HIPAA Wireless Compliance Report - AirTight Networks

More documents

Recommendations

Info

HIPAA Wireless Compliance ReportSeverity 4 VulnerabilitiesSeverity Level: 4 Type: High Vulnerabilities: 4Ad-hoc Mode Count: 2Threat: Authorized clients in ad hoc connection mode are likely infected with viral SSIDs and can inadvertentlycompromise your entire network’s security by accepting direct connections. Unauthorized clients can enteryour network through such connections, while authorized clients can bypass your security policy control (e.g.,firewalls, and URL, spam, and malware filters). This wireless vulnerability may lead to theft of patient health datain violation of Section 164.312(e)(1).Remediation: You should locate the clients and before redeploying them, manually change the configurationof your clients to prevent them from operating in ad-hoc mode.Consider using a wireless client management software for enforcing your security policies and ensuring thatclients only connect in the infrastructure mode to authorized APs.Device(s) Involved:ABC CorpLocation Device Name MAC AddressCisco-Linksys_01:4C:18 00:18:39:01:4C:18ABC Corp Intel_25:B8:48 00:13:CE:25:B8:48Rogue AP Count: 2Threat: Rogue APs are unauthorized APs connected to your corporate network in violation of your securitypolicies. Outsiders can enter the corporate network using these Rogue APs as wireless backdoors. This wirelessvulnerability may lead to theft of patient health data in violation of Section 164.312(e)(1).Remediation: Use wireless security solutions for automatically blocking wireless access to Rogue APs. Locatethe Rogue AP and physically disconnect it from your corporate network.Device(s) Involved:Location MAC Address Protocol SSID SecurityABC Corp 00:09:5B:FD:73:30 802.11b/g Alice WEPABC Corp 00:11:95:18:1A:AF 802.11b/g Malice OpenPowered by AirTight Networks Page 10 of 20
HIPAA Wireless Compliance ReportSeverity 3 VulnerabilitiesSeverity Level: 3 Type: Medium Vulnerabilities: 8Potential Victim of Wi-Phishing Attack Count: 4Threat: In Wi-Phishing, hackers use common or factory-default SSIDs to lure clients to unwittingly connect totheir AP instead of the authorized WLAN. Clients probing for these common SSIDs are prime candidates for aWi-Phishing attack. This wireless vulnerability may lead to leakage of patient health data in violation of Section164.312(e)(1).Remediation: Locate the client and remove entries of vulnerable SSIDs from the clientâ€s preferred networkslist, so it does not probe for those networks. A wireless client management software can help in enforcing yoursecurity policies and regulating how your clients behave and connect wirelessly.Device(s) Involved:Location Device Name MAC AddressABC Corp Cisco-Linksys_01:4C:18 00:18:39:01:4C:18ABC Corp Intel_25:B8:48 00:13:CE:25:B8:48ABC Corp Intel_2B:EC:05 00:13:02:2B:EC:05ABC Corp Intel_92:0B:A6 00:19:D2:92:0B:A6Open External AP Count: 3Threat: External APs are not connected to your corporate network, but are in the wireless vicinity of your facility.Your authorized client devices are likely to connect to open external APs bypassing your security policy control(e.g., firewalls, and URL, spam and malware filters). This in turn can lead to reduced productivity, liability for illegalcontent flowing through your network, or leak sensitive data. This wireless vulnerability may lead to leakage ofpatient health data in violation of Section 164.312(e)(1).Remediation: Check the wireless settings on your authorized clients and ensure they are configured to connectonly to your authorized SSID. A wireless client management software can help in enforcing your security policiesand regulating how your clients connect wirelessly.If you do not want to touch your clients, consider using a wireless security solution for automatically blockingauthorized clients from connecting to external APs.Device(s) Involved:Location MAC Address Protocol SSIDABC Corp 00:15:E9:61:63:CA 802.11b/g Carib4ABC Corp 00:19:5B:8C:A8:0C 802.11b/g Load-GuestABC Corp 00:1E:58:23:BF:27 802.11b/g blueguestWEP Authorized AP Count: 1Powered by AirTight Networks Page 11 of 20
Page 1: AIRTIGHT NETWORKSREPORTSHIPAA Wirel
Page 4 and 5: HIPAA Wireless Compliance ReportRes
Page 6 and 7: HIPAA Wireless Compliance ReportRec
Page 8 and 9: HIPAA Wireless Compliance ReportDet
Page 12 and 13: HIPAA Wireless Compliance ReportThr
Page 14 and 15: HIPAA Wireless Compliance ReportSev
Page 16 and 17: HIPAA Wireless Compliance ReportCat
Page 18 and 19: HIPAA Wireless Compliance ReportLoc
Page 20: HIPAA Wireless Compliance ReportSev

HIPAA Wireless Compliance Report - AirTight Networks

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?