Skip Ribbon Commands Skip to main content

Frequently Asked Questions (FAQs)

Click on a question below to get the answer.

Questions

  1. What is a Wireless LAN?
  2. What other names refer to a Wireless LAN?
  3. How can wireless technology be used to serve as a wireless bridge?
  4. How can I use my Blackberry?
  5. Do I need a waiver to use a Blackberry?
  6. What are handheld devices?
  7. What is the threat in using handheld devices?
  8. What are risk mitigation tools?
  9. What types of threats can occur to my network via wireless connections?
  10. What is an IR port?
  11. How can IR and RF ports affect my network?
  12. What is a dial-up connection?
  13. Why would a dial-up connection present a risk for my network?
  14. What is an Ethernet connection?
  15. What is encryption?
  16. What are the types of encryption that I can use?
  17. What is FIPS 140-2?
  18. What is a firewall?
  19. What is an intrusion detection system?
  20. Do I need to have a firewall and an intrusion detection system?
  21. Why do I need to evaluate or audit my wireless network periodically?
  22. What non-Blackberry devices are allowed?


Answers

What is a Wireless LAN?

A WLAN is generally deployed as an extension to an existing wired network, in order to allow clients to access network resources or the Internet without having to be physically connected to the network via a cable. Wireless networks operate in two distinct modes, infrastructure and ad-hoc. Infrastructure mode is defined as a wireless network employing an access point (AP) to transmit data between clients. Ad-hoc mode does not use infrastructure devices such as an AP, but instead allows clients to directly connect to one another.

What other names refer to a Wireless LAN?

WLANs are often referred to by the standard they were developed under by the Institute of Electrical and Electronics Engineer (IEEE), which include the following 802.11 wireless network types - IEEE 802. 11 a/b/g/n. Wireless networks are also commonly referred to as WLAN, wireless fidelity (WiFi), wireless network, or “Hot Spot”.

How can wireless technology be used to serve as a wireless bridge?

WLAN systems can bridge a communication link between two or more networks, allowing the exchange of network traffic wirelessly. Wireless bridging is generally implemented as a direct connection between two wired network segments using APs or wireless bridges.

How can I use my Blackberry?

Blackberries should only be used to transmit appropriate unclassified data in an unclassified environment according to a contract agreement and user training.

Do I need a waiver to use a Blackberry?

In order to use a Blackberry you must obtain a waiver registered on the Connection Approval Process website https://snap.dod.mil/.

What are handheld devices?

Some examples of handheld devices are; PDAs, converged devices (mobile phones with PDA capabilities), PEDs, text messaging devices, and 2-way pagers.

What are the threats in using handheld devices?

Handheld devices face similar security threats as other networked devices, including man-in-the middle attacks, denial of service (DoS), and malicious code. In addition to the common security threats, handheld and mobile devices are subject to being lost, stolen, or tampered with as they are generally more exposed to environments outside an organization’s physical confine.

What are risk mitigation tools?

Risk mitigation tools are hardware and software applications implemented to prevent attacks that may compromise a network or device. Examples of these tools are: virus protection, strong user identification, VPNs, PKI, biometrics, strong encryption for storage and transmission, mobile device compliance tools, and personal firewalls. It is especially important to incorporate these and other risk mitigation tools within WLANs, because wireless networks are more susceptible to attacks than wired networks.

What types of threats can occur to my network via wireless connections?

Wireless networks offer additional opportunities for attackers to gain unauthorized access to network resources, as they no longer need to gain physical access to a network connection. Wireless networks that are not properly configured may propagate signals beyond an organization’s physical boundaries, allowing an attacker to gain access to the network and sniff packets from a parking lot or a neighboring building. Wireless networks are also more susceptible to DoS attacks than wired networks, as an attacker must merely disrupt radio waves. In order to prevent DoS attacks, unauthorized disclosure, and other attacks, preventive (management, operational, and technical) measures need to be implemented to protect the network (both physical and logical).

What is an Infrared (IR) port?

Most handheld devices have the capability to communicate via IR ports that allow the device to directly interface with another device to exchange data.

How can IR and RF ports affect my network?

Handheld devices can transmit applications and potentially malicious code through these connections. The transmitted data may be unencrypted, allowing users in close proximity to the device the opportunity to intercept and read the data traversing the connection.

What is a dial-up connection?

A dial-up connection is a common method of remote access. This is allows a user to get access to a computer or a network using plain old telephone service (POTS) provided by the public switched telephone network (PSTN).

Why would a dial-up connection present a risk for my network?

