Close ESSIDs | 
|
MAC filtering |
| explicit deny |
|
| | | explicit allow |
|
Protocol filtering |
| | | | | |
| | | | | | | filtered protocols | __________________________ |
WEP | | | | | | | | | |
| | | key size | ___ | static or dynamic | ___ |
| | | key rotation frequency | ___ | TKIP implemented | ___ |
| | | other WEP enhancements | __________________________________ |
Authentication system | | | | | | | | open |
|
| | | | | | mixed |
| close |
|
802.1x authentication |
| | EAP type | __________________________ |
| | User database type | __________________________ |
| | 802.1x-based WEP key rotation |
| rotation time ________ |
| | ESSID/MAC EAP authentication |
| | | | |
Centralized authentication implemented |
| | Kerberos v4 |
| RADIUS |
| |
| | Kerberos v5 |
| TACACS |
| |
| | | | | | | | | TACACS version | ___ | |
Layer 3 VPN implemented |
| | | | | | | | |
| | | VPN type and mode ______________________________ | |
key exchange | shared secret |
| |
| | | asymmetric crypto |
| DH asymmetric crypto |
| |
| | | X.509 certificates |
| other |
| |
ciphers used | | | | | | symmetric | ___ | |
| | | | message digest | ___ | assymmetric | ___ | |
key/hash size | | | | | | | symmetric | ___ | |
| | | | message digest | ___ | assymmetric | ___ | |
tunneling implemented | IPSec AH |
| |
| | | | | | PPTP |
| IPSec ESP |
| |
| | | | | | L2F |
| L2TP |
| |
| | | | | | CIPE |
| GRE |
| |
| | | | | | IP-IP |
| VTP |
| |
| | | | | | DVS |
| ATMP |
| |
| | | | | | Other | ___________________ | MIN-IP-IP |
| |
Higher-layer security protocols used | SSHv1 |
| | |
S/MIME |
| SSHv2 |
| | |
SCP |
| HTTPS |
| | |
Other | _________________ | PGP/GNUPG |
| | |
Wireless authentication gateway | ______________________________ | | |
gateway type | ______________________________ | | |
Proper wired/wireless network separation | | |
Type of gateway/firewall | | | ______________________________ | | |
Gateway malware filtering present |
| Gateway SPAM filtering present |
| | |
Access points management from the wireless side is | enabled |
| | |
restricted |
| disabled |
| | |
Connections between wireless peers denied |
| | |
Wireless peers have firewalling capability |
| | |
Wireless IDS present |
| IDS type | ________________ | | |
Remote sensors present |
| Sensor type | ________________ | | |
| | | | | | | | Number of sensors ___ | | |
Centralized logging present |
| | | | | | | | | |
| | Logging is done over | | UDP |
| TCP |
| | | |
| | Log review frequency | ___ | | | | | | | |
| | Wired IDS present |
| IDS type | _______________ | | | |
| | Remote sensors present |
| Sensor type | _______________ | | | |
| | | | | | | | | Number of sensors | ___ | | | | | |
Honeypots deployed |
| | | | | | | | | | |
| | | wireless |
| wired |
| | | |
| | | comments | _________________________________________ | | | |
