Wireless Security Testing
Step ID | Description | Precondition | Expected Results | Actual Results | Pass or Fail | Notes |
---|---|---|---|---|---|---|
1 | Wireless access pre-set | Wireless Set up in practise. A unique SSID is assigned. | 1. Wireless access pre-set, must be set with security protocol (WPA or WPA2) and preferably on VLAN. 2.Wireless access should be limited to practices | |||
2 | Dedicated wireless network for Practice and a separate network segment for guests | Wireless network set up | 1.No guest access for the practice wireless network. 2.Guest access is enable in a separate network | |||
3 | Use of Firewall | Downloaded firewall protection. The network and firewall are managed by the network administrator | 1.Firewall enabled. 2.Access is monitored and reported to administrator in daily logs to ensure there is no unauthorized access to the system. | |||
4 | Restricted port access |
| 1.Only 11042 or secure port and port 22 or equivalent are allowed . 2.Limited access to ports 22 and 11042 | |||
5 | External access to the router disabled | Router installed and configured | Confirmed no external access to router | |||
6 | Router set with strong password | Router set up with a required password to access it. | Password with a minimum of 8 characters long with special charters | |||
| Backup of router configuration | Router configured | Backup of router configuration stored | |||
7. | Apply patches/updates to security devices on a regular basis | Security devices configured and in use for daily function | Devices firmware or operating system up to date with the latest security updates. | |||
8. | Anti-virus/anti span/anti- spyware/malware-detection systems on all user facing input work stations and devices. Verify availability and setup correctness | Downloaded and installed onto devices. | 1.Updated anti-virus detection system with ‘Definitions’ updates provided and applied; 2. latest software patches/updates included.
| |||
9. | Active Virus detection turned on and working. | Downloaded and configured anti-virus software. | Virus screening runs in the background on the Practice’s computer(s) and notifies the user of any Potential dangers caused by any files that may be infected by viruses. | |||
12 | Recommended to place OSCAR servers in a separated network segment. | OSCAR Servers setup and running | Optional OSCAR Servers have a different network segment than other clinic servers. | |||
11 | Recommended step to turn off SSID broadcasting for the practice wireless access | Wireless networking available. | Optional SSID is not broadcasted |