What are the key features Auditors are looking for in a Bluetooth Audit?

I recently did a quick bluetooth audit of our organization.  I wanted to find out what are the important aspects of bluetooth.  What kind of ID information do they have?  What kinds of things are auditors looking for in reports about bluetooth auditing?
awakeningsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tnapolitanoCommented:
With the increasing prevalence of BT and small-form factor devices in the enterprise, this is a growing area of interest for me as well.

The kinds of things auditors are looking for:

1) Use Policy  - re: use of devices (SFF, BT, cell phones, PDAs, phones w/ cameras in high security areas should all be covered).

2) Device Policies - Data classification and minimum security (hardening, encryption, logging) device must support for more sensitive types of data

3) Auditing/Logging - who accessed the data, what was the data, at what time

And of course, alot of this is best effort only, as some device tracking will not be possible outside a great amount of expense/effort.

This is a just a general post to your questions. If you're looking for more of the nitty-gritty, I can get some actual auditing questions/checklists to you.

Also, here's a link: Bluetooth Security Review, Part 1, http://www.securityfocus.com/infocus/1830
0
awakeningsAuthor Commented:
I just upped the points because I am looking for more than what you provided.  I'll give you points for that.

You did hit on some things I wasn't looking for that we have covered - Use Policy, Device Policy for example.

From reading the article, it sounds like I should find  Redfang -- which seems to have dissapeared on my initial google searches.  I used bluesniff in my wireless audit, but I have no idea what I am looking for.  From the article it sounds like maybe MAC address and maybe if the device is hidden or not.
    In the wireless world, it is a bit easier for me because I am more familiar with the technology.  It has SSID, signal strength, signal to noise ratio, etc.  Do you have any specifics you would recommend?

Thanks,

Awakenings

0
tnapolitanoCommented:
Read up on RedFang and I think you'll agree as a auditing/pentest tool it's still very proof-of-concept.

Redfang download
http://www.net-security.org/software.php?id=519

Bluesnarfer w/ links to snarf attack howtos
http://www.securiteam.com/tools/5KP0220F5E.html

Of course, I don't know the nature of the data you're trying to protect (i.e., compliance requirements, sensitivity), but I would begin with the basics:

1) Look for discoverable devices
2) Next, do these devices accept file transfers (FTRN)

Here's more info on a SANS diary: Bluetooth Auditing
http://isc.sans.org/diary.php?storyid=715

That's all I've got for now. Maybe someone else can chime in.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.