T 2.117 Lack of, or inadequate, planning of the use of WLAN

A WLAN must be carefully planned and installed so that any existing security gaps cannot adversely affect any IT system connected to the WLAN. When care is not taken, the result could even be the compromising of the government agency or company network connected to the inadequately secured WLAN. Security gaps can also result when the security mechanisms between the LAN and WLAN are not configured properly, for example due to inadequate planning when dividing the users into user groups.

A number of problems can arise from a lack of, or inadequate, planning of WLAN usage, for example the following:

• It may be possible for third parties to read sensitive data if no or only inadequate security safeguards are implemented in the WLAN.
• The performance of a wireless network could be reduced by other overlooked WLAN installations or wireless systems if the signals they emit extend into the usable range of the wireless network.
• If, when planning a WLAN, the blocking of the signals by the building itself or by absorbent construction materials (for example, steel cabinets, plumbing units, supply lines, steel-reinforced concrete constructions) are not taken into account, then this may also reduce the performance of the WLAN.
• Common-channel interference from a neighbouring wireless cell of the WLAN can also often cause interference in the WLAN. As a result of this, the signals from two users of neighbouring cells may interfere with each other, since their radio waves will become superimposed in the room and cause interference.
• The performance of a WLAN can be severely affected by dead zones. When inadequately planned, the transmission power of the WLAN transmitter is usually simply increased to prevent dead zones. This may mean that the WLAN emits signals into areas in which it is not needed and in which they can be intercepted under certain circumstances.
• One effect of poor planning may be, for example, inadequate transmission capacity, which may then limit or even prevent the use of high-bandwidth applications.

An additional threat is posed to the LAN when there is only one inadequately protected connection between the access points or distribution system and the cable-bound infrastructure. If there is no physical or logical protection at the level of the distribution system, then the entire broadcast domain in which an access point is located can be listened in on after compromising the protection of the wireless interface or security settings of the access point. The information obtained could then be used for an attack on the entire LAN.

Example:

If the filter rules are specified too loosely for the security gateway on the transfer point located between the distribution system and the LAN, then an attacker could tunnel into this transfer point using a man-in-the-middle attack by cleverly manipulating the communication data and therefore gain access to the internal LAN infrastructure. A prerequisite for this type of attack is that either the security mechanisms on the wireless interface are compromised or direct access to the distribution system is available. In addition, vulnerabilities at the operating system level can also be used for tunnelling purposes if the systems of the transfer point have not been adequately hardened.