Re: Wireless Security Testing Guidelines

[Balwant Rathore <balwant () oissg org>]

Dear isKooler and all,

Few days backs we have released Information Systems Security Assessment 
Framework (ISSAF) draft01. It has methodology and guidelines for 
performing WLAN security Assessment. Check page 458. You can download it 
from http://www.oissg.org/issaf. Below is the mail which I posted to 
PenTest at securityfocus.

Your feedbacks are valuable for us, please spare some time and write us 
what you like and what you didn't at feedback <at> oissg <dot> org

We are scheduled to release ISSAF draft0.2 in the end of this month. If 
anyone interested to join our team and contribute in ISSAF, welcome. We 
help contributors with the resource which we have in our organization 
and I promise you to provide a good learning experience. Newbie can help 
by reviewing its usefulness and gurus by valuable feedback and improvement 
of some section[s].


Thanking you.
Respectfully,

Balwant Rathore
Open Information Systems Security Group
http://www.oissg.org/


-----Original Message-----

From: Balwant Rathore [mailto:balwant () oissg org] 
Sent: Monday, January 03, 2005 2:01 PM
To: Pen-Test
Subject: Information Systems Security Assessment Framework (ISSAF) Draft0.1

Dear All,

I am glad to share with you that on this Christmas we have released 
Information Systems Security Assessment Framework (ISSAF) Draft0.1. It 
can be downloaded from: http://www.oissg.org/issaf. We plan to release 
draft0.2 in the end of this month after improving some existing and 
adding some new sections. Any contribution, suggestion, comments, 
feedback will be highly appreciated at feedback () oissg org

Preface:
Today, the evaluation of Information Systems (IS) security in accordance 
with business requirements is a vital component of any organizations 
business strategy. While there are a few information security assessment 
standards, methodologies and frameworks that talk about what areas of 
security must be considered, they do not contain specifics on HOW and 
WHY existing security measures should be assessed, nor do they recommend 
controls to safeguard them.

The Information System Security Assessment Framework (ISSAF) is a peer 
reviewed structured framework that categorizes information system 
security assessment into various domains & details specific evaluation 
or testing criteria for each of these domains. It aims to provide field 
inputs on security assessment that reflect real life scenarios. ISSAF 
should primarily be used to fulfill an organization's security 
assessment requirements and may additionally be used as a reference for 
meeting other information security needs. ISSAF includes the crucial 
facet of security processes and, their assessment and hardening to get a 
complete picture of the vulnerabilities that might exists.

The information in ISSAF is organized into well defined evaluation 
criteria, each of which has been reviewed by subject matter experts in 
that domain. These evaluation criteria include:
* A description of the evaluation criteria.
* Its aims & objectives
* The pre-requisites for conducting the evaluations
* The process for the evaluation
* Displays the expected results
* Recommended countermeasures
* References to external documents

A draft version of this framework is available at OISSG website at: 
http://www.oissg.org/issaf 

The Information System Security Assessment Framework (ISSAF) is an 
evolving document that will be expanded, amended and updated in future. 
To improve the usefulness of the future release of ISSAF, please take a 
moment to evaluate it. Your feedback is invaluable to OISSG's efforts to 
fully serve the profession and future ISSAF releases. The feedback form 
is given at the end of ISSAF; please email your feedback at 
feedback () oissg org. We will get back to you ASAP.

Introduction to OISSG:

Open Information Systems Security Group (OISSG) is an independent and 
non profit organization with vision to spread information security 
awareness by hosting an environment where security enthusiasts from all 
over the globe share and build knowledge.


Thanking you.
Respectfully,

Balwant Rathore
Open Information Systems Security Group
www.oissg.org <http://www.oissg.org/>