Page 394 - StudyBook.pdf
P. 394

378    Chapter 6 • Infrastructure Security: Devices and Media

             network.Applying secure transmission protocols and configuring the wireless access
             point to only accept authorized connections will also help in securing a network.



              TEST DAY TIP
                  When taking the Security+ exam and working a wireless-related ques-
                  tion, keep in mind that wireless technology by itself is generally consid-
                  ered insecure. When a wireless network is set up, you are basically
                  handing a cable linked to your network to anyone with an antenna. The
                  Security+ exam expects you to know what can and should be done to
                  secure wireless connections. Pay close attention to Chapter 4 where
                  wireless security is discussed in detail.





             Modems

             With the popularity of broadband access, modems are becoming less necessary for
             the average computer user; however, most systems still have modems installed and
             many corporate systems still have modems in place for remote access.These devices
             often provide a simple and unexpected method for an intruder to access systems.
                 Typically, remote access servers (RAS) and fax servers are common places for
             modems to be located within a corporate network. Properly configured modems
             are fairly secure; however, the users of a corporate network may have modems in
             their PCs that they configure so they can dial in to remotely access their systems.
             This is done when no other remote access solution has been provided or if they
             feel that the existing remote access solution is inconvenient.These types of situa-
             tions can provide an intruder with the perfect entry point to a network.The best
             solution to this problem is to implement a security policy to control the installation
             of modems on corporate systems, and to verify that those systems that need
             modems are properly secure. (Security policies are covered in detail in Chapter 12,
             “Operational and Organizational Security: Policies and Disaster Recovery.”) It is
             also a good idea to audit this by using a war-dialing application (Exercise 6.01) to
             scan corporate phone numbers to verify that no unexpected modems answer.A
             walk-through audit of the corporate systems should also be done to verify that no
             unauthorized modems have been installed.








          www.syngress.com
   389   390   391   392   393   394   395   396   397   398   399