Warning: Use of undefined constant add_shortcode - assumed 'add_shortcode' (this will throw an Error in a future version of PHP) in /nfs/c03/h02/mnt/49321/domains/hackingtheuniverse.com/html/wp-content/plugins/stray-quotes/stray_quotes.php on line 615

Warning: Use of undefined constant MSW_WPFM_FILE - assumed 'MSW_WPFM_FILE' (this will throw an Error in a future version of PHP) in /nfs/c03/h02/mnt/49321/domains/hackingtheuniverse.com/html/wp-content/plugins/wordpress-file-monitor/wordpress-file-monitor.php on line 39
Wireless Restrictions

Wireless Restrictions

AC-18 WIRELESS RESTRICTIONS (NIST SP 800-53)

The organization: (i) establishes usage restrictions and implementation guidance for wireless technologies; and (ii) authorizes, monitors, controls wireless access to the information system.

NIST Special Publications 800-48 and 800-97 provide guidance on wireless network security. NIST Special Publication 800-94 provides guidance on wireless intrusion detection and prevention.

Overview of Wireless Networking and Wireless Security Issues

  • Wireless Network Standards
    • IEEE wifi
    • 802.1X
    • WiFi Alliance
    • Other standards
      • Bluetooth
      • Zigbee
      • WiMAX
  • Wireless Security Issues
    • Confidentiality
      • Discovery and access control – SSID and MAC address filtering.
      • Authentication and key management
      • Encryption – it’s not just the strength of the encryption algorithm being used, but also the way in which the authentication method and key management techniques interact that will determine the overall protection level that is offerred.
    • Integrity – the integrity of the data being transmitted across the wireless network will depend primarily on the integrity protection methods used to ensure the integrity of each data packet.
    • Availability – the ability of units to transmit and receive radio signals can be affected by signal strength, antenna size and placement, and disruption caused by interference and deliberate jamming.

Wireless Security Process Map and Controls

  • INITIATION
    • CM-8 Inventory
    • RA-2 Categorization
  • ACQUISITION AND DEVELOPMENT
    • RA-3 Risk assessment
      • Threats
      • Vulnerabilities
      • Mitigation
    • ALL SECURITY CONTROLS
      • Access control
      • Audit
      • Awareness and training
      • Configuration management
      • Identification and authentication
      • Physical and environmental
      • System and communication protection
      • System and information integrity
      • Configuration management
      • Documentation
  • IMPLEMENTATION
    • CM-2 Baseline configuration
    • CA-2 Security assessments
  • OPERATIONS AND MAINTENANCE
    • CA-7 Continuous monitoring
      • SI-2 Flaw remediation (patch management/security updates)
      • SI-4 System monitoring – this includes intrusion detection. Requirements for intrusion detection specific to wireless security issues must be set and implemented.
    • CM-4 Monitoring configuration changes
    • CM-3 Configuration change control
  • DISPOSAL
    • MP-6 Media sanitization

Comments are closed.