Dial-up capability, similar to other remote access capabilities, introduces risks if the networked PC does not employ strong encryption, authentication, and risk mitigation mechanisms. Not implementing such security mechanisms leave devices vulnerable to attackers who might gain access to the client device and possibly the network.

What is an Ethernet connection?

Ethernet is a wired networking technology standard defined by the IEEE, and is generally used in local area networks (LAN), allowing communication between devices connected to the network. An Ethernet connection uses standardized technology to allow networked devices to connect and communicate.

What is encryption?

Encryption is a means of protecting transmitted data to prevent anyone but the intended recipient from comprehending the original data. To protect the data, a mathematical algorithm converts the data into a sequence that is incomprehensible unless decrypted. In WLANs, encryption plays a significant role in the security of data traversing the network. The encryption methods are very important to prevent attacks and provide safe transmissions of data. Several methods of encryption exist to secure wireless networks, although some provide stronger protection than others.

What are the types of encryption that I can use?

Only Federal Information Processing Standard (FIPS) 140-2 compliant encryption methods are authorized to be used for data transmissions over wireless networks. Wired Equivalent Privacy (WEP), the most commonly used wireless encryption method, is defined by the IEEE 802.11 standard and uses the RC4 algorithm to encrypt data. However, WEP is unacceptable due to significant issues facing the implementation of specific aspects of the encryption algorithm. Triple Data Encryption Standard (3DES) is an encryption method that produces an encrypted datastream. Advanced Encryption Standard (AES), a replacement for 3DES, uses symmetric block cipher to encrypt and decrypt data and supports key sizes of 128, 192, and 256 bits. 802.1x, often confused as an encryption method, is a port-based access control solution that is commonly paired with Extensible Authentication Protocol (EAP) to authenticate users via a third party authentication server.

What is FIPS 140-2?

FIPS 140-2 was developed by the National Institute of Standards and Technology (NIST) in order to establish security requirements for cryptographic modules to be used for processing sensitive material. Vendor devices are certified by NIST authorized testing labs, which verify that each approved device meets specific security requirements. This certification is recognized by all government agencies seeking to procure equipment containing validated cryptographic modules.

What is a firewall?

A firewall is a device that serves as a barrier between networks providing access control, traffic filtering, and other security features. Firewalls are commonly deployed between trusted and untrusted networks, for example between the Internet (untrusted) and an organization’s trusted private network. They can also be used internally to segment an organization’s network infrastructure, for example; deploying a firewall between the corporate financial information and the rest of the company network. Firewalls are additional security mechanisms that should be included in all networks, both wired and wireless, in addition to being implemented on client devices as software applications. With the increased risks that are associated with wireless networks, it is important to include firewalls and other security mechanisms during the design phase.

What is an Intrusion Detection System (IDS)?

An intrusion detection system (IDS) monitors a network (wired or wireless) for activities violating policies defined in the configuration of the system. In the event a policy is broken, the IDS will alert appropriately defined entities of the violation. In some cases an IDS may go further by shutting down network segments or automatically securing the network in a variety of different ways, which again would be defined during the configuration of the system. Software IDSs are available for client devices, in order to protect them from attackers trying to access resources stored on the client device, or using the client device as a gateway.

Do I need to have a firewall and an intrusion detection system?

It is recommended that any client device, especially those operating on wireless networks be deployed with personal firewall and intrusion detection software, virus protection is required per DoDD 8100.2. It is critical that wireless clients be secured, particularly when connected to the wired network. These types of applications will help protect proprietary information stored on the station, and prevent a wireless client device from becoming an easy target for an attacker. According to DISA’s Wireless STIG, “The IAO will ensure that a personal firewall and intrusion detection system will be implemented on each 802.11-enabled wireless device, if available.”

Why do I need to evaluate or audit my wireless network periodically?

Security audits/assessments should be done on a periodic basis to ensure that the security posture of the wired and wireless network remain secure and identify any threats facing the networks. Because attacks and environments are continually changing, a through audit/assessment schedule should be implemented by network management. In addition, it is recommended that network monitoring be conducted 24x7 as an added level of network security. Rogue devices - unauthorized wirelessly enabled devices - can be introduced to the wireless network intentionally or unintentionally and pose significant threats to wireless networks and may go unidentified without the execution of proper audits/assessment. Additional security vulnerabilities may also be identified, including incorrectly configured devices, plain-text data transmission, and signal bleed.

What non-Blackberry devices are allowed? back to top

Only devices that have a corresponding STIG are allowed to process operational DoD information.