T 2.118 Inadequate regulations for the use of WLAN

In general, no security mechanisms are enabled in the default settings of access points. When WLAN components which are insecure due to a lack of specifications are put into operation in a production environment, they pose a serious threat to the WLAN and the IT systems connected to them. This type of threat is comparable to the threat posed by an insecure Internet connection. When an employee connects an unauthorised or insecure access point to an internal network of an organisation due to a lack of rules regulating WLAN usage, the employee practically undermines all security measures implemented in the LAN used to protect against unauthorised external access from the Internet, for example the firewall.

Unclear responsibilities

If the responsibilities are not clearly stated, the result may be faulty configuration of WLAN components due to a lack of rules regulating the administration of the WLAN infrastructure, for example. When there are no specifications for configuration management, then it only takes one access point or one WLAN client not configured according to the specified default profile to compromise the entire network of the organisation.

When the various responsibilities are not coordinated adequately in an organisation or with external service providers, problems will always result in actual practice. In terms of the WLAN, threats are posed in particular when different groups are responsible for supporting the physical (passive) infrastructure, the active network technology, and the security systems; these groups are located far away from each other organisationally; and these groups are only coordinated by a correspondingly higher management level.

Problems can also arise when there are no uniform rules defined for documenting system changes, for example when exchanging WLAN components, changing configurations, or replacing the WLAN key information.

No rules regulating monitoring

If there are no specifications available for the monitoring of the WLAN infrastructure and the corresponding financial and personnel resources are not provided, then attacks on the WLAN may not be detected in time. This includes checking the following, for example:

If urgently needed updates of the virus protection software or security-related patches are not installed in time, then WLAN components may become compromised. WLAN components with direct access to the Internet or which are used in public WLANs are especially at risk. Depending on the type of malware, the next connection to the home WLAN could lead to the compromising of the entire WLAN infrastructure and beyond.

A lack of rules regulating reactions to security incidents in the WLAN

If no consideration is given to how to react in an emergency to security incidents when operating a WLAN, then it may take a long time until security problems are detected and eliminated. In the meantime, though, there may be data leaks or attacks by worms. Even when an attack is noticed, the appropriate countermeasures may not be implemented in time (within minutes) when there are no safeguard catalogues (which must be prepared accordingly), controlled procedures, or authorisations necessary for intervention available.

Example:

© Federal Office for Information Security. All rights reserved.