We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

What are the key features Auditors are looking for in a Bluetooth Audit?

awakenings
awakenings asked
on
Medium Priority
254 Views
Last Modified: 2010-04-11
I recently did a quick bluetooth audit of our organization.  I wanted to find out what are the important aspects of bluetooth.  What kind of ID information do they have?  What kinds of things are auditors looking for in reports about bluetooth auditing?
Comment
Watch Question

With the increasing prevalence of BT and small-form factor devices in the enterprise, this is a growing area of interest for me as well.

The kinds of things auditors are looking for:

1) Use Policy  - re: use of devices (SFF, BT, cell phones, PDAs, phones w/ cameras in high security areas should all be covered).

2) Device Policies - Data classification and minimum security (hardening, encryption, logging) device must support for more sensitive types of data

3) Auditing/Logging - who accessed the data, what was the data, at what time

And of course, alot of this is best effort only, as some device tracking will not be possible outside a great amount of expense/effort.

This is a just a general post to your questions. If you're looking for more of the nitty-gritty, I can get some actual auditing questions/checklists to you.

Also, here's a link: Bluetooth Security Review, Part 1, http://www.securityfocus.com/infocus/1830

Author

Commented:
I just upped the points because I am looking for more than what you provided.  I'll give you points for that.

You did hit on some things I wasn't looking for that we have covered - Use Policy, Device Policy for example.

From reading the article, it sounds like I should find  Redfang -- which seems to have dissapeared on my initial google searches.  I used bluesniff in my wireless audit, but I have no idea what I am looking for.  From the article it sounds like maybe MAC address and maybe if the device is hidden or not.
    In the wireless world, it is a bit easier for me because I am more familiar with the technology.  It has SSID, signal strength, signal to noise ratio, etc.  Do you have any specifics you would recommend?

Thanks,

Awakenings

Read up on RedFang and I think you'll agree as a auditing/pentest tool it's still very proof-of-concept.

Redfang download
http://www.net-security.org/software.php?id=519

Bluesnarfer w/ links to snarf attack howtos
http://www.securiteam.com/tools/5KP0220F5E.html

Of course, I don't know the nature of the data you're trying to protect (i.e., compliance requirements, sensitivity), but I would begin with the basics:

1) Look for discoverable devices
2) Next, do these devices accept file transfers (FTRN)

Here's more info on a SANS diary: Bluetooth Auditing
http://isc.sans.org/diary.php?storyid=715

That's all I've got for now. Maybe someone else can chime in.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.