S 4.6 WLAN

Description

Wireless LANs (WLANs) offer the ability to build a new wireless local network or expand an existing wire-bound network at low cost and with minimal effort. WLAN in this case refers to wireless networks based on the group of standards referred to as IEEE 802.11, specified by the Institute of Electrical and Electronics Engineers (IEEE).

Due to their simple installation, WLANs are also used to install temporary networks, for example networks at trade fairs or small events. Furthermore, it is also possible to offer network access in public spaces such as airports or train stations through hotspots. This enables the mobile users to connect to the Internet or to their company network. Communication generally takes place between a central point of access, the access point, and the WLAN component of the mobile terminal device (i.e. using a WLAN USB stick or a corresponding WLAN network card).

Most of the WLAN components currently available on the market are based on the 802.11g amendment passed in 2003 by the IEEE which defines a transmission rate of up to 54 Mbit/s. Furthermore, some systems only support the IEEE 802.11b amendment launched in 1999 and with which only rates up to 11 Mbit/s can be achieved Both extensions operate in the unlicensed 2.4GHz frequency band.

The security mechanisms are defined in the IEEE 802.11 standard and in the IEEE 802.11i amendment. In the original 802.11 standard, Wired Equivalent Privacy (WEP) is defined as the security mechanism, but WEP cannot be considered adequately secure any more due to several vulnerabilities. For this reason, the WiFi Alliance, an alliance of manufacturers, developed the Wi-Fi Protected Access (WPA) security mechanism. WPA introduced dynamic key management using TKIP in addition to extending the static key, referred to as pre-shared keys. These mechanisms were integrated for the most part in the official IEEE 802.11i amendment released in 2004, although 802.11i, like WPA2, uses the Advanced Encryption Standard (AES) for encryption instead of RC4 as in WEP and WPA. Furthermore, the Counter Mode with CBC-MAC Protocol (CCMP) is defined in IEEE 802.11i as the implementation method for AES for the purposes of encryption and integrity checking. The use of this method is acceptable over the long term, but requires new hardware, in contrast to the TKIP version. The 802.11i amendment defines the Extensible Authentication Protocol (EAP) according to the IEEE 802.1X standard as the authentication method. Additional technical information on the secure use of WLANs can be found in the Secure WLAN technical guideline from the BSI.

This module illustrates a systematic method for drawing up a concept for WLAN usage in an organisation and how its implementation and integration can be ensured.

Threat scenario

The following typical threats to the IT-Grundschutz of WLAN usage are assumed to exist:

Force Majeure

T 1.17

Failure or malfunction of a wireless network

Organisational Shortcomings

T 2.1	Lack of, or insufficient, rules
T 2.2	Insufficient knowledge of rules and procedures
T 2.4	Insufficient monitoring of security safeguards
T 2.117	Lack of, or inadequate, planning of the use of WLAN
T 2.118	Inadequate regulations for the use of WLAN
T 2.119	Inappropriate selection of WLAN authentication methods
T 2.120	Inappropriate siting of security-related IT systems
T 2.121	Inadequate monitoring of WLANs

Human Error

T 3.3	Non-compliance with IT security measures
T 3.9	Improper IT system administration
T 3.38	Errors in configuration and operation
T 3.43	Inappropriate handling of passwords
T 3.84	Incorrect configuration of the WLAN infrastructure

Technical Failure

T 4.60	Uncontrolled radio wave propagation
T 4.61	Unreliable or missing WLAN security mechanisms

Deliberate Acts

T 5.71	Loss of confidentiality of classified information
T 5.137	Analysis of connection data relating to wireless communication
T 5.138	Attacks on WLAN components
T 5.139	Tapping of WLAN communication

Method recommendation

To secure the information system examined, other modules will need to be implemented in addition to this module. These modules are selected based on the results of the IT-Grundschutz modelling process.

A series of security safeguards must be implemented when using WLAN, starting in the conception phase and continuing through the purchasing phase to the operation phase. The steps to take to accomplish this as well as the safeguards to consider in each of the steps are listed in the following.

