Continuous improvement plan the wireless network that

This preview shows page 8 - 10 out of 16 pages.

Continuous Improvement Plan The wireless network that is currently in use is the 802.11AC standard and uses the WPA2 encryption standard. As a refresher, WEP or Wired Equivalent Privacy was the first wireless security protocol that came out sometime in 1999 and worked with 802.11a wireless network. The next network standard that came out was the 802.11b in 1999. In 2003 WPA or Wireless Protected Access came out. The next wireless security standard that came out was in 2006 and is currently what we use. It is FIPS 140-2 compliant and until just recently offered the best encryption available. The most recent security standard WPA3 that came out in 2018. We will be switching to this in the near future. As FIPS 140-2 has been replaced by FIPS 140-3. According to NIST.gov, it lists these milestones for FIPS140-3: FIPS 140-3 becomes effective on September 22, 2019 FIPS 140-3 testing, through the Cryptographic Module Validation Program (CMVP), will begin September 22, 2020; and FIPS 140-2 testing will continue for at least a year after FIPS 140-3 testing begins (Allen, 2019).
CYBER SECURITY INCIDENT REPORT 9 Another similar way for devices to communicate with each other is Bluetooth. In order for Bluetooth to work the devices must be in close proximity to the device that it wants to connect to. This is usually less than ten meters from one another. There are several security concerns that one has to take notice of and have a mitigation for these in place. Most of the mitigations are simply to turn off the discovery of the device and change default pins. In an article posted on cmdsp.org it states that “Bluetooth introduces a number of potentially serious security vulnerabilities to your enterprise’s mobile devices; compromising devices and connected networks. Do the mobile devise users in your enterprise know that many vulnerabilities can be prevented by turning off the “discoverable mode” and changing the default passcode (cmdsp.org, 2019)?” It goes on and lists five security vulnerabilities. These vulnerabilities are carwhisperer, Bluejacking, Bluebugging, Bluesnarfing and BlueBorne. Carwhisperer is a vulnerability in the cars Bluetooth device as most manufactures have a default pin and most people do not change it. This vulnerability allows hackers to record and play audio. Bluejacking is when unwanted messages are sent and received. This is not necessarily a security issue since no sensitive information is exchanged just really a nuisance. Next is Bluebugging, which is using outdated Bluetooth security or poor passwords to get into the device, which allows the attacker to listen in to phone conversations and send messages to other devices. Then there is Bluesnarfing, which is the same as Bluejacking except it has a payload in the message that forces the device to send contact information to the hacker. Last is BlueBorne, which according to Armis is an “attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device or even to be set on

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture