RU151859U1 - AUTOMATED WORKPLACE FOR AUDITING SECURITY OF A WIRELESS LOCAL NETWORK - Google Patents

Abstract

An automated workstation for security audit of wireless local area networks containing software and hardware platforms, characterized in that it includes ten modules, the first of which is a control module, the second module works with the database of questionnaires, the third module works with the database of equipment, the fourth module questionnaires, the fifth module inventory of equipment, the sixth module assess the level of protection, the seventh module risk assessment, the eighth module work with the database of the threat list, the ninth module development recommendations, the tenth report generation module, with the first control module connected by two-way communication with the fourth questionnaire module, the fifth inventory module with the input of the fifth module and the report generation module 10, the second questionnaire database module connected with the fourth questionnaire input module, the third module work with the equipment database is connected with the input of the fifth module; inventory of equipment; the fourth questioning module is connected with the output of the second module; work with the database of questionnaires and two Toroni communication with the first control unit, with the input module of the seventh evaluation of the risks and to the input module of the sixth evaluation of security level; the fifth module inventory of equipment is connected with the output of the first control module, with the output of the third module work with the equipment database, with the input of the sixth module an assessment of the level of security and with the input of the seventh module a risk assessment; the sixth module assesses the level of security associated with the outputs of the fifth module inventory of equipment and the fourth module questioning, is associated with the input of the ninth

Description

The utility model relates to wireless network security and is designed to determine the security of a wireless LAN using a combined audit model.

Of the existing modern technical devices of the highest level, the following devices are known: Scanner-VS [1], Elcomsoft Wireless Security Auditor [2], GRIF [3], CONDOR [3]. However, these devices do not contain all the security assessment methods necessary for a security audit of a local wireless network, for example, none, active audit, expert audit, wireless network audit, standards compliance analysis.

Closest to the claimed technical solution is a device for identifying vulnerabilities in wireless networks such as Wi-Fi [4]. This device is designed to search for vulnerabilities in wireless networks by generating traffic to a network using the WEP encryption protocol. The disadvantages of this technical solution are, firstly, the inability to use a comprehensive assessment of the security of the wireless local area network, secondly, the lack of determining the level of security of the wireless local area network, and thirdly, the lack of recommendations for increasing the level of security and reducing risks.

The purpose of the proposed utility model is to increase the level of security of a wireless local area network by synthesizing security audit methods.

The task to which the claimed invention is directed is to create an automated workstation for auditing the security of a wireless local area network, which will determine the level of security of a wireless local area network and, based on the result, assess the possible risk and create a list of effective measures to counter an attacker.

This problem is solved by using a combined audit model. In FIG. 1 presents the claimed device, which is made of ten modules: 1 - control module, 2 - module work with the database of profiles, 3 - module work with the database of equipment, 4 - module questioning, 5 - module inventory of equipment, 6 - module level assessment security, 7 - module risk assessment, 8 - module work with the database of the list of threats, 9 - module development of recommendations, 10 - module report generation. The control module - 1 is connected by two-way communication with the questionnaire module - 4, with the input to the equipment inventory module - 5 and the exit from the module - report generation - 10. The module works with the questionnaire database - 2 is connected with the input questionnaire module - 4. The module works with equipment database - 3 is connected to the entrance to the equipment inventory module - 5. Questioning module - 4 is connected to the exit from the module; work with the database of questionnaires - 2 and two-way communication with the control module - 1; with the entrance to the module, risk assessment - 7 and by entering the module security level - 6. The equipment inventory module - 5 is associated with exiting from the control module - 1, with exiting the module, working with the equipment database - 3, with entering the module, assessing the level of protection - 6 and with entering the module for risk assessment - 7. The security level assessment module is connected - 6 is associated with the exit from the equipment inventory module - 5 and with the exit from the questionnaire module - 4, is connected with the entrance to the module; development of recommendations - 9. The risk assessment module - 7 is associated with the exit from the equipment inventory module - 5, with exit from the questionnaire module ovane - 4 and with the exit from the module working with the database of the threat list - 8, and also connected with the entrance to the module making recommendations - 9. The module working with the database of the list of threats - 8 is connected by one-way communication with the module risk assessment - 7. The module is working out recommendations - 9 is associated with the exit from the module, risk assessment - 7 and with the exit from the module, the assessment of the level of security - 6, as well as with the entrance to the report generation module-10. Report generation module - 10 is connected by one-way communication with exiting recommendations from the module - 9 and entering the control module - 1. The software and hardware platforms installed on the user's working PC allow this device to work correctly.

The hardware and software platforms of the device have the following requirements:

- Intel (R) Core (TM) i7 processor with a frequency of at least 2.27 GHz;

- the amount of RAM - from 4 GB;

- free disk space - from 16 GB;

- operating system Windows 7 Maximum;

- .NET Framework 4.0;

- MySQL 5.

To effectively use the utility model for auditing the security of a wireless LAN, the following configurable operating system parameters are required:

- recommended screen resolution of 1024x768;

- highColor (32 bits).

When users interacted with the “Automated Workstation for Auditing Wireless LAN Security”, the following control elements (EI) were used:

- standard EU window Windows;

- buttons of various sizes and types;

- drop down lists;

- fields of input and output of digital data.

The technical result provided by the given set of features is to increase the reliability of information about the level of security of a wireless local area network and increase the security of a wireless local area network by means of security auditing. This result is achieved, not only through an inventory of wireless LAN equipment, as in the prototype, but also by analyzing the established standards, information about which comes from the questionnaire module - 4. Analysis of the data from the questionnaire module - 4 carries out the risk assessment module - 7 and the module assess the level of security - 6. Moreover, in contrast to the prototype, the proposed model determines the level of security of a wireless local area network and makes recommendations to increase the level of security and risk reduction. Therefore, the proposed technical solution allows you to use a comprehensive assessment of the security of the wireless LAN.

The essence of the utility model is that the security of a wireless local area network can be assessed using a comprehensive audit that combines active audit, expert audit, wireless network audit, as well as standards compliance analysis.

Elements of sets serve as input for the model:

- WLAN - a set of wireless network states, represented by indicators of compliance with the requirements of standards, as well as characteristics of network equipment and active settings;

- RQ - a lot of requirements of the standards necessary for implementation;

- ST - many settings critical for ensuring information security of a wireless LAN;

- TH - many elements of the threat model, representing threats relevant for a wireless LAN, realizing their attacks, and vulnerabilities through which threats are realized.

The output of the wireless network security audit model is the elements of the audit report, which includes:

- level of security;

- information security risks;

- recommendations to reduce risks and increase the level of network security.

The execution of the model consists of the following steps:

1) Network data collection:

1.1) Questioning and comparison with the requirements of standards;

1.2.) Gathering information about network settings.

2) Analysis of the collected data:

2.1) Assessment of the security level of the wireless network;

2.2) Information security risk assessment.

3) Development of recommendations and reporting:

3.1) Development of recommendations to increase the level of security and reduce risks;

3.2) Preparation of an audit report.

The control module-1 of the workstation for auditing the security of the wireless LAN sends a request to the questionnaire-4 module to receive questionnaires for filling out by the user. Having received a request from the control module-1, the questionnaire module -4 receives from the module work with the database of questionnaires-2 requirements presented in the questionnaire, those. questions to the user, important for determining the security of the local wireless network, and sends a request based on these requirements to the control module-1 in order to collect information about the organizational and administrative documentation on the information security of the organization (security policy, etc.) and preparation her for further processing. Each profile is a pair consisting of an xml document and an xsl template. An xsl template is needed to display the contents of an xsl file in a user-friendly form, and this view is determined by the template and can be customized. Questionnaires contain the following categories of questions:

- compliance with the requirements;

- model used in a wireless LAN

router

- router settings.

Completed questionnaires are sent by the questionnaire module-4 to the risk assessment module-7 and to the module for assessing the level of security-6.

Formally, this stage is represented by the Req function:

In this formula:

- Q - a vector reflecting the fact that the requirements of the standards are met, further participates in determining the level of security of the wireless LAN. Elements of the vector can take the values 0 if the requirement is not fulfilled, or 1 otherwise;

- rq - vector (length n) of the requirements presented in the questionnaire;

- {WLAN} - a tuple of data about the wireless network. In this case, information about the fulfillment of rq requirements.

Simultaneously with the questionnaire, the inventory of equipment - 5 module determines the settings of routers and computers of the wireless LAN, using the data from the module to work with the equipment database - 3.

Formally, this stage can be represented in the form of the Settings function, which takes as input parameters indicators of the wireless network status and a list of network settings, and at the output it transmits the vector of active settings S, i.e.

In this formula (2):

- {WLAN} - a tuple of elements of the set of wireless network states, in this case representing the settings of network equipment;

- {ST} - a tuple of critical router settings that affect the security of the wireless LAN.

Verification of settings can be carried out automatically (if this router is in the module list, work with the equipment database-3) or by questioning an employee (otherwise, because at the questioning stage the user indicates information about the router model and its settings). Each setting value has its own numerical size (or “weight”), summing up which you can get part of the integrated assessment of wireless network security - related to the current indicator of equipment settings. The information received from the inventory of equipment-5 module is sent to the risk assessment module-7 and the security level assessment module-6.

Further, the security level assessment module - 6 determines the security level of the wireless LAN. At this stage, the data obtained from the questionnaire module - 4 and the equipment inventory module - 5 is summed up. At the same time, each component is a product of the indicator value (fulfilling the standard requirements or active settings) and the numerical value (or "weight") of this indicator.

Formally, this stage can be described as a function:

or

The risk assessment module - 7 makes an assessment of information security risks, based on the analysis of previously collected information about the wireless network and the data contained in the work with the threat database module - 8.

