1.
What is a Wireless LAN?
A WLAN is generally deployed as an extension
to an existing wired network, in order to
allow clients to access network resources
or the Internet without having to be physically
connected to the network via a cable. Wireless
networks operate in two distinct modes, infrastructure
and ad-hoc. Infrastructure mode is defined
as a wireless network employing an access
point (AP) to transmit data between clients.
Ad-hoc mode does not use infrastructure devices
such as an AP, but instead allows clients
to directly connect to one another.
Back to the Top |
2.
What other names refer to a Wireless
LAN?
WLANs are often referred to by the standard
they were developed under by the Institute
of Electrical and Electronics Engineer (IEEE),
which include the following 802.11 wireless
network types - IEEE 802. 11 a/b/g/n. Wireless
networks are also commonly referred to as
WLAN, wireless fidelity (WiFi), wireless network,
or “Hot Spot”.
Back to the Top |
3.
How can wireless technology be
used to serve as a wireless bridge?
WLAN systems can bridge a communication link
between two or more networks, allowing the
exchange of network traffic wirelessly. Wireless
bridging is generally implemented as a direct
connection between two wired network segments
using APs or wireless bridges.
Back to the Top |
4.
How can I use my Blackberry?
Blackberries should only be used to transmit
appropriate unclassified data in an unclassified
environment according to a contract agreement
and user training.
Back to the Top |
5.
Do I need a waiver to use a Blackberry?
In order to use a Blackberry you must obtain
a waiver registered on the Connection Approval
Process website https://snap.dod.mil/.
Back to the Top |
6.
What are handheld devices?
Some examples of handheld devices are; PDAs,
converged devices (mobile phones with PDA
capabilities), PEDs, text messaging devices,
and 2-way pagers.
Back to the Top |
7.
What are the threats in using
handheld devices?
Handheld devices face similar security threats
as other networked devices, including man-in-the
middle attacks, denial of service (DoS), and
malicious code. In addition to the common
security threats, handheld and mobile devices
are subject to being lost, stolen, or tampered
with as they are generally more exposed to
environments outside an organization’s
physical confine.
Back
to the Top |
8.
What are risk mitigation tools?
Risk mitigation tools are hardware and software
applications implemented to prevent attacks
that may compromise a network or device. Examples
of these tools are: virus protection, strong
user identification, VPNs, PKI, biometrics,
strong encryption for storage and transmission,
mobile device compliance tools, and personal
firewalls. It is especially important to incorporate
these and other risk mitigation tools within
WLANs, because wireless networks are more
susceptible to attacks than wired networks.
Back to the Top |
9.
What types of threats can occur to my network
via wireless connections?
Wireless networks offer additional opportunities
for attackers to gain unauthorized access
to network resources, as they no longer
need to gain physical access to a network
connection. Wireless networks that are not
properly configured may propagate signals
beyond an organization’s physical
boundaries, allowing an attacker to gain
access to the network and sniff packets
from a parking lot or a neighboring building.
Wireless networks are also more susceptible
to DoS attacks than wired networks, as an
attacker must merely disrupt radio waves.
In order to prevent DoS attacks, unauthorized
disclosure, and other attacks, preventive
(management, operational, and technical)
measures need to be implemented to protect
the network (both physical and logical).
Back to the Top
|
10.
What is an Infrared (IR) port?
Most handheld devices have the capability
to communicate via IR ports that allow the
device to directly interface with another
device to exchange data.
Back to the Top |
11.
How can IR and RF ports affect my network?
Handheld devices can transmit applications
and potentially malicious code through these
connections. The transmitted data may be unencrypted,
allowing users in close proximity to the device
the opportunity to intercept and read the
data traversing the connection.
Back
to the Top |
12.
What is a dial-up connection?
A dial-up connection is a common method of
remote access. This is allows a user to get
access to a computer or a network using plain
old telephone service (POTS) provided by the
public switched telephone network (PSTN).
Back
to the Top |
13.
Why would a dial-up connection
present a risk for my network?
Dial-up capability, similar to other remote
access capabilities, introduces risks if the
networked PC does not employ strong encryption,
authentication, and risk mitigation mechanisms.
Not implementing such security mechanisms
leave devices vulnerable to attackers who
might gain access to the client device and
possibly the network.
Back
to the Top |
14.
What is an Ethernet connection?
Ethernet is a wired networking technology
standard defined by the IEEE, and is generally
used in local area networks (LAN), allowing
communication between devices connected to
the network. An Ethernet connection uses standardized
technology to allow networked devices to connect
and communicate.
