15.2: Detect Wireless Access Points Connected to the Wired Network
Configure network vulnerability scanning tools to detect and alert on unauthorized wireless access points connected to the wired network.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Network |
Detect |
2, 3 |
Dependencies
Sub-control 2.1: Maintain Inventory of Authorized Software
Inputs
The list of network vulnerability scanning tools
Approved configuration(s) for detecting unauthorized wireless access points (WAPs)
Approved configuration(s) for alerting on unauthorized wireless access points (WAPs)
Operations
For each network vulnerability scanning tool in Input 1, check its configuration against the appropriate approved detection configuration in Input 2.
Make a list of those network vulnerability scanning tools that are configured correctly for detecting unauthorized WAPs (M1)
Make a list of those that are not configured correctly (M2) noting the deviations.
For each network vulnerability scanning tool in Input 1, check its configuration against the appropriate approved alerting configuration in Input 3.
Make a list of those network vulnerability scanning tools that are configured correctly for alerting on unauthorized WAPs (M3)
Make a list of those that are not configured correctly (M4) noting the deviations.
Measures
M1 = List of network vulnerability scanning tools correctly configured for detecting unauthorized WAPs
M2 = List of network vulnerability scanning tools not correctly configured for detecting unauthorized WAPs
M3 = List of network vulnerability scanning tools correctly configured for alerting on unauthorized WAPs
M4 = List of network vulnerability scanning tools not correctly configured for alerting on unauthorized WAPs
M5 = Count of network vulnerability scanning tools correctly configured for detecting unauthorized WAPs (count of M1)
M6 = Count of network vulnerability scanning tools correctly configured for alerting on unauthorized WAPs (count of M3)
M7 = Total count of network vulnerability scanning tools (count of Input 1)
M8 = List of network vulnerability scanning tools correctly configured for both detecting and alerting on unauthorized WAPs (intersection of M1 and M3)
M9 = Count of network vulnerability scanning tools correctly configured for both detecting and alerting on unauthorized WAPs (count of M8)
Metrics
Detection Coverage
Metric |
The ratio of network vulnerability scanning tools correctly configured for detecting
unauthorized WAPs
|
Calculation |
|
Alerting Coverage
Metric |
The ratio of network vulnerability scanning tools correctly configured for alerting
on unauthorized WAPs
|
Calculation |
|
Full Coverage
Metric |
The ratio of network vulnerability scanning tools correctly configured for both
detecting and alerting on unauthorized WAPs
|
Calculation |
|