NIST releases SP 800-153 WLAN security guidelines

The recently released NIST SP 800-153 addresses security of WLANS. Join us, as we take a closer look at the document’s recommendations.

The national institute for standards and design (NIST) recently released a special publication (SP), which recommends guidelines for securing wireless local area networks (WLANs). Designated NIST SP 800-153, the document had been out for public review and comment since late October 2011. It provides recommendations to improve the security, management and monitoring of IEEE 802.11 based WLAN networks and attached devices. The document co-authored by Murugiah Souppaya of NIST and Karen Scarfone of Scarfone Cybersecurity, is limited to unclassified wireless networks and unclassified facilities within the range of such networks.

NIST SP 800-153 is divided into two sections: WLAN security configuration and WLAN security monitoring. The recommendations for WLAN security configuration cover topics like configuration design, architecture, implementation, evaluation and maintenance. Security monitoring recommendations encompass guidelines for continuous monitoring, periodic assessment, attack/vulnerability monitoring and tools.

WLANs typically suffer from weak security configurations favoring convenience over security.

NIST SP 800-153 document

The security of WLANs is heavily dependent on how well each WLAN component is secured throughout the lifecycle, according to the SP 800-153 document. Focusing on WLANs based on the IEEE 802.11 WiFi standard family, NIST SP 800-153 provides insights on how to secure organizational WLANs and attached components (like client devices, access points and wireless switches). The basic guidelines proposed by NIST SP 800-153 are summarized below:

1) Standardize security configurations for common WLAN components (client devices, APs, et al)

The NIST SP 800-153 document states that a standardized configuration provides a base level of security, reducing vulnerabilities and lessening the impact of successful attacks. It also assists in significantly reducing the time and effort needed to set up a secure WLAN configuration.

2) Consider the security of networks the WLAN is connected/associated with

NIST SP 800-153 recommends reviewing the impact of WLANs on the security of other networks connected to it, suggesting that separate WLANs be used for multiple security profiles (external, internal, etc). Devices on logically separate WLANs should not be able to communicate with each other.

3) Institute policies clearly defining norms around dual connections for WLAN client devices; enforce them through appropriate security controls

NIST SP800-153 cautions organizations to assess and mitigate the risks involved with traditional dual connections (device connected to a wired and wireless network) and multiple connections (devices connected to multiple networks simultaneously such as WiMAX, Bluetooth and WLAN), providing guidelines.

4) Ensure compliance to organizational WLAN policies from all client devices and AP configurations

SP 800-153 recommends proactive maintenance of implementations throughout a device’s lifecycle. It is recommended that WLAN security configurations and maintenance be standardized, automated and centralized to the extent feasible to ensure consistent WLAN security. This also ensures that organizations detect and react to new incidents and vulnerabilities faster.

5) Attack and vulnerability monitoring should be performed to support WLAN security

SP 800-153 recommends that organizations continuously monitor their WLANs for both WLAN-specific and generic (wired network) attacks. These actions should be performed at least as often as those are for equivalent wired systems.

6) Conduct regular periodic technical security assessments

The NIST SP 800-153 document advises practitioners to perform periodic technical security assessments at least once a quarter and an overall assessment at least once a year. These assessments can be foregone in cases of continuously monitored WLANs.

NIST SP 800-153 targets a primary audience of security professionals, network professionals and system administrators closely associated with the implementation, maintenance and monitoring of WLAN networks. SP 800-153 consolidates and augments recommendations made in earlier documents, including NIST SP 800-97 (Establishing wireless robust security networks: a guide to IEEEE 802.11i, 2007) and NIST SP 800-48 (A guide to security legacy 802.11 wireless networks, revision 1, 2008).

According to NIST, the NIST SP 800-153 document does not replace previous NIST documents on the subject. In case of a conflict in recommendations between these publications, the recommendations in NIST SP 800-153 should take precedence. The complete document can be found here. The 800 series of special publications may be found here.

                                                                                                                                                                                                            Please send your feed back to vharan at techtarget dot com

Read more on IT risk management