Email: chanaka.lasantha@gmail.com

1. P a g e 1 | 13
Title : Security Investigation and Analyze of a Wi-Fi Hotspot Infrastructure.
Author : Chanaka Lasantha Nanayakkara Wawage
Student ID : K1658833
Organization : Wi-Fi Division of Globe Internet LTD
Framework Used: Octave
EXECUTIVE SUMMARY
Modern cities are being increasingly challenged energy efficient and attractive to newly settle and
existing residents. Strengthening the social and financial city to meet challenges, today requires a
willingness to embrace specific technologies that improve the daily lives patterns of local residents
and businesses around the city area. The backbone of these technologies is the wireless
communication network. There are many identified key issues behind the Wi-Fi hotspots and
residential fixed Wi-Fi connection caused to unreliable wireless data services, the long distance
fixed home connection is describing such as Interferences from other wireless providers, session
limit exceeded situations, low signal strength over an obstacle, poor quality of connectivity, privacy,
mobility, integrity and competition of opponent’s service providers. In additionally modern trends of
wireless network equipment and applications and the rapidly expanding growth recently more
scalable functionality. most of today's users are usually not only master computer but also at least
one other intelligent device. most of its Wi-Fi hotspot and residential connection providers having
major challenges to facilitating the extremely high growth of data services via the wireless footprint
area wisely services.
They forced recently to optional strategic plans including residential Wi-Fi connection to mobile
devices is to consider on Wi-Fi connectivity. unfortunately, the majority of smartphone users that
will be launched in the consumer space that supports Wi-Fi frequency band originating very high
rapid rise challenges Wi-Fi designers and engineers to design prototyping new products aimed at
the limited available bandwidth. Wi-Fi hotspots and residential products offer tremendous
advantages to a variety of consumers in hotspots areas, as well as the recent amount of qualified
wireless professionals workers assigned the responsibility of managing the city area’s wireless
projects every day an increasingly popular way for subscribers to connect to online information is
through the use of portable devices such as, laptops and smartphones. a wireless connection to the
Internet is currently available in a range of valued customer friendly organizations by allowing
subscribers to connect to online resources through their portable devices, Wi-Fi hotspot tasks. this
is the major initiative aimed at promoting the development of broadband services in urban areas,
government and tourism sectors.
The project is based on the development of fast-mature wireless network and end-user access
device technologies and is design by allowing users around affordable, Wi-Fi network standards.
simply adding more access points typically does not enhance the service. this design guide focuses
on the challenges faced by administrators in deploying WLANs in higher education and provides
practical strategies for assessing and modifying current deployment strategies, using existing
resources to improve performance and expanding network accessibility in high-density locations,
the Implementation of Wi-Fi hotspots project is turns into a high profile wireless center excellence,
strengthen the technical knowledge base of local business, increase tourism and economic benefits
through public wireless networks and Improve the skills of wireless technology to improve the
learning effect wireless technology.
It is the responsibility of the Globe Internet LTD Heads to have controls in the area and in the impact
that offer affordable assurance that network security targets are addressed. The Globe Internet
LTD Head has the duty to exercise due diligence inside the adoption of this framework. The Globe
Internet LTD must achieve compliance with the general statistics security desires of the
Commonwealth such as compliance with regulations, policies and standards to which their data,
network, system resources and statistics are subjected from the 3.3 Security Policy to 3.3.8 Policy
Compliance.

2. P a g e 2 | 13
01: SECURITY ASSESSMENT REPORT
1.1. Potential Members of the Team
Potential members of the team required to assess and deliver the solution are chief executive officer
(CEO), chief operating officer (COO), The Head of IT (HI), Head of Operations (HO), project
manager (PM), Team Lead (TL), Network System Administrator, Network Engineers.
1.2. Critical Assets with Priority under the area of Concern.
The first phase in Octave method to identified assets, relative priorities and areas of concern is
the important stage for differentiating the critical assets.
