IT Essentials — Assessing Infrastructure and Networks

            Wireless Access Points

            A wireless access point (WAP) provides wireless access to a network. Modern WAPs provide options
            for encryption, or scrambling and securing data transmitted, but because the technological world is
            advancing so rapidly, systems often fail to keep up with bad actors who attempt to override
            encryption features for their own purposes (usually/often criminal or malicious purposes).

            Corporate environments achieve wireless network access by broadcasting radio signals between
            hosts and access points. A WAP provides a range of options for the Layer 1 architecture of wireless
            service. Depending on the age of equipment used, several types of encryption may be used, or an
            organization may choose not to use encryption. Using weak or no encryption can expose the
            organization to additional risk, and it is a relatively inexpensive cost to upgrade wireless network
            components in order to increase security.

            Upgrading equipment or configuration of the entire user base to use newer encryption protocols can
            be a very large task. Examples of wireless encryption protocols (from lowest to highest level of
            encryption) include:

            Wired Equivalent Privacy (WEP) — an outdated security protocol that offers basic encryption. This
            protocol is typically used because it may be the only option for older infrastructures. Given sufficient
            traffic and even marginal computing power on a laptop or mobile device, WEP is easily penetrated
            and was superseded by the WPA protocol by the Wireless Fidelity Alliance in 2003.

            Wi-Fi Protected Access (WPA) — replaced WEP as a more secure security protocol for wireless
            networks. Like WEP, WPA should only be used if required by older infrastructure because it is
            vulnerable and provides less encryption than its successors.

            Wi-Fi Protected Access 2 (WPA2) — security protocol currently required on all devices considered Wi-
            Fi CERTIFIED by the Wireless Fidelity Alliance, providing stronger encryption algorithms than
            predecessors. It provides a degree of security from unauthorized access.

            Wi-Fi Protected Access 3 (WPA3) — provides individual data encryption, secures some “internet of
            things” (IoT) devices, protects against brute force (trial and error approach), dictionary attacks
            (using dictionary words to guess passwords), and offers the highest degree of protection.

            Demilitarized Zone: A Security Application

            A demilitarized zone (DMZ) is a portion of network contained between two firewalls, and protects the
            organization’s external-facing servers. The first firewall is outward-facing, or subject to the internet,
            and protects the DMZ systems. The outward-facing firewall has more exposure than the second
            firewall, which protects the interior network.








            Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.