The threat database module - 8 contains:

- Many threats to the wireless LAN;

- Many vulnerabilities in a wireless LAN.

Formally, a risk assessment can be represented as a Risk function.

For the operating mode, the wireless network risk in monetary terms is calculated by the formula (5):

where R _i is the risk to the network resource,

n is the number of resources on the network.

The risk to the resource is determined by the formula (6):

where D is the criticality of the resource (specified in monetary or level equivalents),

CThR - the general level of threats by resource, determined by the formula:

where CTh is the threat level for all vulnerabilities that contribute to it,

m - the number of threats affecting this resource.

The threat level is calculated using the following formula:

where Th is the threat level for one vulnerability,

1 - the number of vulnerabilities through which this threat can be implemented.

The threat level is determined by the formula (9):

where ER is the criticality of the threat implementation,

P (V) - probability of the threat realization through this vulnerability.

Thus, the formalized risk assessment model throughout the system has the form:

A high-quality product of levels is carried out, for example, according to the Microsoft risk assessment methodology in Table 1.

Recommendations module - 9 produces recommendations to eliminate deficiencies, increase the security level of a wireless LAN and reduce information security risks based on a previous analysis in the risk assessment module - 7 and the security level assessment module - 6. Formally, this stage can be represented as a function Rcm:

Where:

- C - vector of recommendations, the elements of which are recommendations for fulfilling the unfulfilled requirements of information security standards, as well as recommended settings for network equipment;

- Q - the vector of requirements, the elements of which can take values either 0 if the requirement is not fulfilled and needs to be made recommendations, or 1 otherwise;

- S - vector of the current settings of network equipment, the values of the elements of which can be equal to recommended (in this case, the recommendation is not needed), or differ from them;

- L - security level of the wireless network;

- R - information security risk of the wireless network. Report generation module - 10 generates a report on the audit of wireless LAN security. The report presents the user:

- level of security;

- information security risk;

- recommendations for settings;

- recommendations for requirements.

This stage can be formally described by the Rpt function:

Where:

- L - level of security;

- R - information security risk;

- C - recommendations for improving security and reducing the risks of a local wireless network.

Report results report generation module - 10 sends to the control module - 1.

A new approach is proposed, based on the creation of an automated workstation for auditing the security of a wireless local area network, which allows identifying violations of the information security of a wireless network and timely taking correct actions based on the proposed recommendations.

Thus, the technical result is due to the determination of the security level of the wireless local area network and the formation of recommendations, which leads to lower risks and increased security of the wireless local area network.

Bibliography:

1. Scanner-sun. [Electronic resource]. Access Mode: http://scaner-vs.ru/

2. Elcomsoft Wireless Security Auditor. [Electronic resource]. Access Mode: http://www.elcomsoft.ru/ewsa.html

3. GRIF. [Electronic resource]. Access Mode: http://www.dsec.ru/

4. Veryaev A.S., Lebedev K.O., Markov A.S., Utochka R.A., Fadin A.A., Tsirlov, V.L. Vulnerability detection device in wi-fi wireless networks .: US Pat. 124102 Russian Federation. 2012 bul. No. 1. 4 sec [Electronic resource]. Access Mode: http://bankpatentov.ru/node/230424

Claims (1)

An automated workstation for security audit of wireless local area networks containing software and hardware platforms, characterized in that it includes ten modules, the first of which is a control module, the second module works with the database of questionnaires, the third module works with the database of equipment, the fourth module questionnaires, the fifth module inventory of equipment, the sixth module assess the level of protection, the seventh module risk assessment, the eighth module work with the database of the threat list, the ninth module development recommendations, the tenth report generation module, with the first control module connected by two-way communication with the fourth questionnaire module, the fifth inventory module with the input of the fifth module and the report generation module 10, the second questionnaire database module connected with the fourth questionnaire input module, the third module work with the equipment database is connected with the input of the fifth module; inventory of equipment; the fourth questioning module is connected with the output of the second module; work with the database of questionnaires and two Toroni communication with the first control unit, with the input module of the seventh evaluation of the risks and to the input module of the sixth evaluation of security level; the fifth module inventory of equipment is connected with the output of the first control module, with the output of the third module work with the equipment database, with the input of the sixth module an assessment of the level of security and with the input of the seventh module a risk assessment; the sixth module assesses the level of security associated with the outputs of the fifth module; inventory of equipment and the fourth module; questioning; associated with the input of the ninth module; development of recommendations; the seventh risk assessment module is associated with the output of the fifth module inventory of equipment, with the release of the fourth module, questioning and with the output of the eighth module, work with the threat list database; development of recommendations; the eighth module, work with the threat list database is connected with one-way communication with the input of the seventh module risk assessment, the ninth module the development of recommendations is associated with the output of the seventh module risk assessment and the output of the sixth module the assessment of the level of security, as well as with the input of ten nth report generation module, the tenth report generation module is connected by one-way communication with the output of the ninth module, development of recommendations and the input of the first control module.

Images