Areas of Concern Asset Name Priority
Base Stations Omni Wi-Fi Outdoor Access Point High
Servers Aradial Radius Billing System Very High
Database MySQL Database Very High
Table 1.1 Assets Categorization
1.3. Identification Security Requirements on Critical Assets
1.3.1. Base Station
• Prevent eavesdropping attacks on Base Station’s Omni antennas.
• Encrypted network management messages.
• Prevent electromagnetic frequency spectrum as a signal disruption (RF jamming).
• Prevent physical access from unauthorized parties.
• Prevent attacks on service set identifier (SSID).
• Enhancement of MAC filtering to overcome MAC spoofing on Wi-Fi base stations.
• Prevent Information Disclosure Attack on Wired Equivalent Privacy (WEP).
• Rejecting the Drawback of senior attack on the wireless network.
• Prevent Signal interference from other base stations in the Wi-Fi Range.
• To Avoid Man in the Middle Attacks between Wi-Fi base stations and Gateways.
• Enhancement of WPA2 vulnerabilities on Wi-Fi Base Stations and Hotspots.
1.3.2. Billing Server
• Wireless client to encrypt given stations traffics.
• Accounts that are allowed to log in to the server have to be confined.
• Strongest Authentication Mechanism for NAS Client as opposed to the use of Plan-textual
content.
• Most powerful Authentication Mechanism for radius Server using LDAP or MySQL.
• The connection between RADIUS server and authentication backed improving through
either SSL Tunnel or IPsec Tunnel.
1.3.3. Database Server
• Access control Mechanism.
• Anti SQL Injection Mechanism.
• Authentication Mechanism.
• Encryption Methodology.
• Integrity controls Mechanism.
• Backups Procedures.
• Application security Mechanism.
• Database Security Mechanism.
1.4. Identification of the Current Security Practices
• Physical Location Security.
• Wireless Cyber Security.

3. P a g e 3 | 13
• Database Security.
• Disaster Recovery Plan.
1.5. Organizational Vulnerabilities
Organizational vulnerabilities of Wi-Fi infrastructure environment have encountered appropriate
countermeasures. “The ability of organizations to make sense of the state of their environment, to
detect new threats, to adopt new technologies and organizational attributes, contribute to their
resilience.” (1)
Critical
Assets
Organizational vulnerabilities
Omni Wi-Fi
Outdoor
Access
Point
1. Prolonged interruption of electrical power amid calamity prompting to
corruption/crumple of Information Infrastructure.
2. Communication over-burden amid disaster prompting to inadmissible delay or
crumple of communication services.
3. Vulnerable to the utilization of Radio Frequency Weapons by fear-based
oppressors, other disappointed people
4. Vulnerable to Cyber Crimes through electronic media including through network
communication infrastructure.
5. Physical damage by unplanned, normal risks or purposeful harm.
Aradial
Radius
Billing
Server
1. Prolonged interruption of electrical power amid calamity prompting to
corruption/crumple of Information Infrastructure.
2. Vulnerable to Cyber Crimes through electronic media including through Server
communication infrastructure.
3. Physical damage by unplanned, normal risks or purposeful harm.
MySQL
Database
Server
1. Prolonged interruption of electrical power amid calamity prompting to
corruption/crumple of Server Power Supply Infrastructure.
2. Physical damage by unplanned, normal risks or purposeful harm.
3. Communication over-burden amid disaster prompting to inadmissible delay or
crumple of Database services infrastructure.
