Overview of Control 15

00:00

Hey, everyone, welcome back of the course. So in the last video we wrapped up our discussion on control 14 which is all about controlling access based on the actual need to know.

00:09

And this video where to talk through control 15 which is wireless access control.

00:16

So one of the main things that your average person has an issue with is a attached to public WiFi rights and the public WiFi is usually unsecured,

00:26

and also it's usually going to be sniffed by Attackers. So, for example, you're at the airport. You start just connecting to the airport WiFi for some reason,

00:36

and you're not using a VPN. And then he started entering in your banking password. You start surfing social media, etcetera, etcetera, and all this information is being harvested by that geeky guy next to you, right? Or that grandmother sitting across the way. So always make sure using a VPN as you're going through any type of public WiFi

00:54

at a minimum, and preferably

00:57

set up your own hot spots or use national service, you know. So a lot of cable cable providers, for example, will have, like a national ah national WiFi hot spots at least here in United States. And so you can connect with those and then also use a VPN is well,

01:14

so some control. 15 1

01:15

We're talking about maintaining an inventory of any types of authorized

01:21

wireless access points. So we want to make sure that we don't have any rogue devices on our network.

01:27

Some control 15 to basically detecting any type of weps that are connected to our wire network. Right? So that's the only way we can figure out something doesn't belong is if we can t detect the things that are on there. So we wanna make sure that as we're looking at our actual wired infrastructure,

01:46

where are these rogue devices? If there are any where these wireless access points

01:49

and we need to identify those and tracked them down a lot of times you may find that if you're new to accompany you come in. There could be a rogue access device sitting in a closet someplace the nobody's thought ever or seen in a long time. They didn't even think about it.

02:02

There could also just be innocuous or innocent

02:07

types of Weps sitting in a closet someplace that everyone forgot about for five years. So that's why it's important for us to detect all these things and understand what's actually on her network.

02:20

So control 15 3 using a wireless intrusion detection system.

02:24

So again, just going back to saying, Hey, this traffic doesn't belong. It doesn't look right. Well, let me tell somebody about it.

02:32

So control 15 4 Disabling wireless access on any device is if it's not actually required on. And that's just the Becks practice of

02:40

hardening those devices. So again, if there's not a legitimate business person purpose for it, disable it, block it, etcetera.

02:52

Limit the wireless access on client devices. So

02:57

if there's not an essential like business purse purpose for that that basically just allow access on Lee to authorize wireless networks and restrict access to any other wireless networks that they might be able to connect to

03:13

disabled appear to pure

03:14

wireless network capabilities on those wireless clients.

03:21

So basically, that's the ad hoc type of network capabilities.

03:23

Some control 15 7 leverage things like a s to encrypt wireless data. So that's just a sample view of the structure from them, our bites

03:36

and as technology of evolves, by the way and better encryption comes out.

03:40

Use that. So if you're watching this course 10 years from now, use the best encryption possible available to you.

03:47

Sub Control 15 8

03:50

Using the wireless authentication protocols that actually require multi factor authentication.

03:55

So, for example, like uh, E a p TLS so extensible authentication protocol transport layer security. Eso again

04:04

Just use things that are requiring that multi factor authentication

04:10

some control. 15 9 Disable any wireless personal access to devices. Eso, for example. Think of Bluetooth right or NFC near field Communications

04:21

unless there is a legitimate business purpose.

04:25

So again, if it's not needed blockade, disable it. If it is needed for some legitimate reason, figure out how long it's needed for who's gonna be responsible for it and document that stuff.

04:35

And finally, some control. 15 10. Create separatist wireless networks for personal and untrusted devices. So a lot of companies do this. They do the guest network, or they'll have a ah network for B Y O. D. As well as a guest network for people visiting the office.