12.4 WLAN Security Management Considerations


12.4 WLAN Security Management Considerations

Managing and maintaining a secure wireless network (and associated devices) requires significant effort, resources, and vigilance and involves the following steps: (1) maintaining a full understanding of the topology of the wireless network, (2) labeling and keeping inventories of the fielded wireless and handheld devices, (3) creating frequent backups of data, (4) performing periodic security testing and assessment of the wireless network, (5) performing ongoing, randomly timed security audits to monitor and track wireless and handheld devices, (6) applying patches and security enhancements, (7) monitoring the wireless industry for changes to standards to enhance security features and for the release of new products, and (8) regular monitoring of wireless technology for new threats and vulnerabilities. To support the security of wireless technology, the following security practices (with some illustrative examples) should be implemented:

  • Organizationwide information system security policy that addresses the use of 802.11, Bluetooth, and other wireless technologies

  • Configuration/change control and management to ensure that equipment (such as access points) has the latest, as appropriate, software release to include security feature enhancements and patches to discovered vulnerabilities

  • Standardized configurations to reflect the security policy, to ensure change of default values, and to ensure consistency of operation

  • Security awareness and training to promulgate a raised consciousness about the threats and vulnerabilities inherent in use of wireless technologies (including the fact that robust cryptography is essential to protect the "radio" channel and that simple theft of equipment is a major concern)

  • Physical controls, which are especially important in a wireless environment

Practitioners must enable, use, and routinely test the inherent security features (authentication and encryption) that exist in wireless technologies. In addition, firewalls and other protection mechanisms, as appropriate, should be employed.

Management countermeasures for securing wireless networks begin with a comprehensive security policy. A security policy, and compliance therewith, is the foundation on which other countermeasures ”both operational and technical ”are rationalized and implemented. A WLAN security policy should be able to do the following:

  • Identify who may use WLAN technology in an organization

  • Identify whether Internet access is required

  • Describe who can install access points and other wireless equipment

  • Provide limitations on the location of and physical security for access points

  • Describe the type of information that may be sent over wireless links

  • Describe conditions under which wireless devices are allowed

  • Define standard security settings for access points

  • Describe limitations on how the wireless device may be used, such as location

  • Describe the hardware and software configuration of any access device

  • Provide guidelines on reporting losses of wireless devices and security incidents

  • Provide guidelines on the use of encryption and other security software

  • Define the frequency and scope of security assessments

  • Ensure that all critical personnel are properly trained on the use of wireless technology (Network administrators need to be fully aware of the security risks that WLANs and devices pose. They must work to ensure security policy compliance and know what steps to take in the event of an attack. The most important countermeasures are trained and aware users.)

  • Put an organizational security policy in place that addresses wireless technology usage, including 802.11, and enforce it on the network

  • Ensure that external boundary protection is in place around the perimeter of the building or buildings of the organization

  • Ensure that physical access controls to the building and other secure areas (e.g., photo ID, card badge readers) that contain fixed wireless access devices that have access to sensitive data are in place

  • Install a properly configured firewall between the wired infrastructure and the wireless network (AP or hub to APs)

  • Ensure that the most recent security patches and upgrades are installed on the Network Interface Card (NIC) and AP support firmware

  • Ensure the placement of APs in secured areas to prevent unauthorized physical access and user manipulation

  • Enable the WEP privacy feature at an encryption key size of 40 bits or higher




Wireless Operational Security
Wireless Operational Security
ISBN: 1555583172
EAN: 2147483647
Year: 2004
Pages: 153

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net