Guidelines for securing IEEE 802.11i wireless networks

* NIST document provides a guide to IEEE 802.11i

A useful free document, one not requiring registration and having 162 pages, is "Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i," which is Special Publication 800-97 from the National Institute of Standards and Technology.

HP makes an interesting point in a recent white paper entitled “Why Your Firewall, VPN, and IEEE 802.11i Aren’t Enough to Protect Your Network.” The authors write:

"The prevailing model of enterprise network security is rooted in the axiom that being 'physically inside is safe and outside is unsafe.' Connecting to a network point within the enterprise is generally considered safe and is subject to weaker security controls. On the other hand, tight security controls are enforced at the network traffic entry and exit points using firewalls and VPNs. A WLAN breaks the barrier provided by the building perimeter as the physical security envelope for a wired network because invisible radio signals used by the WLAN cannot be confined within the physical perimeter of a building, and usually cut through walls and windows. This creates a backdoor for unauthorized devices to connect to the enterprise network."

The four-page white paper sponsored by HP ProCurve Networking goes on to list a series of attack methodologies and appropriate defenses.

Another useful free document, this one not requiring registration and having 162 pages, is “Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i”, which is Special Publication (SP) 800-97 from the National Institute of Standards and Technology (NIST). The guide’s first author is Sheila Frankel, who wrote the 2001 text "Demystifying the IPsec Puzzle"; her coauthors were Bernard Eydt, Les Owens, and Karen Scarfone.

After establishing the basics and evolution of IEEE 802.11 standards and certifications in Chapter 2, the authors turn to wireless security in Chapter 3. Chapters 4, 5, 6 and 7 delve into technical details of security protocols and certifications.

Chapter 8, “WLAN Security Best Practices,” offers 19 pages of practical advice on setting up and implementing a security project for securing wireless LANs. The recommendations are presented in tables that explain each of the suggestions and classify them as best practices or as items to consider. The tables can be used as checklists.

Chapter 9 presents case studies, which are described as follows (quoting):

• Case Study 1: First Time WLAN Deployment. This case study presents the scenario of an organization that planned to deploy a WLAN for the first time. With no existing WLAN infrastructure to replace or update, the organization methodically applied the best practices introduced in this guide.

• Case Study 2: Transitioning an Existing WLAN Infrastructure to RSN [Robust Security Network] Technology. This case study discusses an organization that had implemented WLAN technology already but later wanted to migrate to a RSN framework. Having just experienced a major WLAN security breach, the organization felt that it must act quickly. To meet its needs, the organization developed and implemented first an interim WLAN solution, and then a long-term one.

• Case Study 3: Supporting Users Who Are Not Employees. This case study presents the scenario of an organization that planned a future WLAN deployment, whose WLAN user population will consist of many people who are not employees, or perhaps may not have any prior relationship with the organization. It created a security architecture that allows for access from a very diverse set of users. Supporting these users might not require an IEEE 802.11 RSN.

Chapter 10 summarizes the concepts and recommendations; Chapter 11 discusses future directions, with a discussion of new standards such as IEEE 802.11r and IEEE 802.11w

Insider Tip: 12 easy ways to tune your Wi-Fi network
Join the discussion
Be the first to comment on this article. Our Commenting Policies