Kinds of Attack:
- Social engineering
Social engineering is a means of launching an attack or gathering information for an attack by
relying on the weaknesses of individuals. It represents one of the greatest risks that organizations today face. At its core, social engineering relies on an attacker’s clever manipulation of human nature in order to persuade the victim to provide information or take actions.
- impersonation, which means to create a fictitious character and then play out the role of that person on a victim. Common roles that
are often impersonated include a repairperson, IT support, a manager, a trusted third party. - Phishing is sending an e-mail or displaying a Web announcement that falsely claims to be from a legitimate sender in an attempt to trick the user into surrendering private information.
Security policy: security policy is a written document that states how an organization plans to protect the company’s information technology assets.
An organization’s information security policy can serve several functions:
● It can describe an overall intention and direction, formally expressed by the organization’s management. A security policy is a vehicle for communicating an organization’s information security culture and acceptable information security behavior.
● It details specific risks and explains how to address them, and provides controls that executives can use to direct employee behavior.
● It can help to instill security awareness in the organization’s culture.
● It can help to ensure that employee behavior is directed and monitored to ensure compliance with security requirements.
Security Policy Cycle
- The first phase involves a vulnerability assessment.
Vulnerability assessment attempts to identify
- what needs to be protected (asset identification),
- what the pressures are against it (threat evaluation),
- how susceptible the current protection is (vulnerability appraisal),
- what damages could result from the threats (risk assessment),
- what to do about it (risk mitigation).
The assessment includes:
1. Asset identification. Asset identification determines the items that have a positive economic value and may include data, hardware, personnel, physical assets, and software. Along with the assets, the attributes of the assets need to be compiled and their
relative value. The task of identifying and categorizing assets is known as asset management.
2. Threat evaluation. After the assets have been inventoried and given a relative value, the next step is to determine the threats from threat agents. A threat agent is any person or thing with the power to carry out a threat against an asset.
3. Vulnerability appraisal. After the assets have been inventoried and prioritized, and the threats have been determined, the next question is to determine what current security weaknesses might expose the assets to these threats. This is known as vulnerability
appraisal and in effect takes a snapshot of the security of the organization as it now stands.
4. Risk assessment. A risk assessment involves determining the damage that would result from an attack and the likelihood that the vulnerability is a risk to the organization.
5. Risk mitigation. Once the risks are determined and ranked, the final step is to determine what to do about the risks. It is important to recognize that security weaknesses can never be entirely eliminated; some degree of risk must always be assumed.
It also outlines how the organization will respond to attacks and the duties and responsibilities of its employees for information security.
Physical Security: one of the most important aspect.
Monitor Network
Standard Network Monitoring Tools:
Although data from devices and APs are beneficial, there are drawbacks to relying solely on these sources of information:
● Data collection. Acquiring data from each AP and each wireless device across the network can be a labor- and time-intensive task.
● Timeliness. Unless a person is constantly monitoring this data, it cannot be used to warn of an impending wireless issue. Rather, the data can only be used after a problem occurs when trying to identify what may have caused it.
● Retention of data. Data gathered from the AP and devices is collected in real time but often there is not always the facility for creating a large repository for that data. Without the ability to retain the data it is difficult to establish a baseline.