Table 1.2 Organizational vulnerabilities
1.6. Threat Profiles
1.6.1. Threat Profile-1 (MySQL Database)
Threat
(Threat to
Asset)
Asset
(Entity at Risk)
Access
(Threat
route to
Asset)
Actor
(Perpetrator
of Threat)
Motive
(Accidental
or
Deliberate)
Outcome
(Risk to the
Asset)
Remote
Root
Code
Execution
Billing PayPal data
Billing plans data
Billing rates data
User bill info data
User info data
Payment data
Invoice data
Invoice items data
Invoice status data
Invoice type data
Nas data
Radius acct data
Radius post auth data
Radius reply data Radius
user group data
Radius
Billing
System
Web
application
Interface
External
party
Deliberate
Confidential data
disclosure
Confidential
Modification
Unknown Access
Interruptions
Reputation
Damage of
Company
Network NAS
Device list
disclosure
Privilege
Escalation
SQL
Injection
Table 1.3Threat Profile-1

4. P a g e 4 | 13
1.6.2. Threat Profile-2 (Free Radius Billing Web Application)
Threat
(Threat to
Asset)
Asset
(Entity at Risk)
Access
(Threat
route to
Asset)
Actor
(Perpetrator
of Threat)
Motive
(Accidental
or
Deliberate)
Outcome
(Risk to the Asset)
Apache httpd
remote denial
of service
Apache HTTPD
server
Private
Network
Web
Interface
External
party
Deliberate
Sensitive information
disclosure
Source code list
disclosure
An attacker forces
the users of a web
application to
execute actions
Reputation Damage
of Company
Radius Server
disclosure
Data Packages
Credential disclosure
Directory
listing
list of files
contained in this
directory
HTML form
without CSRF
protection
HTML form with
no apparent
CSRF protection
implemented
Slow HTTP
Denial of
Service Attack
HTTP protocol
Source code
disclosure
source code
regarding on this
script is available
User
credentials are
sent in clear
text
user credentials
Table 1.4 Threat Profile-2
1.6.3. Threat Profile-3 (Omni Wi-Fi Outdoor Access Point)
Threat
(Threat to Asset)
Asset
(Entity at Risk)
Access
(Threat
route to
Asset)
Actor
(Perpetr
ator of
Threat)
Motive
(Accidenta
l or
Deliberate
)
Outcome
(Risk to the Asset)
Eavesdropping
attacks.
Transmitted data
Wi-Fi
Hotspot
Base
Station
External
party
Deliberate
Gathering
information about
transmitted data
Confidential
Modification
Unknown Access
Interruptions
Reputation
Damage of
Company
Unsecured
Network
Signal disruption
Attacks.
DE authentication
frames on
transmitted data
Radius Jamming
attacks
firing out Radius
DE
authentications
Table 1.5 Threat Profile-3

5. P a g e 5 | 13
1.7. Selecting Critical Assets
Areas of Concern Critical Asset Name Criticalness
of Asset
Base Stations Omni Wi-Fi Outdoor Access Point High
Servers Adradial Radius Billing System High
Database MySQL database High
Table 2.6 Critical Assets Classification
Criticalness of the categorized assets is divided into the location of concern that is greater
threaten according to the organizational vulnerabilities of ICT infrastructure.
1.8. Identifying Infrastructure Vulnerabilities
1.8.1. Identifying Infrastructure Components to be Examined
Key Component IP
Address
Vulnerability
Evaluation Approach
Tools Rationale
Free Radius Billing
System
10.0.0.2 Network Administrator
is the person who can
responsible for
running all of
the tools and
another authorized
internal IT
professional
also, present
while having on the
job
training to the caring
task.
Acunetix Web
Vulnerability
Scanner
Consultant
Edition
Their IT
professionals
do not have
the sufficient
level of
knowledge to
execute and
run them but
required to
learn.
MySQL Database 1010.0.3
Omni Wi-Fi Outdoor
Access Point
10.0.0.4 Wireless
Security
Auditor,
NetStumbler,
AirSnort,
WaveStumbler
Table 1.7 Identifying infrastructure components
1.9. Evaluate Selected Components
Vulnerability Security Level Definition
High-Severity Vulnerability Must be fixed immediately (within the next 24 hours)
Medium- Severity Vulnerability Must be fixed soon (within 1 month)
Low-Severity Vulnerability Maybe fixed later
Table 2.8 Vulnerability Severity Levels
Components IP
Address
Tools Vulnerability
Summary
Free Radius Billing System 10.0.0.2
Acunetix Web Vulnerability
Scanner Consultant Edition,
Wireless Security Auditor,
NetStumbler, MacStumbler,
WaveStumbler.
