S 4.297 Secure operation of WLAN components

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

WLANs are attractive targets for attackers and therefore must be configured very carefully in order to ensure secure operation. All WLAN components must be configured in such a way that they are protected against attacks to the best extent possible. If WLAN components are not configured correspondingly, they must not be enabled and/or connected to the productive environment.

WLAN components requiring protection include the access points, the distribution system, the WLAN clients, the operating systems the WLAN components are operated on, and the protocols used, amongst other things. The following aspects must be taken into consideration in particular:

• Persons in charge of the administration of each of the various WLAN components must be appointed.
• After installation and initial operation of WLAN components, all necessary security mechanisms must be activated.
• The WLAN components may only be administrated using a secure connection, i.e. administration should be performed directly on the console after executing a strong authentication procedure (for access from the LAN) or using an encrypted connection (for access from the internet).
• The rule "everything not expressly permitted is prohibited" must be implemented. For example, users not entered in an access list must not be permitted to access the WLAN. Access rights for directories and files should be assigned as restrictively as possible.
• It must be ensured that the software used is always up-to-date and that any security-relevant patches are installed immediately.
• Configuration changes should be logged by the system so that manipulations can be detected quickly. The logged data itself must be secured in such a way that it is impossible to manipulate it.
• All security-relevant events must be logged. These events include, for example, attempts to gain unauthorised access as well as data on the network load and any network overloads. The logged data recorded must be evaluated regularly. The amount of information logged must be coordinated with the personnel representative and the Data Protection Officer.
• The WLAN components must be integrated into the data backup policy. When restoring backed up databases, it must be ensured that the files relevant for the secure operation of the WLAN such as access lists, password files, and filter rule files are up to date.

If possible, a standard configuration should be developed for the WLAN components used reflecting the specifications in the WLAN security policy. This makes it easier to provide support for numerous devices and change the configurations. At the same time, deviations from the intended configuration can be identified faster.

It makes sense to use a WLAN management solution ensuring efficient configuration of the access points. Access points and the active components of the distribution system should still remain integrated into the network management system and monitoring must also still be possible. After all, it should still be possible to check the availability of the authentication server through the management system. It may be necessary to expand a network management system already in use by adding a WLAN management module.

Connections of external access points or manipulations to the switches of the distribution system should be detected by the WLAN management system. The affected network port of the distribution switch should be blocked immediately in such cases.

Likewise, the configurations of the access points and of the distribution system should be checked regularly. To check the configuration, the system configuration currently in use must be compared to a documented and validated configuration. If any unconfirmed changes are found, the systems must be examined and possibly even switched off and checked for evidence of an attack.

For the secure operation of WLAN components, both the basic configuration specified on the basis of the WLAN security policy as well as all changes made must be documented carefully so that they can be restored at any time. In addition to the documentation of the security configuration, documentation of the firmware versions of the access points and documentation of location-specific configurations must also be available.

Review questions:

• Are the WLAN components only administrated using trustworthy paths?
• Have the accesses to the WLAN components been restricted to the required extent?
• Have the WLAN components been integrated into the data backup policy?
• Has it been ensured that the most recently backed up version is used to restore backed up databases?
• Is the management system used to check the availability of the authentication server?
• Does the WLAN management system detect the connection of third party access points or manipulations to the switches of the distribution system?