Guidelines for Securing

Wireless Local Area Networks

(WLANs)

Recommendations of the National Institute of Standards and Technology

Murugiah Souppaya Karen Scarfone

Special Publication 800-153

NIST Special Publication 800-153

Guidelines for Securing Wireless Local Area Networks (WLANs) Recommendations of the National Institute of Standards and Technology

Murugiah Souppaya

Karen Scarfone

C O M P U T E R S E C U R I T Y

Computer Security Division

Information Technology Laboratory

National Institute of Standards and Technology

Gaithersburg, MD 20899-8930

February 2012

U.S. Department of Commerce

John Bryson, Secretary

National Institute of Standards and Technology

Patrick D. Gallagher,

Under Secretary for Standards and Technology

and Director

GUIDELINES FOR SECURING WIRELESS LOCAL AREA NETWORKS (WLANS)

iii

Reports on Computer Systems Technology

The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology

(NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s

measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of

concept implementations, and technical analysis to advance the development and productive use of

information technology. ITL’s responsibilities include the development of technical, physical,

administrative, and management standards and guidelines for the cost-effective security and privacy of

sensitive unclassified information in Federal computer systems. This Special Publication 800-series

reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative

activities with industry, government, and academic organizations.

Certain commercial entities, equipment, or materials may be identified in this

document in order to describe an experimental procedure or concept adequately.

Such identification is not intended to imply recommendation or endorsement by the

National Institute of Standards and Technology, nor is it intended to imply that the

entities, materials, or equipment are necessarily the best available for the purpose.

National Institute of Standards and Technology Special Publication 800-153

24 pages (Feb. 2012)

GUIDELINES FOR SECURING WIRELESS LOCAL AREA NETWORKS (WLANS)

iv

Acknowledgments

The authors, Murugiah Souppaya of the National Institute of Standards and Technology (NIST) and

Karen Scarfone of Scarfone Cybersecurity, wish to thank their colleagues who reviewed drafts of this

document and contributed to its technical content, particularly Sheila Frankel, Arnold Johnson, and Terry

Hahn of NIST, and representatives from the Department of Justice and the Office of the Director of

National Intelligence.

Trademark Information

All trademarks and registered trademarks belong to their respective organizations.

GUIDELINES FOR SECURING WIRELESS LOCAL AREA NETWORKS (WLANS)

v

Table of Contents

Executive Summary …………………………………………………………………………………………………..vi

1. Introduction ………………………………………………………………………………………………………. 1

1.1 Authority …………………………………………………………………………………………………….. 1 1.2 Purpose and Scope ……………………………………………………………………………………… 1 1.3 Audience ……………………………………………………………………………………………………. 1 1.4 Document Structure …………………………………………………………………………………….. 1

2. WLAN Security Configuration …………………………………………………………………………….. 3

2.1 Configuration Design ……………………………………………………………………………………. 4 2.1.1 Needs Gathering ………………………………………………………………………………. 4 2.1.2 WLAN Architecture ……………………………………………………………………………. 4

2.2 Configuration Implementation, Evaluation, and Maintenance ……………………………… 7

3. WLAN Security Monitoring …………………………………………………………………………………. 8

3.1 WLAN Security Monitoring Basics ………………………………………………………………….. 8 3.1.1 Attack Monitoring ……………………………………………………………………………… 9 3.1.2 Vulnerability Monitoring ……………………………………………………………………..10

3.2 Monitoring Tools ………………………………………………………………………………………… 10 3.3 Continuous Monitoring Recommendations …………………………………………………….. 11 3.4 Periodic Assessment Recommendations……………………………………………………….. 12

List of Appendices

Appendix A— Supporting NIST SP 800-53 Security Controls and Publications …………….13

Appendix B— Acronyms and Abbreviations ………………………………………………………………16

Appendix C— References …………………………………………………………………………………………17

List of Figures

Figure 1: Simplified View of WLAN Architecture ………………………………………………………………. 3

GUIDELINES FOR SECURING WIRELESS LOCAL AREA NETWORKS (WLANS)

vi

Executive Summary

A wireless local area network (WLAN) is a group of wireless networking devices within a limited

geographic area, such as an office building, that exchange data through radio communications. WLAN

technologies are based on the IEEE 802.11 standard and its amendments. 1 The fundamental components

of an IEEE 802.11 WLAN (hereafter referred to as a “WLAN” in this publication) are client devices, such

as laptops and smartphones, and access points (APs), which logically connect client devices with a

distribution system, typically the organization’s wired network infrastructure. Some WLANs also use

wireless switches, which act as intermediaries between APs and the distribution system.

