm writing an article about securing wireless in a HIPA enviroment. I have a few topics that I'm going to talk about, let me know if I need to add anything.
-Types of attacks, and why you should secure it in a Hipa enviroment. -Roaming Security. -Types of Encryption. -Radius -TLS -Peap -IPSec -Ceritificates/Autentication. Anything else I should add. I'm just brainstorming here. Thanks in advance. Title: Re: Article for school. Post by: timmedin on April 22, 2009, 09:37:26 PM WEP's issues would be a nice one to add.
If you wanted to get into some details the latest issues with the WPA chop chop attack. Also, might want to spell it HIPAA Title: Re: Article for school. Post by: charlottebandit on June 20, 2009, 05:18:42 AM Hello all. I'm writing an article about securing wireless in a HIPA enviroment. I have a few topics that I'm going to talk about, let me know if I need to add anything. -Types of attacks, and why you should secure it in a Hipa enviroment. -Roaming Security. -Types of Encryption. -Radius -TLS -Peap -IPSec -Ceritificates/Autentication. Anything else I should add. I'm just brainstorming here. Thanks in advance. I would add that in order to make a relevant case for WLAN security and HIPAA, you need to show how each security feature maps to HIPPA compliancy. Otherwise, you're just talking WLAN security. How about Network Admission Control (NAC) posture assessment and profiling for WLAN clients/equipment? This is huge in Healthcare. Also, what about monitoring AP's specifically designed to track rogue attacks? IPsec?? Not seeing how adding this overhead provides more security since it's primarily used now for site-2-site VPNs and remote-access VPNs. Dump this. TLS, PEAP, and Certificates is really just authentication means for 802.1x WLAN deployment, which could simply be covered in a paragraph or two. More focus should be on 802.1x for AAA services than the means to authenticate. I'm assuming you're going to be focusing on a Controller-based Architecture, right? If so, it would beneficial to talk about many of the security features with the Controller which also adds other Layer 2 and 3 security measures depending on Controller vendor. Title: Re: Article for school. Post by: reliks on July 07, 2009, 01:14:21 PM Aircrack-ng has just released some new proof-of-concept and other new types of attacks you may want to cover. With these being released in such an easy to utilize format, we are going to see it used a lot more.
Title: Re: Article for school. Post by: UNIX on July 08, 2009, 12:19:20 AM If you don't mind cleanwithit060, can you supply your finished work for public?
Title: Re: Article for school. Post by: dalepearson on July 08, 2009, 04:27:49 AM Think everyone has covered the main areas, just focus on the HIPAA requirements, history or wireless networks, different options, defence and attack methods etc.
SANS published a document on securing wireless networks for HIPAA a few years ago, its been some time since I had a quick browse through it, but it might be of interest to you. http://www.sans.org/reading_room/whitepapers/awareness/securing_wireless_networks_for_hipaa_compliance_1335?show=1335.php&cat=awareness (http://www.sans.org/reading_room/whitepapers/awareness/securing_wireless_networks_for_hipaa_compliance_1335?show=1335.php&cat=awareness)
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |