NIST Issues Wireless LAN Security Recommendations -- Redmondmag.com

NIST Issues Wireless LAN Security Recommendations

By William Jackson
09/29/2011

Wireless LANs lag on security compared with wired networks, the National Institute of Standards and Technology advises, in a new Guide.

"Unfortunately, WLANs are typically less secure than their wired counterparts for several reasons, including the ease of access to the WLAN and the weak security configurations often used for WLANs (to favor convenience over security)," NIST says in newly released guidelines for securing wireless networks.

Draft Special Publication 800-153, "Guidelines for Securing Wireless Local Area Networks" provides recommendations for improving the security configuration and monitoring of wireless networks and the devices connecting to them.

The document focuses on the most commonly used type of WLAN, based on the IEEE 802.11 family of Wi-Fi standards.

Wi-Fi security concerns are nothing new. In 2002, NIST famously pronounced that wireless access points are "the logical equivalent of an Ethernet port in the parking lot." The principal caveat offered by NIST then still applies: All the vulnerabilities found in conventional wired networks also can be found in wireless technologies, along with a host of others associated with radio communications and mobile clients.

Wi-Fi security has evolved since approval of the initial 802.11 standard in 1997. Wired Equivalent Privacy was added and then replaced when flaws were found. Eventually Wi-Fi Protected Access was adopted, and in 2004 WPA2 was introduced with interoperability with the 802.11i security standard. In 2009, the 802.11w-2009 standard was ratified, increasing security with additional encryption security features to help prevent denial-of-service attacks against WLANs.

SP 800-153 is part of a suite of NIST wireless security publications. It complements but does not replace SP 800-97, "Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i," released in 2007, or SP 800-48 revision 1, "A Guide to Security Legacy 802.11 Wireless Networks," revised in 2008. The new publication consolidates and strengthens recommendations made in the earlier documents and, while it does not replace them, it does take precedence when recommendations conflict.

SP 800-153 emphasizes the importance of having a standardized WLAN security configuration built into the wireless network from the beginning of the design phase and maintained throughout the life cycle, and the need for continuous security monitoring of the network, along with periodic assessments.

Comments on draft SP 800-153 should be sent by Oct. 28 to [email protected], with "Comments SP 800-153" in the subject line.

About the Author

William Jackson is the senior writer for Government Computer News (GCN.com).

Featured

What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.