The security of each WLAN is heavily dependent on how well each WLAN component—including client

devices, APs, and wireless switches—is secured throughout the WLAN lifecycle, from initial WLAN

design and deployment through ongoing maintenance and monitoring. Unfortunately, WLANs are

typically less secure than their wired counterparts for several reasons, including the ease of access to the

WLAN and the weak security configurations often used for WLANs (to favor convenience over security).

The purpose of this publication is to help organizations improve their WLAN security by providing

recommendations for WLAN security configuration and monitoring. This publication supplements other

NIST publications by consolidating and strengthening their key recommendations.

Organizations should implement the following guidelines to improve the security of their WLANs.

Have standardized security configurations for common WLAN components, such as client devices

and APs.

A standardized configuration provides a base level of security, reducing vulnerabilities and lessening the

impact of successful attacks. Standardized configurations can also significantly reduce the time and effort

needed to secure WLAN components and verify their security, particularly if the configuration can be

deployed and verified through automated means.

When planning WLAN security, consider the security not only of the WLAN itself, but also how it

may affect the security of other networks.

A WLAN is usually connected to an organization’s wired networks, and WLANs may also be connected

to each other. For WLANs that need wired network access, their client devices should be allowed access

only to the necessary hosts on the wired network using only the required protocols. Also, an organization

should have separate WLANs if there is more than one security profile for WLAN usage; for example, an

organization should have logically separated WLANs for external use (such as guests) and internal use.

Devices on one WLAN should not be able to connect to devices on a logically separated WLAN.

Have policies that clearly state which forms of dual connections are permitted or prohibited for

WLAN client devices, and enforce these policies through the appropriate security controls.

The term “dual connected” generally refers to a client device that is connected to both a wired network

and a WLAN at the same time. If an attacker gains unauthorized wireless access to a dual-connected

client device, the attacker could then use it to access or attack resources on the wired network.

Organizations should consider the risks posed not only by the traditional form of dual connectness, but

also by other forms involving multiple wireless networks. It is common today for client devices to be

connected to multiple wireless networks simultaneously, such as cell phone, WiMAX, Bluetooth, and

WLAN networks. Organizations should assess the risk of the possible combinations of network

1 See [GAO-11-43] for additional information on the history of the IEEE 802.11 standard for WLANs.

GUIDELINES FOR SECURING WIRELESS LOCAL AREA NETWORKS (WLANS)

vii

technologies for their WLAN client devices and determine how those risks should be mitigated. If one or

more of the networks cannot have its risk mitigated to an acceptable level, then dual connections

involving that network may pose too much risk to the organization and may need to be prohibited.

Ensure that the organization’s WLAN client devices and APs have configurations at all times that

are compliant with the organization’s WLAN policies.

After designing WLAN security configurations for client devices and APs, an organization should

determine how the configurations will be implemented, evaluate the effectiveness of the implementations,

deploy the implementations to the appropriate devices, and maintain the configurations and their

implementations throughout the devices’ lifecycles. Organizations should standardize, automate, and

centralize as much of their WLAN security configuration implementation and maintenance as practical.

This allows organizations to implement consistent WLAN security throughout the enterprise, to detect

and correct unauthorized changes to configurations, and to react quickly when newly identified

vulnerabilities or recent incidents indicate a need to change the WLAN’s security configuration.

Perform both attack monitoring and vulnerability monitoring to support WLAN security.

Security monitoring is important for all systems and networks, but it is generally even more important for

WLANs because of the increased risks that they face. Organizations should continuously monitor their

WLANs for both WLAN-specific and general (wired network) attacks. Organizations should do largely

the same vulnerability monitoring for WLAN components that they do for any other software: identifying

patches and applying them, and verifying security configuration settings and adjusting them as needed.

These actions should be performed at least as often for WLAN components as they are for the

organization’s equivalent wired systems.

Conduct regular periodic technical security assessments for the organization’s WLANs.

These assessments should be performed at least annually to evaluate the overall security of the WLAN. In

addition, organizations should perform periodic assessments at least quarterly unless continuous

monitoring of WLAN security is already collecting all of the necessary information about WLAN attacks

and vulnerabilities needed for assessment purposes.

GUIDELINES FOR SECURING WIRELESS LOCAL AREA NETWORKS (WLANS)

1

1. Introduction

1.1 Authority

The National Institute of Standards and Technology (NIST) developed this document in furtherance of its

statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002,

Public Law 107-347.

