Can you believe we’re almost halfway through 2019? Where did the first 6 months go? It was this time last year that the Wi-Fi Alliance revealed (in more detail) the release of WPA3. “Why the need for WPA3?”, I thought. WPA2 was a quality, secure Wi-Fi, right? Many of us felt that way until something happened in early 2018. What happened, you ask? We’ll discuss that point and the new WPA3 in next week’s post about wireless security.
Here are the content and topics we’ll cover in June:
WPA3 and the New Security Benefits
I personally have a long history with wireless that started out with HF/UHF communications in the military. I remember having to climb up high to perform maintenance on antennas. And while teaching wireless networking classes later in life, I studied modulation techniques, calculating RF power, even building antennas from scratch. Wireless networking gave the gift of mobility and has made its way into just about every business vertical out there. How many places do you go today that don’t have guest Wi-Fi? Every time I see guest Wi-Fi, I wonder, “Who’s the device vendor, is it configured properly, and was it tested to validate settings?”
The Security of Adding Self-Audits
Consequently, this leads directly to the next topic for this month: self-audits. Here’s a question for everyone: When you visit a fast-food drive-through, do you check the bag before leaving? I do. I really hate getting home, hungry for my favorite food friends, only to find strangers staring back at me. Is that mustard? Now I’m hungry and disappointed. The process of checking your food is an audit in a more secure, simplified form.
Since we spend quite a bit of time setting up security controls to protect our environment, we must audit those controls to know when they stop doing their job. Many of these controls are technical and will eventually fail, so auditing limits the impact of failure on our organizations. Furthermore, auditing is covered in many Linux Academy courses, including AWS Security Essentials. To see other security-related training content, stop by Linux Academy and search for key terms to see all the available hands-on labs and courses!
Windows Logging Needs Some Tweaking
Speaking of auditing, if you use a SIEM to analyze your system logs, or even have another way to do it, there are some audit settings that will need to be enabled within Windows systems. By default, Windows systems do not log quite a few events that you probably want to know about. This month, we’ll identify many of these events, and I’ll provide a how-to video for enabling these audit settings within group policies.
Thanks for stopping by, and I look forward to discussing WPA3 with you next week. Until then, stay secure!