Close ESSIDs | 
|
MAC filtering | 
| explicit deny | 
|
| | explicit allow | 
|
Protocol filtering | 
| | | | | |
| | | | | | filtered protocols | __________________________ |
WEP | | | | | | | | | |
| | key size | ___ | static or dynamic | ___ |
| | key rotation frequency | ___ | TKIP implemented | ___ |
| | other WEP enhancements | __________________________________ |
Authentication system | | | | | | | | open | 
|
| | | | | mixed | 
| close | 
|
802.1x authentication |
| EAP type | __________________________ |
| User database type | __________________________ |
| 802.1x-based WEP key rotation | 
| rotation time ________ |
| ESSID/MAC EAP authentication | 
| | | | |
Centralized authentication implemented |
| Kerberos v4 | 
| RADIUS | 
| |
| Kerberos v5 | 
| TACACS | 
| |
| | | | | | | | TACACS version | ___ | |
Layer 3 VPN implemented | 
| | | | | | | | |
| | VPN type and mode ______________________________ | |
key exchange | shared secret | 
| |
| | asymmetric crypto | 
| DH asymmetric crypto | 
| |
| | X.509 certificates | 
| other | 
| |
ciphers used | | | | | | symmetric | ___ | |
| | | message digest | ___ | assymmetric | ___ | |
key/hash size | | | | | | | symmetric | ___ | |
| | | message digest | ___ | assymmetric | ___ | |
tunneling implemented | IPSec AH | 
| |
| | | | | PPTP | 
| IPSec ESP | 
| |
| | | | | L2F | 
| L2TP | 
| |
| | | | | CIPE | 
| GRE | 
| |
| | | | | IP-IP | 
| VTP | 
| |
| | | | | DVS | 
| ATMP | 
| |
| | | | | Other | ___________________ | MIN-IP-IP | 
| |
Higher-layer security protocols used | SSHv1 | 
| | |
S/MIME | 
| SSHv2 | 
| | |
SCP | 
| HTTPS | 
| | |
Other | _________________ | PGP/GNUPG | 
| | |
Wireless authentication gateway | ______________________________ | | |
gateway type | ______________________________ | | |
Proper wired/wireless network separation | | |
Type of gateway/firewall | | | ______________________________ | | |
Gateway malware filtering present | 
| Gateway SPAM filtering present | 
| | |
Access points management from the wireless side is | enabled | 
| | |
restricted | 
| disabled | 
| | |
Connections between wireless peers denied | 
| | |
Wireless peers have firewalling capability | 
| | |
Wireless IDS present | 
| IDS type | ________________ | | |
Remote sensors present | 
| Sensor type | ________________ | | |
| | | | | | | Number of sensors ___ | | |
Centralized logging present | 
| | | | | | | | | |
| Logging is done over | | UDP | 
| TCP | 
| | | |
| Log review frequency | ___ | | | | | | | |
| Wired IDS present | 
| IDS type | _______________ | | | |
| Remote sensors present | 
| Sensor type | _______________ | | | |
| | | | | | | | Number of sensors | ___ | | | | | |
Honeypots deployed | 
| | | | | | | | | | |
| | wireless | 
| wired | 
| | | |
| | comments | _________________________________________ | | | |