04 High
01 Medium
01 Low
MySQL Database Server 1010.0.3 02 High
01 Medium
00 Low
Omni Wi-Fi Outdoor Access Point 10.0.0.4 04 High
01 Medium
00 Low
Table 1.9 Preliminary Summary
“Technological vulnerability refers to the chance that a technological system may fail due to outside
impacts.” (2) “Jamming attack is common among many exploits that compromise the wireless
environment.” (3)

6. P a g e 6 | 13
1.10. Reviewing Technology Vulnerabilities and Summarizing Results
Types of
Vulnerabilities
Found
The Potential Effects on
The Critical Assets
How the Technology Vulnerabilities Might Be
Addressed
MySQL Database
Remote Root
Code Execution
Allowed local and remote
attackers to execute
arbitrary commands.
Limiting executable command sets at the server
which effected with ‘MySQL’ user to avoid
creation of configuration documents with
malignant parameters in directories.
Privilege
Escalation
MySQL Server
administration account
expose.
Configuring all are the config files owned by
‘MySQL' user instead of the root user.
SQL Injection Confidential Database
Table data disclosure.
Prepared statements which use bound
parameters and SQL injection filtering
techniques.
Radius Billing Server Web Application
Apache httpd
remote denial of
service
permits far off attackers to
reason a denial of service
(memory and CPU intake)
through a range header that
expresses multiple
overlapping tiers.
Upgrade to the latest version of Apache Web
Server (2.2.20 or later), available from the
Apache Web Server (HTTP) Project Web site.
Directory listing Display the list of files
contained on this directory.
The directory does not include sensitive
information and restricts Web Server directory
listings from the web server configuration files.
HTML form
without CSRF
protection
Malicious obtain the
advantage of the website
whereby unauthorized
instructions are transmitted
from a user that the website
trusts.
CSRF protection and implement CSRF
countermeasures.
Slow HTTP
Denial of
Service Attack
The connection pool
reaches its most factor
creates a DoS attack.
mod_reqtimeout used to set timeouts for
receiving the HTTP request headers and the
HTTP request frame from a client and mod_qos
is a quality of service module for the Apache
Web Server (HTTP) which permits the
implementation of control mechanisms that
could provide exceptional degrees of
precedence to unique HTTP requests.
Source code
disclosure
source code for this script is
available.
Remove this file from Radius web folder and
change its permissions to remove access.
User credentials
are sent in clear
text
User credentials are
transmitted over an
unencrypted channel.
Always transferred login inputs clear text data to
the server over an encrypted connection
(HTTPS).
Wi-Fi Base Station
Eavesdropping
attacks.
Transmitted data An electronic seek of the radio frequency
spectrum to locate any unauthorized
emanations from the vicinity being examined,
an electronically greater seek of towers,
fixtures, and transmitters, both active and
quiescent and Identification of physical security
weaknesses.
Signal disruption
Attacks.
DE authentication frames
on transmitted data
Jammed-area mapping protocol Hybrid system,
Using PDR with consistency checks, Channel

7. P a g e 7 | 13
surfing and spatial retreat Fuzzy interference
system, Channel hopping Reactive Jamming
detection using Trigger nodes identification,
Control channel attack prevention.
Radius Jamming
attacks.
Firing out Radius DE
authentications
Channel surfing is an effective method to
prevent the jamming attack in wireless
communications and
Frequency hopping techniques, a transmitter
changes the frequency bands on which the
signals are transmitted to prevent the jamming
attack.
