Article for school.

Viewing 5 reply threads
  • Author
    Posts
    • #3716
      cleanwithit0607
      Participant

      Hello all. I’m writing an article about securing wireless in a HIPA enviroment. I have a few topics that I’m going to talk about, let me know if I need to add anything.

      -Types of attacks, and why you should secure it in a Hipa enviroment.
      -Roaming Security.
      -Types of Encryption.
      -Radius
      -TLS
      -Peap
      -IPSec
      -Ceritificates/Autentication.

      Anything else I should add. I’m just brainstorming here. Thanks in advance.

    • #23848
      timmedin
      Participant

      WEP’s issues would be a nice one to add.
      If you wanted to get into some details the latest issues with the WPA chop chop attack.
      Also, might want to spell it HIPAA

    • #23849
      charlottebandit
      Participant

      @cleanwithit0607 wrote:

      Hello all. I’m writing an article about securing wireless in a HIPA enviroment. I have a few topics that I’m going to talk about, let me know if I need to add anything.

      -Types of attacks, and why you should secure it in a Hipa enviroment.
      -Roaming Security.
      -Types of Encryption.
      -Radius
      -TLS
      -Peap
      -IPSec
      -Ceritificates/Autentication.

      Anything else I should add. I’m just brainstorming here. Thanks in advance.

      I would add that in order to make a relevant case for WLAN security and HIPAA, you need to show how each security feature maps to HIPPA compliancy.  Otherwise, you’re just talking WLAN security.

      How about Network Admission Control (NAC) posture assessment and profiling for WLAN clients/equipment?  This is huge in Healthcare.  Also, what about monitoring AP’s specifically designed to track rogue attacks? 

      IPsec??  Not seeing how adding this overhead provides more security since it’s primarily used now for site-2-site VPNs and remote-access VPNs.  Dump this.

      TLS, PEAP, and Certificates is really just authentication means for 802.1x WLAN deployment, which could simply be covered in a paragraph or two.  More focus should be on 802.1x for AAA services than the means to authenticate.

      I’m assuming you’re going to be focusing on a Controller-based Architecture, right?  If so, it would beneficial to talk about many of the security features with the Controller which also adds other Layer 2 and 3 security measures depending on Controller vendor. 

    • #23850
      reliks
      Participant

      Aircrack-ng has just released some new proof-of-concept and other new types of attacks you may want to cover. With these being released in such an easy to utilize format, we are going to see it used a lot more.

    • #23851
      UNIX
      Participant

      If you don’t mind cleanwithit060, can you supply your finished work for public?

    • #23852
      dalepearson
      Participant

      Think everyone has covered the main areas, just focus on the HIPAA requirements, history or wireless networks, different options, defence and attack methods etc.

      SANS published a document on securing wireless networks for HIPAA a few years ago, its been some time since I had a quick browse through it, but it might be of interest to you.

      http://www.sans.org/reading_room/whitepapers/awareness/securing_wireless_networks_for_hipaa_compliance_1335?show=1335.php&cat=awareness

Viewing 5 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?