S 4.296 Use of a suitable management solution for WLAN

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

In order to guarantee an ideal configuration from a security perspective on all WLAN components, these components must be administrated carefully. Since administration can be costly and complex in large WLANs, it makes sense to use WLAN system management tools in this case. It should also be possible to integrate these tools into any existing IT and network management tools, if possible.

In general, it is recommended to implement a management solution that enables online documentation in addition to the ability to monitor the WLAN. Depending on the features, the solution should also offer the following capabilities:

• documentation of the firmware versions of the access points
• documentation of the firmware versions and drivers of the WLAN adapters of the WLAN clients
• documentation of the security configurations
• documentation of location-specific configurations
• ability to administrate the history of configuration changes

In order to provide the administrators with an overview of all stationary and mobile systems and applications and to generate this overview as easily as possible, the system management solution should be able make an inventory of the mobile terminal devices and their applications automatically. Each terminal device should be integrated into the configuration and control process by the management software as soon as it logs in to the network. These functions are used according to the specifications in the instruction manual.

The management system should also provide alarm and error handling. The administrators should be able to perform the following tasks for this purpose:

• assessment and evaluation of alarms, e.g. to detect an unusually high number of failed attempts to obtain authentication on an access point
• assessment of statistics for troubleshooting
• triggering of safeguards when a security incident is suspected
• ability to change the threshold values triggering the alarms when the WLAN usage changes

A suitable network management protocol should be selected, for example SNMPv3 (see also S 2.144 Selection of a suitable network management protocol).

The logged data recorded should be evaluated regularly, but at least once per month. The amount of information logged must be coordinated with the personnel representative and the Data Protection Officer. The WLAN management software and the general network management solution should provide filtering capabilities to improve the protocol data evaluation capabilities.

Review questions:

• Does the WLAN management solution track the firmware versions of the WLAN components used (access points, WLAN clients, etc.)?
• Does the WLAN management solution document the configurations made and their changes additionally?
• Is there a rule regarding the incorporation of existing and new WLAN terminal devices in order to perform configuration and control processes?
• Does the management system provide for alerting and troubleshooting capabilities?
• Is the logged data evaluated regularly?
• Is the amount of information logged coordinated with the personnel representative and the Data Protection Officer?