OWISAM Controls

Jump to: navigation, search
This page is a translated version of the page Controles OWISAM and the translation is 100% complete.

Other languages:
English • ‎español

The security controls defined by OWISAM are all those technical checks should be carried out to analyze the security risk of an organization through the use of Wi-Fi infrastructure.

The absence of a defined and deployed corporate network does not exempt from the risk, because the presence of devices with Wi-Fi capabilities is sufficient by itself to create potential security holes.

The security controls have been structured in 10 well differentiated sections:

# Code Type Description
1 OWISAM-DI Discovering devices Gathering information about Wi-Fi networks
2 OWISAM-FP Fingerprinting Analysis of the functionality of communication devices.
3 OWISAM-AU Tests over authentication Analysis of the authentication mechanisms
4 OWISAM-CP Encrypting communications Analysis of the mechanisms of information cryptographic.
5 OWISAM-CF Platform configuration Verifying the network configuration
6 OWISAM-IF Tests the infrastructure Security controls on Wi-Fi Infrastructure
7 OWISAM-DS Denial of Service Testing Controls designed to verify the availability of the environment
8 OWISAM-GD Tests on directives and regulations Analysis of regulatory issues that apply to the use of Wi-Fi networks
9 OWISAM-CT Tests on Wi-Fi clients Attacks on Wi-Fi clients
10 OWISAM-HS Tests on hostspots and captive portals Weaknesses affecting the use of captive portals.

Both controls and contents are likely to be modified over time, depending on the Wi-Fi risks evolution.