S 2.390 Taking WLAN components out of operation

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

When WLAN components are to be taken out of operation, all sensitive information must be deleted. In particular, the authentication information used to access the WLAN and other accessible resources stored in the security infrastructure and other systems must be deleted and/or declared invalid. This means that cryptographic keys must be securely deleted and certificates for digital signatures must be blocked, for example.

Taking WLAN clients out of operation

A variety of devices are used as WLAN clients. These devices include, amongst others:

• laptops
• PDAs, smart phones, and similar devices with WLAN support
• WLAN-enabled telephones, printers, and cameras

The WLAN functionality is typically one of a number of various other functions on these terminal devices. When taking these terminal devices out of operation, such devices must therefore be examined to determine if they contain WLAN information critical to security that needs to be deleted, transferred, and/or archived, e.g.:

• information on the users of the terminal device
• certificates and the corresponding private keys (for users or devices)
• passwords for WLAN access
• keys for authentication methods such as WPA-PSK keys, for example
• PIM data, i.e. contact information, deadlines, etc.

Suitable methods must be used to destroy, delete, or reuse this data depending on the device and the storage method. For certificates, for example, an entry must be made in the corresponding CRL to revoke the certificate.

If a WLAN client is stolen, at least all information mentioned above must be taken into account and it must be ensured that the information cannot be used any more to access the WLANs of the affected organisation.

Taking access points out of operation

The same applies when taking access points out of operation as when taking WLAN clients out of operation. The following security-relevant information must be deleted, transferred, and/or archived at least (when applicable):

• pre-shared keys (PSK) for WPA and/or WPA2
• RADIUS keys (RADIUS shared secrets)
• IPSec keys (PSKs or private keys for certificates)
• user data (especially if WLAN user administration is integrated)
• configuration information such as IP addresses and the names of RADIUS servers, the name of the access point itself, its IP address, and its SSID

Suitable methods must be used to destroy, delete, or reuse this data depending on the device and the storage method. The corresponding method must be selected and tested in time.

Access points often contain additional data (for example configuration data) stored in non-volatile memories or have information written on them from the outside (for example the name of the computer, SSID, IP address, and other technical information). This information should be removed if possible before handing over the device, since an attacker may also be able to obtain data from such information which could be used for possible attacks.

It is recommended to create a checklist based on the recommendations provided above which can be used when withdrawing a system from operation so that no steps are forgotten or skipped.

Review questions:

• Are there specifications for taking WLAN components out of operation?
• Has it been ensured that all sensitive data (e.g. certificates, passwords, user accounts, labels, etc.) are deleted reliably from the WLAN components?