Table 1.10 Reviewing Technology Vulnerabilities and Summarizing Results
1.11. Proposed Architecture and Solution
Figure 1.1 Proposed Solution Diagram
The conventional Wi-Fi base station of the Section B component changed via the proposed base
station WBS 2400 to conquer Eavesdropping, sign disruption, Radius Jamming, Multi-path
propagations, much less throughput due to low signal rate regions and Interferences, triple the
range in contrast with conventional get access points and beamforming generation offers high-
quality NLOS insurance. beamforming technology focuses the strength to and from the client, on
an instep per-packet basis. This focusing system appreciably increases the link gain of the base
station. The inherent spatial filtering of the Beamforming technology and the precise dynamic
interference handling capabilities make sure high-quality operation even in noisy environments. The
advanced link gain offers higher throughput and allows large network ability. the SDMA era doubles
the downlink capability in keeping with base station, while traditional wireless generation suffers
from the damaging impact of multi-route propagation, Base Station has digital Beamforming
generation exploits multi-direction to its advantage by means of coherently combining the signals

8. P a g e 8 | 13
along the extraordinary propagation paths to the client and that can significantly reduce Signal
disruption, Radius Jamming of attackers’ additionally Frequency hopping techniques, a transmitter
changes the frequency bands on which the signals are transmitted to prevent jamming attacks.
proposed Base station wealthy control and security abilities, which includes seamless RADIUS
authentication, Anti Eavesdropping makes BTS appropriate for metro area network programs. The
self-aligning capability of the beamforming technology removes the need for mechanical
alignments.
“WPA2, WAPI cryptography, TKIP/AES Encryption, Radius Authentication Mechanism RADIUS
Server (EAP-TLS, PEAP, EAP-TTLS, EAP-SIM, EAP-AKA), MAC Authentication with RADIUS
server for open sessions, Time and throughput RADIUS Accounting, VPN pass-through, HTTPS for
Web-based management tools, SNMPv3 with standard and Wavion MIB support, Multiple SSIDs”.
(4)
The Section A of the Network diagram can overcome Apache httpd faraway denial of service the
usage of model 2.2.20 or today's strong launch of Apache HTTP server and that in no way allows
some distance off attackers to cause a denial of service thru a variety header that expresses more
than one overlapping tiers. the directory listing vulnerability concerning on display the list of files
contained on web folder listing can reject using the safety shape after mitigating the weaknesses
including directory does no longer comprise sensitive statistics and restriction directory listings from
the web server configuration. the different important reality of the web application is the CSRF
protection clearly improve with the aid of the usage of CSRF safety and put in force CSRF
countermeasures towards to malicious take gain of an internet site whereby unauthorized
commands are transmitted from over a consumer that the internet site trusts. sluggish HTTP DoS
assaults are the most important task for the personal homepage enabled HTTPD server can
mitigate via customizing mod_reqtimeout used to set timeouts for receiving the HTTP request
headers and the HTTP request body from a client and mod_qos is a quality of provider module for
the Apache HTTP Server which permits the implementation of management mechanisms that might
provide super tiers of precedence to precise HTTP requests against to overflow of the connection
pool reaches its maximum aspect created by DoS attacker. the opposite vital impact of the HTTP
net server is the supply code disclosure. the gadget administrator followed with the mitigate scenario
that can triumph over that the difficulty addressed vulnerability scanning with the aid of either
redeveloped or getting rid of this files from radius internet folder and alternate its permissions to
cast off get entry to. in the end, the radius billing internet utility redevelop concerning one the shape
base person tables where sending the person login credentials as a clear textual content and that
issue can conquer with by using following usually transferred login inputs clear textual content
information to the server over an encrypted connection (HTTPS).
“This is the companion paper to the ApacheCon session Hardening Enterprise Installations against
Attacks. It describes the threat model that faces these installations, the security and vulnerability
mitigation process at the Apache HTTP Server project, and how to securely deploy the Apache
HTTP Server (httpd)”. (5)
The Section C is mentioned for overcome method of remote root code execution the usage of the
limiting executable command units on the server which effected with ‘MySQL’ user to avoid creation
of configuration files with malignant parameters in directories through rejecting far-flung attackers
to execute arbitrary commands inside the MySQL database.one of the main impact called privilege
escalation must deny the usage of configurations changes on all are the config files owned by
‘MySQL’ user rather than root user. The SQL Injection threats are capable of mitigating using
prepared statements which uses sure parameters and SQL injection filtering techniques to avoid
private database table facts disclosure.