Planning and design

Securing a WLAN already begins in the planning phase. A foundation for a secure WLAN can only be created through a well thought out strategy (see S 2.381 Determining a strategy for the use of WLAN) and the selection of the correct WLAN standards, and therefore of the corresponding cryptographic procedures (see S 2.383 Selection of a suitable WLAN standard and S 2.384 Selection of suitable crypto-methods for WLAN). Safeguard S 3.58 Introduction to WLAN basics will help you familiarise yourself with the terminology used when describing how to secure a WLAN.

All decisions made relating to security settings, the WLAN standards selected, as well as the rules for the use and administration of the WLAN are to be written down in a WLAN security policy (see S 2.382 Drawing up a security policy for the use of WLAN).

Purchasing

When selecting the WLAN components, safeguard S 2.385 Selection of suitable WLAN components must be applied. The standards, protocols, and security mechanisms used in WLANs are subject to rapid development. This is why WLANs are often being migrated.

Safeguard S 2.386 Careful planning of necessary WLAN migration steps must be taken into account for the migration phases of individual WLAN components or entire sections of the WLAN..

Implementation

Once all components have been purchased and it is time to set up the WLAN, the locations where the access points will be installed (see S 1.63 Adequate siting of access points) or how the WLAN will connect to any cable-bound infrastructure already existing (see S 5.139 Secure WLAN-LAN connection) become important. However, configuration of the various WLAN components such as the access points (see S 4.294 Secure configuration of access points) or WLAN clients (see S 4.295 Secure configuration of WLAN clients) during installation must always be performed according to the security policy and the specified strategy.

In all cases, the users and administrators of the WLAN must receive adequate training to minimise the number of security incidents and to point out and sensitise them to the possible threats of improper WLAN usage (see S 3.59 Training on the secure use of WLAN).

If the WLAN will be installed, configured, or supported by an external service provider, safeguard S 2.387 Installation, configuration, and support service for a WLAN by third party must be applied in all cases.

Operation

When the WLAN has been put into operation and all WLAN users have received adequate training, audits must be performed regularly (see S 4.298 Regular audits of WLAN components) to ensure that all security settings made are still useful and regular security checks must also be performed (see S 5.141 Regular security checks of WLANs) to ensure these settings are also having the desired affect. Furthermore, the secure operation of all WLAN components must be guaranteed (see S 4.297 Secure operation of WLAN components).

It is essential to use key management to handle the cryptographic keys used in the WLAN to secure communications (see S 2.388 Appropriate key management for WLAN). A WLAN management solution may simplify the administration of the keys and allow the WLAN to be administrated centrally (see S 4.296 Use of a suitable management solution for WLAN).

Disposal

When WLAN components are taken out of operation, the corresponding configuration settings such as the network name or SSID must be reset back to their default values and any access information or information stored on the WLAN component to secure the network traffic on the WLAN must be deleted (see S 2.390 Taking WLAN components out of operation).

Contingency Planning

If attacks on a WLAN are detected, both the users as well as the administrators of the WLAN must know how to respond in such situations (see S 6.102 Procedures in the event of WLAN security incidents). This results in the need for a business continuity plan containing the necessary steps to take and a list of which persons to inform when a security incident occurs. Furthermore, it may be necessary to set up a redundant WLAN to provide a fast replacement for important communication links. When a redundant WLAN is used, it must always be ensured that the redundant WLAN meets the same security requirements as the normal WLAN. For this reason, all safeguards in this module must also be applied to the redundant WLAN, since it must be viewed as a separate WLAN. General information on redundant communication links can be found in safeguard S 6.75 Redundant communication links.

So as a WLAN can be used securely, the clients linked to it must be configured securely and maintained and administrated regularly. Suitable security recommendations for clients are described in the corresponding modules of the IT-Grundschutz Catalogues.

In the following, the bundle of security measures for WLAN usage are presented.