S 4.298 Regular audits of WLAN components

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

All components of the WLAN infrastructure must be checked regularly to ensure that all specified security safeguards have been implemented and these components are configured correctly. These components include, in addition to the access points, the components of the distribution system, the elements in the security infrastructure (including the authentication server), and the elements of the WLAN management system. Depending on the available scope of functions, the WLAN management system should not only administrate the current configurations of the access points, but also the configurations of the components of the distribution system, and should also provide administration of the history of previous configurations (see S 4.296 Use of a suitable management solution for WLAN). Likewise, central security systems such as the authentication server or the switching element on the transfer point between the distribution system and the LAN should be subjected to regular security checks.

Installations in areas accessible to the public in particular should be spot-checked for attempts to open the housings by force or any other attempted manipulation (especially on access points). An indicator of a compromised WLAN is, for example, the discovery of a hub connected between an access point and the distribution switch. Such components, which are used for diagnostic purposes, should only be accessible to authorised personnel and must be removed immediately after the required measurements have been taken.

Furthermore, the WLAN clients must be checked regularly. If there are a large number of clients, spot checks should be made at a minimum. First, the configuration of WLAN adapters and IEEE 802.1X supplicant (and/or the VPN client if one is used in the WLAN) must be checked. Depending on the system, the patch level of the operating system, the up-to-dateness of the drivers for the WLAN adapters of the clients, the basic rules for personal firewalls, the up-to-dateness of the virus protection software used, as well as the security settings of the applications used via the WLAN should also be checked.

If any irregularities or vulnerabilities are found, they must be documented, and it must also be documented how these are followed up.

Regular audits of the WLAN security policy should also be performed in addition to the regular audits of the individual WLAN components. In particular, the safeguards implemented to secure the WLAN should be checked to see if they correspond to the current state of the art and if the basic protection level specified is still valid.

In addition, it must regularly be examined whether all users have been informed of the necessary WLAN security safeguards and whether these are implemented..

Review questions:

• Is there a rule governing the administration of the history of the individual WLAM component configurations?
• Is there a rule governing the visual inspection of the publicly accessible WLAN components?
• Is the actual software version and the actual configuration checked with the help of regular audits of the WLAN clients?
• Is there a rule specifying the documentation and elimination of irregularities and vulnerabilities in the WLAN?
• Is the WLAN security policy evaluated regularly?
• Is there a rule specifying the continuous evaluation of the protection requirements of individual components and coupled networks of the WLAN infrastructure?
• Is there a rule specifying the continuous evaluation of the algorithms and procedures used for securing the WLAN in accordance with the state of the art?