Wireless Network Client Security

General Wireless Client Security :

• Clients must be secured whether they are stationary or mobile clients
• should be secured the the highest level possible that is compatible with the network
• legacy client unable to support higher security levels must be replaced
• use of higher encryption/authentication levels is a must – this includes :
  • use of WPA or WPA2 for SOHO clients
  • Use of 802.1X for enterprise users
  • Use of complex device passwords
• Use of logging and auditing
  • On client device as well as network devices
• client security and hardening : patching and secure configuration
• physical security control
• policy enforcement
• network security
• user security

Legacy Wireless Clients :

• legacy clients include older PDAs . older windows OS (2000 and Xp), older Linux and Macs
• usually cannot support newer security levels such as WPA/WPA2 , WPS , 802.1X
• may only use WEP or open/shared security
• older wireless hardware may only support legacy wireless technologies (802.11 and 802.11b)
• best practice is to replace or upgrade
• if you cannot replace, you must take other measure to secure these clients
• Other security mitigations include :
  • Securing network communications with IPsec, SSL or SSH
  • Encrypting data at rest on device
  • Complex passwords
  • Very Limited use – no sensitive data stored or transmitted on device
  • Use of third party tools

Wireless Zero Configuration (WZC), also known as Wireless Auto Configuration, or WLAN AutoConfig is a wireless connection management utility included with Microsoft Windows XP and later operating systems as a service that dynamically selects a wireless network to connect to based on a user’s preferences and various default settings

Wireless client Physical Security :

• Clients must be physically protected – even mobile ones like tablets and smartphones
• user responsibilities is important and spelled out in acceptable use policy
• maintain positive physical control at all times – know where the device is
• don’t allow others to us device
• maintain a formal equipment inventory and custody program by item serial number
• ensure equipment is properly labelled  with organization ownership information
• use or keep equipment in areas where only authorized users work
• maintain a secure wireless working area when possible – access point physical placement and security are important
• limit sensitive data on mobile devices as much as practical
• use warning banners and notifications during device access and authentication
• Require enterprise-level authentication for mobile users
  • VPN
  • 802.1X mutual authentication
  • PKI certificate
  • Network Access Control Devices
• Add technical measure to protect devices in case they are lost or stolen
  • Encrypted media
  • Remote wipe
  • Complex logins and authentication methods
  • Remote tracking

Security policies and Enforcement in Wireless Clients :

• policies tell what must be done
• backed up by procedures and standards
• procedures detail how
• standards define to what degree
• wireless policy must be backed up by solid wireless network procedures and standards
• security policies are very important for wireless clients and users
• used to state what is and is not acceptable
• details responsibilities in regards to organization resources and equipment
• also spells out consequences for non-compliance
• policies applicable to wireless clients include :
• acceptable use policy for users
• mobile device use policy
• bring your own device (BYOD) policies
• data sensitivity and access policies
• authentication policies
• encryption policies
• certificate policy
• equipment control policies

Blog source  -- http://www.linuxworldindia.org/blog/wireless-network-client-security/

To more about Summer 2014 Internship program in Jaipur please visit on --  http://www.linuxworldindia.org