NIST is responsible for developing standards and guidelines, including minimum requirements, for

providing adequate information security for all agency operations and assets; but such standards and

guidelines shall not apply to national security systems. This guideline is consistent with the requirements

of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), “Securing Agency

Information Systems,” as analyzed in A-130, Appendix IV: Analysis of Key Sections. Supplemental

information is provided in A-130, Appendix III.

This guideline has been prepared for use by Federal agencies. It may be used by nongovernmental

organizations on a voluntary basis and is not subject to copyright, though attribution is desired.

Nothing in this document should be taken to contradict standards and guidelines made mandatory and

binding on Federal agencies by the Secretary of Commerce under statutory authority, nor should these

guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce,

Director of the OMB, or any other Federal official.

1.2 Purpose and Scope

The purpose of this publication is to provide organizations with recommendations for improving the

security configuration and monitoring of their IEEE 802.11 wireless local area networks (WLANs) and

their devices connecting to those networks. The scope of this publication is limited to unclassified

wireless networks and unclassified facilities within range of unclassified wireless networks.

This publication supplements other NIST publications by consolidating and strengthening their key

recommendations, and it points readers to the appropriate NIST publications for additional information

(see Appendix C for the full list of references and Appendix A for a list of major security controls

relevant for WLAN security). This publication does not eliminate the need to follow recommendations in

other NIST publications, such as [SP800-48] and [SP800-97]. If there is a conflict between

recommendations in this publication and another NIST wireless publication, the recommendation in this

publication takes precedence.

1.3 Audience

The primary audience for this publication is security professionals, network professionals, system

administrators, and others who are responsible for planning, implementing, maintaining, and monitoring

the security of their organization’s WLANs and the devices that connect to those WLANs.

1.4 Document Structure

The remainder of this document is composed of the following sections and appendices:

 Section 2 provides recommendations for WLAN security configuration, including configuration

design, implementation, evaluation, and maintenance.

GUIDELINES FOR SECURING WIRELESS LOCAL AREA NETWORKS (WLANS)

2

 Section 3 presents an overview of WLAN security monitoring and gives related

recommendations, including criteria for selecting monitoring tools and guidelines for determining

how often to perform monitoring.

 Appendix A lists the major controls from NIST Special Publication 800-53, Recommended

Security Controls for Federal Information Systems and Organizations that affect WLAN security.

 Appendix B provides a list of acronyms and abbreviations used in this document.

 Appendix C lists references for this document.

GUIDELINES FOR SECURING WIRELESS LOCAL AREA NETWORKS (WLANS)

3

2. WLAN Security Configuration

Wireless networking enables computing devices with wireless capabilities to use computing resources

without being physically connected to a network. The devices simply need to be within a certain distance

(known as the range) of the wireless network infrastructure. Wireless local area networks (WLANs) are

groups of wireless networking devices within a limited geographic area, such as an office building, that

are capable of exchanging data through radio communications. WLANs are usually implemented as

extensions to existing wired local area networks (LANs) to provide enhanced user mobility and network

access. WLAN technologies are based on the IEEE 802.11 standard and its amendments. Throughout the

rest of this publication, the generic term “WLAN” refers to an IEEE 802.11 WLAN.

The two fundamental types of WLAN components are client devices (such as laptops and smartphones)

and access points (APs), which logically connect client devices with a distribution system (DS), typically

the organization’s wired network infrastructure. The DS is the means by which client devices can

communicate with the organization’s wired LANs and external networks such as the Internet. Some

WLANs also use wireless switches, which act as intermediaries between APs and the DS. The purpose of

the switch is to assist administrators in managing the WLAN infrastructure. Figure 1 shows a simplified

view of WLAN components that includes a wireless switch. WLANs without wireless switches have a

similar architecture, except that the APs connect directly to the DS.

AP AP

AP

Wireless Switch

DS

Figure 1: Simplified View of WLAN Architecture

The security of each of the WLAN components—including client devices, APs, and wireless switches—is

heavily dependent on their WLAN security configuration. This section explains why having standardized

security configurations is important for WLAN components and provides recommendations for

designing, implementing, evaluating, and maintaining those configurations, particularly for client devices.

GUIDELINES FOR SECURING WIRELESS LOCAL AREA NETWORKS (WLANS)

4

As explained in Section 1.2, the recommendations presented in this section supplement those provided for

specific WLAN technologies by other NIST publications [SP800-48, SP800-97].

This section does not provide an exhaustive explanation of the entire security configuration lifecycle;

rather, it highlights a few topics of particular relevance to WLAN security. Section 2.1 discusses security

configuration design, while Section 2.2 focuses on security configuration implementation, evaluation, and

maintenance.