“Techniques for preventing SQL Injection vulnerabilities by avoiding these two problems. These
techniques can be used with practically any kind of programming language with any type of
database. There are other types of databases, like XML databases, which can have similar

9. P a g e 9 | 13
problems (e.g., XPath and XQuery injection) and these techniques can be used to protect them as
well.
Primary Defenses:
• Option 1: Use of Prepared Statements (Parameterized Queries)
• Option 2: Use of Stored Procedures
• Option 3: Escaping all User Supplied Input
Additional Defenses:
• Also, Enforce: Least Privilege
• Also, Perform: White List Input Validation” (6)
02: BUSINESS CONTINUITY PLAN
2.1 Introduction
Business entities nowadays exist in an especially competitive in wireless service providers. Globe
Internet LTD have to differentiate market space as well as their business into the continuously
innovating to satisfy organization business goals by providing competitive and precise offers over
the customer base. The Technological enhancements, technological advances have enabled Globe
Internet LTD to obtain most of the numerous techniques. on the other hand, the organization threats,
solutions for disaster recovery due to enterprise interruption are not extinct in truth, that they have
got additionally developed and deployments at the side of the technology. business interruption
does appear however what is of importance is, how a whole lot of the effects of such interruptions
can the business afford? Business Continuity Planning making plans is the act of pro-actively
running out a way to prevent, if feasible, and control the consequences of a disaster, restricting it to
the volume that a wireless service provider’s business can afford.
“A business continuity plan enables critical services or products to be continually delivered to
clients. Instead of focusing on resuming a business after critical operations have ceased, or
recovering after a disaster, a business continuity plan endeavours to ensure that critical operations
continue to be available.” (7)
2.2 Description of Continuity Plan
The Business Continuity Plan (BCP) mainly focused too well establishing company ICT procedures
with the administrative decision for directions as well as the technical guideline for the subordinates
and superiors in addition to the customer base under the certain well-defined circumstance. due to
an organizational aspect, some aspects have happened unwanted and most of the other aspects
still never happened over the organization. the bundle of key mitigation concepts is definitely
prepared for the safety purpose of triggering the certain bundle of mitigation plan to overcome
disasters when it happens, in additionally the organization have an ability to survives on disasters,
critical situations, losses minimizations as well as it remains viable and it can be “business as usual”
even very before the certain customer base customers feel the effects of the downtime. An effective
Business Continuity Plan. for the Wireless Service Provider serves to secured businesses against
financial disasters. the advantages outcome effectively embedded into the Wireless Service
Provider such as customer satisfaction, enhanced corporate image and no dip in the market share.
There are various threats and vulnerabilities to which business today is exposed to Wi-Fi
infrastructure.
• An extended interruption of electrical electricity amid calamity prompting to crumble.
• Accidents or sabotage causing severe material disaster.
• Communication exchange over-burden amid disaster prompting to inadmissible delay.
• Cyber Terrorism through digital media, hardware and network failures.
• Outages due to application errors, physical harm by unplanned, purposeful harm.
2.3 Security Policy

10. P a g e 10 | 13
“The purpose of this policy is to provide a security framework that will ensure the protection of
University Information from unauthorized access, loss or damage while supporting the open,
information-sharing needs of our academic culture.” (8)
All information communication over Globe Internet LTD wireless networks that have not been
especially identified because the property of different parties will be dealt with as although it's miles
a Globe Internet LTD asset. it's the policy of Globe Internet LTD to limit unauthorized get entry to,
disclosure, duplication, amendment, diversion, destruction, loss, misuse, or theft of this statistics.
further, it's miles the coverage of Globe net LTD to guard statistics belonging to third parties that
have been entrusted to Globe net LTD in a Malawi regular with its sensitivity and according to with
all applicable agreements.
2.3.1. Responsibilities Subjected to the Job Role.
The Head of IT act the main role for decision making which are directly affected with the Globe
Internet LTD by maintaining slandered with more suggestions, regulations alternations, long and
short-term tactics according to the company policy in additionally while providing major
responsibility on ICT infrastructure security structures where triggering as daily routines regarding
ICT subordinates duties under particular guidance by providing directions and authority over the
Globe Internet LTD subjected to the ICT departments as well. As a department, that they need to
keep tracking and caring out all the required records for the risk assessment reports, security action
planes for the information systems security, further investigation on data protection methodology
and products in addition to the probability on Secured ICT infrastructure for the entire Network
System.
