Wednesday, 25 December 2013

Wireless Network Client Security

General Wireless Client Security :

  • Clients must be secured whether they are stationary or mobile clients
  • should be secured the the highest level possible that is compatible with the network
  • legacy client unable to support higher security levels must be replaced
  • use of higher encryption/authentication levels is a must – this includes :
    • use of WPA or WPA2 for SOHO clients
    • Use of 802.1X for enterprise users
    • Use of complex device passwords
  • Use of logging and auditing
    • On client device as well as network devices
  • client security and hardening : patching and secure configuration
  • physical security control
  • policy enforcement
  • network security
  • user security

Legacy Wireless Clients :

  • legacy clients include older PDAs . older windows OS (2000 and Xp), older Linux and Macs
  • usually cannot support newer security levels such as WPA/WPA2 , WPS , 802.1X
  • may only use WEP or open/shared security
  • older wireless hardware may only support legacy wireless technologies (802.11 and 802.11b)
  • best practice is to replace or upgrade
  • if you cannot replace, you must take other measure to secure these clients
  • Other security mitigations include :
    • Securing network communications with IPsec, SSL or SSH
    • Encrypting data at rest on device
    • Complex passwords
    • Very Limited use – no sensitive data stored or transmitted on device
    • Use of third party tools
Wireless Zero Configuration (WZC), also known as Wireless Auto Configuration, or WLAN AutoConfig is a wireless connection management utility included with Microsoft Windows XP and later operating systems as a service that dynamically selects a wireless network to connect to based on a user’s preferences and various default settings

Wireless client Physical Security :

  • Clients must be physically protected – even mobile ones like tablets and smartphones
  • user responsibilities is important and spelled out in acceptable use policy
  • maintain positive physical control at all times – know where the device is
  • don’t allow others to us device
  • maintain a formal equipment inventory and custody program by item serial number
  • ensure equipment is properly labelled  with organization ownership information
  • use or keep equipment in areas where only authorized users work
  • maintain a secure wireless working area when possible – access point physical placement and security are important
  • limit sensitive data on mobile devices as much as practical
  • use warning banners and notifications during device access and authentication
  • Require enterprise-level authentication for mobile users
    • VPN
    • 802.1X mutual authentication
    • PKI certificate
    • Network Access Control Devices
  • Add technical measure to protect devices in case they are lost or stolen
    • Encrypted media
    • Remote wipe
    • Complex logins and authentication methods
    • Remote tracking

Security policies and Enforcement in Wireless Clients :

  • policies tell what must be done
  • backed up by procedures and standards
  • procedures detail how
  • standards define to what degree
  • wireless policy must be backed up by solid wireless network procedures and standards
  • security policies are very important for wireless clients and users
  • used to state what is and is not acceptable
  • details responsibilities in regards to organization resources and equipment
  • also spells out consequences for non-compliance
  • policies applicable to wireless clients include :
  • acceptable use policy for users
  • mobile device use policy
  • bring your own device (BYOD) policies
  • data sensitivity and access policies
  • authentication policies
  • encryption policies
  • certificate policy
  • equipment control policies
Blog source  --

To more about Summer 2014 Internship program in Jaipur please visit on --

1 comment:

  1. your website is very good and desing is also very nice.
    you are good webmaster.its very easy to understand.
    i like your web.