OWISAM Top 10

From OWISAM
Revision as of 23:06, 13 May 2018 by Adm owisam (talk | contribs) (Página creada con «Even organizations that do not make use of its own Wi-Fi infrastructure may be vulnerable to attacks through Wi-Fi, because of the risks caused by '''OWISAM-TR-007''' a...»)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Other languages:
English • ‎español

TOP RISKS 2013

This section identifies the main security risks that currently affect the Wi-Fi networks and whose detection and mitigation should be a priority. These risks have been defined based on the experience gained in penetration tests on wireless networks and in the analysis of art's Wireless Security state, taking into account the impact that these risks may have on the assets of the organization.

Therefore, a safety review based on OWISAM TOP 10 should be directed to analyze and detect the following:

OWISAM-TR-001: Open Wi-Fi communication networks.
OWISAM-TR-002: WEP-based encryption in communication networks.
OWISAM-TR-003: Insecure key generation algorithms (devices, WEP, WPA(2)-PSK and WPS passwords).
OWISAM-TR-004: WEP/WPA/WPA2 dictionary based key.
OWISAM-TR-005: Insecure authentication mechanisms (LEAP, PEAP-MD5 ...)
OWISAM-TR-006: Device with WiFi Protected Setup support active (WPS).
OWISAM-TR-007: Wi-Fi networks not authorized by the organization.
OWISAM-TR-008: Insecure captive portal in Wi-Fi Hotspots.
OWISAM-TR-009: Client trying to connect to insecure networks.
OWISAM-TR-010: Overextended Wi-Fi networks coverage.

Even organizations that do not make use of its own Wi-Fi infrastructure may be vulnerable to attacks through Wi-Fi, because of the risks caused by OWISAM-TR-007 and OWISAM-TR-009.