The Head of Operations(HO) is the person strictly bonded with responsibilities to coordination's with
his supervise and ICT Operations subordinates in additionally to the required ICT investigations,
possible vulnerabilities of critical assets categories, protection and security mitigation planes,
reported certain according to the data collected from Engineering team.at the other hand he is
responsible to report all are the detail reports to the head of IT soon. In additionally The HO have a
responsibility to mitigate most of are the risks flows where identified by the Technical department
and assigned requires action planes to establish enhancement of the ICT Infrastructure operations
department. directors are liable for acting as neighbourhood information security coordinators. those
people are responsible for organizing appropriate person privileges, monitoring gets admission to
control logs, and performing comparable protection actions for the systems they administrator. They
also are liable for reporting all suspicious computer network or wireless network security associated
activities to the Head of Operations.
Network Engineers and System administrators are strictly bonded with the responsibility to carry on
responsible duties which are pointed on assigned ICT infrastructure data Protection policies in
additionally to the following the technical structured guidance and certain manage processes over
the Organization ICT circumstance. in the occasion that a gadget is controlled or owned via an
outside party, the department project manager of the wireless company the services performs the
activities of the network system administrator.
Chief Executive Officer is responsible for ensuring that appropriate computer network or wireless
network security measures are determined in their regions. except allocating enough resources and
personnel time to meet the requirements of these policies, departmental managers are answerable
for ensuring that each one employee, subscribers customers are aware to Globe Internet LTD
policies associated with computer network or wireless network system security. Subscribers and
subordinates are responsible for complying with this and all different Globe internet LTD policies
defining computer or wireless network system security features and measures.
Subscribers are also accountable for bringing up all acknowledged records for the future protection
plans, that there felt with possibility on identified vulnerabilities over non-technically customers in

11. P a g e 11 | 13
additionally report against to Information violations subjected with unethical parties’ activity into the
ICT Operation department of the Globe Internet LTD.
2.3.2 Scope
All employees, contractors, experts, temporary and different people at Globe internet LTD, which
include all employees affiliated with third parties that preserve the Wi-Fi infrastructure devices on
behalf of Globe net LTD ought to strongly adhere into the security policy which is defined. This
Network security enhanced policy strongly subjected and applies over the all wireless infrastructure
servers, network devices that are connect to the Globe Internet LTD wireless network or reside on
the Globe internet LTD Wi-Fi department that offer Wi-Fi connectivity to endpoint devices which
include, however not confined to, Firewall, Database, wireless network devices, and Servers. This
consists of any form of Wi-Fi and wireless communication devices are capable of transmitting packet
information.
2.3.3. General Requirements of the Policy
All of them are the wireless infrastructure network and server devices that reside at the Globe
Internet LTD site, which is connected to a Globe Internet LTD ICT Infrastructure network and also
provide access path into information classified as Globe Internet LTD Confidential, or above must:
• Agreed by the standards specified in the Wi-Fi Communication Standard.
• Agreed by the standards specified in the Database Security Mechanism Standard.
• Agreed by the standards specified in the Firewall Security Standard.
• Agreed by the standards specified in the Application Security Mechanism Standard.
• Agreed by the standards specified in the Access control Mechanism of server
Infrastructure.
• Be installed, supported, and maintained by an approved support team.
• Use Globe Internet LTD approved the grant, revoke and access deny Standard.
• Use Globe Internet LTD approved secured authentication protocols and infrastructure.
• Use Globe Internet LTD approved Disaster Recovery Standard for the ICT infrastructure.
• Use Globe Internet LTD approved Backups Procedures Standard for Network
Infrastructure.
• Use Globe Internet LTD approved encryption protocols.
