WLAN Security Management Considerations

Managing and maintaining a secure wireless network (and associated devices) requires significant effort, resources, and vigilance and involves the following steps: (1) maintaining a full understanding of the topology of the wireless network, (2) labeling and keeping inventories of the fielded wireless and handheld devices, (3) creating frequent backups of data, (4) performing periodic security testing and assessment of the wireless network, (5) performing ongoing, randomly timed security audits to monitor and track wireless and handheld devices, (6) applying patches and security enhancements, (7) monitoring the wireless industry for changes to standards to enhance security features and for the release of new products, and (8) regular monitoring of wireless technology for new threats and vulnerabilities. To support the security of wireless technology, the following security practices (with some illustrative examples) should be implemented:

Organizationwide information system security policy that addresses the use of 802.11, Bluetooth, and other wireless technologies
Configuration/change control and management to ensure that equipment (such as access points) has the latest, as appropriate, software release to include security feature enhancements and patches to discovered vulnerabilities
Standardized configurations to reflect the security policy, to ensure change of default values, and to ensure consistency of operation
Security awareness and training to promulgate a raised consciousness about the threats and vulnerabilities inherent in use of wireless technologies (including the fact that robust cryptography is essential to protect the "radio" channel and that simple theft of equipment is a major concern)
Physical controls, which are especially important in a wireless environment

Practitioners must enable, use, and routinely test the inherent security features (authentication and encryption) that exist in wireless technologies. In addition, firewalls and other protection mechanisms, as appropriate, should be employed.

Management countermeasures for securing wireless networks begin with a comprehensive security policy. A security policy, and compliance there with, is the foundation on which other countermeasures—both operational and technical—are rationalized and implemented. A WLAN security policy should be able to do the following:

Identify who may use WLAN technology in an organization

Identify whether Internet access is required

Describe who can install access points and other wireless equipment

Provide limitations on the location of and physical security for access points

Describe the type of information that may be sent over wireless links

Describe conditions under which wireless devices are allowed

Define standard security settings for access points

Describe limitations on how the wireless device may be used, such as location

Describe the hardware and software configuration of any access device

Provide guidelines on reporting losses of wireless devices and security incidents

Provide guidelines on the use of encryption and other security software

Define the frequency and scope of security assessments

Ensure that all critical personnel are properly trained on the use of wireless technology (Network administrators need to be fully aware of the security risks that WLANs and devices pose. They must work to ensure security policy compliance and know what steps to take in the event of an attack. The most important countermeasures are trained and aware users.)

Put an organizational security policy in place that addresses wireless technology usage, including 802.11, and enforce it on the network

Ensure that external boundary protection is in place around the perimeter of the building or buildings of the organization

Ensure that physical access controls to the building and other secure areas (e.g., photo ID, card badge readers) that contain fixed wireless access devices that have access to sensitive data are in place

Install a properly configured firewall between the wired infrastructure and the wireless network (AP or hub to APs)

Ensure that the most recent security patches and upgrades are installed on the Network Interface Card (NIC) and AP support firmware

Ensure the placement of APs in secured areas to prevent unauthorized physical access and user manipulation

Enable the WEP privacy feature at an encryption key size of 40 bits or higher