Bluetooth Security Control Summary

Download Free Bluetooth Security Summary

1. Develop an agency security policy that addresses the use of wireless technology including Bluetooth technology.
A security policy is the foundation on which other countermeasures—the operational and technical ones—are rationalized and implemented. A documented security policy allows an organization to define acceptable implementations and uses for Bluetooth technology.

2. Ensure that users on the network are fully trained in computer security awareness and the risks associated with wireless technology (e.g., Bluetooth).
A security awareness program helps users to establish good security practices in the interest of preventing inadvertent or malicious intrusions into an organization’s automated information system.

3. Perform a risk assessment to understand the value of the assets in the agency that need protection.
Understanding the value of organizational assets and the level of protection required enables the engineering of a wireless solution that provides an appropriate level of security.

4. Perform comprehensive security assessments at regular intervals (including validating the secure configuration of Bluetooth technology) to fully understand the wireless network security posture.
Wireless products should support upgrade and patching of firmware to be able to take advantage of wireless security enhancements and fixes.

5. Make sure the wireless “network” is fully understood.
With piconets forming scatter-nets with possible connections to 802.11 networks and connections to both wired and wireless wide area networks, an agency must understand the overall connectivity. Note: a device may contain various wireless technologies and interfaces. A thorough understanding of the functionalities and configurations of the deployed wireless network technologies allows an organization to identify possible risks and vulnerabilities. These risks and vulnerabilities can then be addressed in the wireless security policy and enforced appropriately.

6. Ensure that external boundary protection is in place around the perimeter of the building or buildings of the agency.
To prevent malicious physical access to an organization’s information system infrastructure, the external boundaries should be secured through means such as a fence or locked doors.

7. Deploy physical access controls to the building and other secure areas (e.g., photo ID, card badge readers).
Identification badges or physical access cards should be deployed to ensure that only authorized personnel have physical access to a facility.