• Be installed Globe Internet approved security updates of the Server Infrastructure.
• Maintain a Physical MAC address that possible to registered and tracked.
• Prohibited to interfere with Wi-Fi access connectivity deployments that maintained by the
other Support Providers.
2.3.4. Laboratory Wireless Device Requirements
All of them are the laboratory Wireless Network devices which are provide access to Globe Internet
LTD Confidential or above, must adhere to section 3.3.5 above. laboratory as the isolated wireless
Network devices, that do not interconnect into the corporate network connectivity of the Globe
Internet LTD network must:
• Be strictly isolated from the Globe Internet LTD corporate network and comply with the
laboratory Security Policy.
• Avoid interfering with Wi-Fi access connectivity deployments which are maintained by other
competitors’ act as organizations.
2.3.5 Residence Wi-Fi Device Security Requirements
• Wireless infrastructure Network devices which are interconnecting to provide Wi-Fi network
access with the Globe Internet LTD corporate network, must sufficiently agreement inform
regarding on the residential Wi-Fi devices requirements as detailed in the Wireless
Communication General standard which has defined.

12. P a g e 12 | 13
• Network devices that fail to comply with subscribers Wi-Fi device requirements which are
installed in a manner that strictly prohibits direct data access of the Globe Internet LTD
corporate network. access to the Globe Internet LTD, corporate network through this device
definitely use community-recommended and standard remote access secured
authentication.
2.3.6 Wi-Fi Security Policy Compliance
• Compliance Measurement
The Globe internet LTD team will confirm compliance to this policy thru diverse strategies, consisting
of however not confined to, periodic stroll-thru, video monitoring, commercial enterprise device
reviews, inner and external audits, and remarks to the coverage proprietor of policy.
• General Exceptions
Any exception to the coverage of policy needs to be accredited through the Globe Internet LTD
team in advance.
• Non-Compliance for the Subscribers.
An employee determined to have violated this policy definitely subject to the situation to disciplinary
action and which includes termination of employment.

13. P a g e 13 | 13
REFERENCES
(1) FonCSI Foundation. The vulnerability of Organizations. Technologies and Organizational
Attributes. Weblog. Available from: https://www.foncsi.org/en/research/research-themes/impact-
of-technological-human-and-organizational-vulnerabilities [Accessed 06th Mar 2017].
(2) Brian Martin. Technology in Society. Technological vulnerability. 1996;12(4): 511-523.
Available from:http://www.bmartin.cc/pubs/96tis.pdf [Accessed 06th Mar 2017]
(3) Saranyadevi R, Shobana M, .Prabhakar D. A International Journal of Computer Applications. A
Survey on Preventing Jamming Attacks in Wireless Communication. 2012;57(23): 01-03.
Available from:
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.417.4679&rep=rep1&type=pdf
[Accessed 07th Mar 2017]
(4) Wavion LTD. WBS-2400 Base Station Datasheet. Specifications WBS-2400. Weblog.
Available from: http://winncom.ru/wp/wp-content/uploads/Wavion-WBS-2400-Datasheet_NEW.pdf
[Accessed 07th Mar 2017].
(5) Sander Temme. Hardening Enterprise Apache Installations Against Attacks. ApacheCon
session Hardening. Weblog. Available from:
http://people.apache.org/~sctemme/ApconUS2008/hardening.pdf
[Accessed 07th Mar 2017].
(6) OWASP Foundation. SQL Injection Prevention Cheat Sheet. Techniques for preventing SQL
Injection vulnerabilities. Weblog. Available from:
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
[Accessed 08th Mar 2017].
(7) The government of Canada. A Guide to Business Continuity Planning. Business continuity
plan enables critical services. Weblog. Available from:https://www.dufferincounty.ca/files/content-
pdf/bcp.pdf
[Accessed 09th Mar 2017].
(8) Princeton University. Information Security Policy. Security framework. Weblog. Available from:
https://www.princeton.edu/oit/it-policies/it-security-
olicy/Documents/Information_Security_Policy.pdf
[Accessed 10th Mar 2017].