Back
to the Top |
15.
What is encryption?
Encryption is a means of protecting transmitted
data to prevent anyone but the intended recipient
from comprehending the original data. To protect
the data, a mathematical algorithm converts
the data into a sequence that is incomprehensible
unless decrypted. In WLANs, encryption plays
a significant role in the security of data
traversing the network. The encryption methods
are very important to prevent attacks and
provide safe transmissions of data. Several
methods of encryption exist to secure wireless
networks, although some provide stronger protection
than others.
Back
to the Top |
16.
What are the types of encryption that I can
use?
Only Federal Information Processing Standard
(FIPS) 140-2 compliant encryption methods
are authorized to be used for data transmissions
over wireless networks. Wired Equivalent Privacy
(WEP), the most commonly used wireless encryption
method, is defined by the IEEE 802.11 standard
and uses the RC4 algorithm to encrypt data.
However, WEP is unacceptable due to significant
issues facing the implementation of specific
aspects of the encryption algorithm. Triple
Data Encryption Standard (3DES) is an encryption
method that produces an encrypted datastream.
Advanced Encryption Standard (AES), a replacement
for 3DES, uses symmetric block cipher to encrypt
and decrypt data and supports key sizes of
128, 192, and 256 bits. 802.1x, often confused
as an encryption method, is a port-based
access control solution that is commonly paired
with Extensible Authentication Protocol (EAP)
to authenticate users via a third party authentication
server.
Back
to the Top |
17.
What is FIPS 140-2?
FIPS 140-2 was developed by the National Institute
of Standards and Technology (NIST) in order
to establish security requirements for cryptographic
modules to be used for processing sensitive
material. Vendor devices are certified by
NIST authorized testing labs, which verify
that each approved device meets specific security
requirements. This certification is recognized
by all government agencies seeking to procure
equipment containing validated cryptographic
modules.
Back
to the Top |
18.
What is a firewall?
A firewall is a device that serves as a barrier
between networks providing access control,
traffic filtering, and other security features.
Firewalls are commonly deployed between trusted
and untrusted networks, for example between
the Internet (untrusted) and an organization’s
trusted private network. They can also be
used internally to segment an organization’s
network infrastructure, for example; deploying
a firewall between the corporate financial
information and the rest of the company network.
Firewalls are additional security mechanisms
that should be included in all networks, both
wired and wireless, in addition to being implemented
on client devices as software applications.
With the increased risks that are associated
with wireless networks, it is important to
include firewalls and other security mechanisms
during the design phase.
Back
to the Top |
19.
What is an Intrusion Detection
System (IDS)?
An intrusion detection system (IDS) monitors
a network (wired or wireless) for activities
violating policies defined in the configuration
of the system. In the event a policy is broken,
the IDS will alert appropriately defined entities
of the violation. In some cases an IDS may
go further by shutting down network segments
or automatically securing the network in a
variety of different ways, which again would
be defined during the configuration of the
system. Software IDSs are available for client
devices, in order to protect them from attackers
trying to access resources stored on the client
device, or using the client device as a gateway.
Back
to the Top |
20.
Do I need to have a firewall and an
intrusion detection system?
It is recommended that any client device,
especially those operating on wireless networks
be deployed with personal firewall and intrusion
detection software, virus protection is required
per DoDD 8100.2. It is critical that wireless
clients be secured, particularly when connected
to the wired network. These types of applications
will help protect proprietary information
stored on the station, and prevent a wireless
client device from becoming an easy target
for an attacker. According to DISA’s
Wireless STIG, “The IAO will ensure
that a personal firewall and intrusion detection
system will be implemented on each 802.11-enabled
wireless device, if available.”
Back
to the Top |
21.
Why do I need to evaluate or audit
my wireless network periodically?
Security audits/assessments should be done
on a periodic basis to ensure that the security
posture of the wired and wireless network
remain secure and identify any threats facing
the networks. Because attacks and environments
are continually changing, a through audit/assessment
schedule should be implemented by network
management. In addition, it is recommended
that network monitoring be conducted 24x7
as an added level of network security. Rogue
devices - unauthorized wirelessly enabled
devices - can be introduced to the wireless
network intentionally or unintentionally and
pose significant threats to wireless networks
and may go unidentified without the execution
of proper audits/assessment. Additional security
vulnerabilities may also be identified, including
incorrectly configured devices, plain-text
data transmission, and signal bleed.
Back
to the Top |
