Monday, March 19, 2012

NIST Issues Security Guidance on Wireless Local Area Networks

6 Tips to Secure WLANs

Wireless Local Area Networks often have weaker configurations and authentication processes that make them vulnerable for attackers to penetrate and gain access to sensitive information, according to the National Institute of Standards and Technology. New guidance from NIST is aimed at helping organizations meet security challenges.

NIST has released Special Publication 800-153, Guidelines for Securing Local Area Networks, that provides step-by-step recommendations from initiation to maintenance to disposal on securing WLANs. WLANs are wireless network devices within a limited geographic area, such as an office building, that exchange data through radio communications.
"Employees can use mobile devices, including laptops and smart phones, connected to the WLAN to perform tasks that could be done on desktops, but with the freedom to work anywhere in the covered area," NIST says in announcing the guidance.
While WLANs can improve productivity, they can add an additional security challenge. WLANs often have weaker configurations and authentication processes that make them vulnerable for attackers to penetrate and gain access to sensitive information.

NIST says WLAN security depends upon how well all of its components, including client devices and wireless switches, are secured. The new guide provides recommendations to improve security on such topics as standardizing WLAN security configurations, including configuration design, implementation, evaluation and maintenance.

The guide also furnishes guidelines concerning the selection of monitoring tools and the frequency of security monitoring. According to the guidance, organizations should:
  1. Have standardized security configurations for common WLAN components, such as client devices and access points.

  2. Consider the security not only of the WLAN itself, but also how it may affect the security of other networks when planning WLAN security.

  3. Have policies that clearly state which forms of dual connections are permitted or prohibited for WLAN client devices, and enforce these policies through the appropriate security controls.

  4. Ensure that the organization's WLAN client devices and APs have configurations at all times that are compliant with the organization's WLAN policies.

  5. Perform both attack monitoring and vulnerability monitoring to support WLAN security.

  6. Conduct regular periodic technical security assessments for the organization's WLANs.
SP 800-153 supplements other NIST publications on WLAN security and points readers to other NIST publications on system planning, development and security activities. NIST said recommendations included in SP 800-153 are applicable to the protection of unclassified wireless networks and of unclassified facilities that are within range of unclassified wireless networks.

No comments: