As organizations continue to evolve, wireless technologies are being integrated into existing networks to support employee mobility needs. Because wireless access can expose devices to unique threats, monitoring devices for access to suspicious or malicious wireless networks is essential. This report seeks to identify and inform an organization about their wireless access assets to reduce risk presented by wireless access points.
Unknown access points create blind spots for the risk management and hinder a team’s ability to follow the steps in the Cyber Exposure Lifecycle. Therefore, in addition to taking inventory of an organization’s list of wireless access assets, discovering previously unknown assets is also important when attempting to understand the current network attack surface. Tenable.io uses the following plugins to help identify wireless configurations and their related problems.
- Mac OS X Wireless Networks List (63340)
- Microsoft Windows Wireless Network History (66350)
- Network Interfaces Enumeration WMI (24272)
- Windows Wireless SSID WMI (25197)
This report uses the “Network Interface Enumeration” plugin to identify Windows hosts with active wireless network interfaces. Analysts can use this report to quickly identify the Windows hosts in the network that are actively connecting via a wireless interface. The Windows and Mac OS X SSID plugins are used to find some Wireless Access Point (WAP) configuration information using the settings found on network assets connected to those WAPs. The SSID plugins also list which method of encryption is used, if any, to connect to those WAPs. Utilizing this information assists administrators and analysts in identifying their attack surface, which in turn helps to expedite risk reduction practice.
Cyber Exposure will help analysts drive a new level of dialogue with the business. By knowing which areas of the business are secure or exposed, analysts can effectively measure the organization's cyber risk. Analysts can use the metrics provided by Tenable.io to determine how much and where to invest, in order to reduce risk to an acceptable amount. Tenable.io is the first Cyber Exposure solution that provides key risk metrics that organization need to measure risk exposure.
Executive Summary - This chapter provides an overview of the assets that are connected, or have connected to, WAPs in the environment. The list of operating systems and host count here illustrates how many assets are utilizing wireless communication in the organization. This information helps in taking inventory of an organization’s wireless attack surface.
Wireless Configuration Details - This chapter provides a detailed list of information about wireless assets in the network. The information displayed in this chapter is gathered by looking at the wireless connection configuration in the target asset’s registries. This information can be leveraged to find WAPs that may not currently be active, and can also be used to fin WAPs that allow weaker encryption methods for communication.