2.1 Configuration Design

Organizations should have standardized security configurations for their common WLAN components,

such as client devices and APs. A standardized configuration provides a base level of security, reducing

vulnerabilities and lessening the impact of successful attacks. Standardized configuration use improves

the consistency and predictability of security, in conjunction with user training and awareness activities

and other supporting security controls. Standardized configurations can also provide a large resource

savings by reducing the time needed to secure each WLAN device and to verify its configuration for

security assessments, audits, etc., particularly if the configuration can be deployed and verified through

automated means.

This section focuses on two noteworthy aspects of configuration design: gathering needs and designing

WLAN architectures.

2.1.1 Needs Gathering

Before designing a WLAN security architecture or WLAN component security configurations, an

organization should gather information on needs, particularly operational and security related ones. This

should include identifying relevant WLAN security requirements from applicable laws, policies,

regulations, etc. For Federal agencies, this often includes requirements from OMB, the Government

Accountability Office (GAO), the Department of Homeland Security (DHS), and other agencies. Another

part of needs gathering is identifying and reviewing recommended WLAN security practices from Federal

agencies (e.g., NIST Special Publications, DISA Security Technical Implementation Guides), WLAN

vendors, and other parties [NCP]. See Section 9 of [SP800-94] for examples of possible requirements to

include in needs gathering.

In addition to identifying these requirements and recommendations, organizations should also determine

what threats their WLAN security faces. Organizations should conduct risk assessments to identify the

threats against their WLANs and determine the effectiveness of existing security controls in counteracting

the threats; they then should perform risk mitigation to decide what additional measures (if any) should be

implemented, as discussed in [SP800-37]. Performing risk assessments and mitigation helps organizations

decide how their WLANs should be secured. See Section 3.1 for an overview of common WLAN threats.

2.1.2 WLAN Architecture

When planning WLAN security, configuration designers should consider the security not only of the

WLAN itself, but also how it may affect other networks that are accessible through it, such as internal

wired networks reachable from the WLAN. An important principle of WLAN security is to separate

WLANs with different security profiles. For example, there should be separate WLANs for external

(guest, etc.) and internal use. Devices on an organization’s external WLAN should not be able to connect

through that WLAN to devices on another of the organization’s WLANs. This helps to protect the

organization’s other networks and devices from external devices and users. Organizations often set up

external WLANs primarily to provide Internet access to visitors; such WLANs should be architected so

GUIDELINES FOR SECURING WIRELESS LOCAL AREA NETWORKS (WLANS)

5

that their traffic does not traverse the organization’s internal networks. For external WLANs that do need

internal network access, WLAN client devices should be allowed access only to the necessary hosts or

subnets using only the required protocols.

Another architectural issue mentioned in the WLAN reference architecture document and discussed in

more detail in [GAO-11-43] is dual connected client devices. The term “dual connected” generally refers

to a device that is connected to both a wired network and a WLAN at the same time. The primary concern

with dual connected configurations is that an attacker may be able to gain unauthorized wireless access to

the client device and then use it to attack resources on the wired network. Essentially this is allowing an

attacker to exploit a lower-security network in order to gain access to a higher-security network. One

possible scenario is an attacker tunneling traffic from the higher-security network to the lower-security

network through the client device instead of following the intended network architecture, and thus

avoiding network-based security controls intended for the higher-security network. Dual connected

configurations also generally violate the principle of disabling unneeded network services to reduce attack

surface; if the device is already connected to a wired network access, WLAN access is usually redundant.

Organizations should not only consider simultaneous wired network and WLAN use, but other forms of

dual connectedness involving their WLAN client devices. With the increasing variety and popularity of

wireless networking technologies, it is common today for devices to be connected to multiple wireless

networks simultaneously. For example, most smartphones can use cell phone networks, WLANs, and

Bluetooth networks simultaneously, while they are also connected to wired laptops/desktops (and

possibly their wired networks) through a cabled connection (e.g., USB). It is also increasingly common

for laptops to have multiple wireless interfaces, such as both WLAN and WiMAX interfaces, or to be

configured to accept removable media-based WLAN interfaces. A single laptop with multiple WLAN

interfaces could have simultaneous connections to multiple WLANs, such as an organization WLAN and

an external WLAN.

Organizations should assess the risk of the possible combinations of network technologies for their

WLAN client devices and determine how those risks should be mitigated. This does not mean that all

forms of dual connectedness should automatically be prohibited; examples of use cases that are often

permitted include a smartphone attaching to both a WLAN and a Bluetooth-networked earbud

simultaneously, and a laptop attaching to both a WLAN and a Bluetooth-networked keyboard and mouse

simultaneously. However, the security of such use cases is largely dependent on the security of all of the

netwo

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.