Chapter 12: WISDOM for WLAN Practitioners


We have identified the 802.11 WLAN as the most vulnerable and critical node in wireless converged network security. WLANs can easily be reconfig-ured, are very mobile, allow for potentially continuous exposure, and require the level of security (a.k.a., a security profile) to be scrutinized even more than is required for wired networks. This includes inherent security flaws known to exist in 802.11 architecture that result in additional risks to otherwise secure converged wired networks. An even worse scenario to consider is one where an insecure WLAN is connected to a weakly secured or insecure wired network and the wireless subnet is not separated from the wired subnet. There is a significant need for a comprehensive network security methodology that integrates wired and wireless technologies and addresses their characteristics and security requirements.

This chapter presents a model developed by James Ransome during his doctoral research that is known as the Wireless Integrated Secure Data Options Model (WISDOM). WISDOM provides three tiered security options, with proper hardware, software, and security requirements delineated to secure a WLAN at a corresponding security level equivalent to the wired network with which it connects. We have combined additional work-sheets to supplement WISDOM and have presented them in this chapter as a baseline for your future use in WLAN security architecture design.

12.1 Risk Assessments Revisited

It is not useful to secure a WLAN if the data is not worth protecting. The two primary types of assets to protect on a WLAN are sensitive data and network services:

  1. Sensitive data. Sensitive can mean different things to different companies. It must be determined at all levels of an organization what data must be protected from both a legal and business viewpoint. The security practitioner must work with top-level management to ensure that the appropriate data is being protected and what degree of protection is required. Some of the types of data that need to be secured include intellectual property, trade secrets, identity information, credit card information, health information, and customer databases. It is possible that some data is so sensitive that a WLAN installation would present too high a security risk and should not be installed at all.

  2. Network services. An adversary may try to undermine the availability of a company's network, and such actions would cause damage to the company's productivity and affect sales. Network services such as the following are critical to most organizations: e-mail services, file servers, database services, directory services, Internet connectivity, Web-based applications, virus and intrusion detection services, and custom application services. Many types of services run on an organization's network at any given time, many of which could cause an unnecessary waste of time and resources or dire business consequences if taken offline.




Wireless Operational Security
Wireless Operational Security
ISBN: 1555583172
EAN: 2147483647
Year: 2004
Pages: 153

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net