News

NIST Issues Wireless LAN Security Recommendations

Wireless LANs lag on security compared with wired networks, the National Institute of Standards and Technology advises, in a new Guide.

"Unfortunately, WLANs are typically less secure than their wired counterparts for several reasons, including the ease of access to the WLAN and the weak security configurations often used for WLANs (to favor convenience over security)," NIST says in newly released guidelines for securing wireless networks.

Draft Special Publication 800-153, "Guidelines for Securing Wireless Local Area Networks" provides recommendations for improving the security configuration and monitoring of wireless networks and the devices connecting to them.

The document focuses on the most commonly used type of WLAN, based on the IEEE 802.11 family of Wi-Fi standards.

Wi-Fi security concerns are nothing new. In 2002, NIST famously pronounced that wireless access points are "the logical equivalent of an Ethernet port in the parking lot." The principal caveat offered by NIST then still applies: All the vulnerabilities found in conventional wired networks also can be found in wireless technologies, along with a host of others associated with radio communications and mobile clients.

Wi-Fi security has evolved since approval of the initial 802.11 standard in 1997. Wired Equivalent Privacy was added and then replaced when flaws were found. Eventually Wi-Fi Protected Access was adopted, and in 2004 WPA2 was introduced with interoperability with the 802.11i security standard. In 2009, the 802.11w-2009 standard was ratified, increasing security with additional encryption security features to help prevent denial-of-service attacks against WLANs.

SP 800-153 is part of a suite of NIST wireless security publications. It complements but does not replace SP 800-97, "Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i," released in 2007, or SP 800-48 revision 1, "A Guide to Security Legacy 802.11 Wireless Networks," revised in 2008. The new publication consolidates and strengthens recommendations made in the earlier documents and, while it does not replace them, it does take precedence when recommendations conflict.

SP 800-153 emphasizes the importance of having a standardized WLAN security configuration built into the wireless network from the beginning of the design phase and maintained throughout the life cycle, and the need for continuous security monitoring of the network, along with periodic assessments.

Comments on draft SP 800-153 should be sent by Oct. 28 to [email protected], with "Comments SP 800-153" in the subject line.

About the Author

William Jackson is the senior writer for Government Computer News (GCN.com).

Featured

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

comments powered by Disqus