Meeting Wireless Security Standards for Civilian Agencies

Solutions from Mojo Networks can help a civilian agency to quickly assess wireless security and centrally enforce policy throughout the organization's enterprise networks.

Federal civilian agencies are under increased scrutiny of their programs for wireless security. A recent report by the U.S. Government Accountability Office (GAO-11-43) praises efforts by the 24 major agencies on implementing practices for wireless security. But the GAO also cites related inconsistencies, such as insufficient practices for monitoring or conducting security assessments of their wireless networks. Without corrective efforts, the GAO notes that "wireless networks will remain at an increased vulnerability to attack."

NIST Guidelines for Wireless Security

In FISMA, Congress assigned the National Institute of Standards and Technology (NIST) to develop technical guidelines for security. The following Special Publications from NIST provide guidelines for securing wireless technologies, according to the GAO report.

NIST Special Publications Addressing Wireless Security
800-48 Guide to Securing Legacy IEEE 802.11 Wireless Networks
800-53 Recommended Security Controls for Federal Information Systems and Organizations
800-94 Guide to Intrusion Detection and Prevention Systems
800-97 Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
800-101 Guidelines on Cell Phone Forensics
800-114 User’s Guide to Securing External Devices for Telework and Remote Access
800-120 Recommendation for EAP Methods Used in Wireless Network Access Authentication
800-121 Guide to Bluetooth Security
800-124 Guidelines on Cell Phone and PDA Security

Example: Mojo Networks for NIST SP 800-53

NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems and Organizations, is a primary technical guideline for FISMA compliance. The security framework in SP 800-53 includes 17 areas of security covering 205 technical and program management controls. Wireless security touches on a subset of these controls. The matrix below shows a selection of controls in SP 800-53 affecting wireless security and how Mojo Networks addresses these recommendations using the Mojo AirTight wireless security system.

NIST SP 800-53 Controls for Wireless Security Mojo AirTight Capabilities
AC-18 Wireless access:
  • Establish usage restrictions and implementation guidance for wireless access;
  • Monitor for unauthorized wireless access;
  • Authorize wireless access prior to connection; and
  • Enforce requirements for wireless connections.
  • Wireless access for authorized VLANs and enforcing "no WiFi" policies on those portions of wired enterprise that must remain No WiFi
  • Support for 802.11ac, 802.11n, 802.11g, 802.11b and 802.11a
  • Assure proper wireless access and prevent unauthorized wireless behavior (automated, always on, auto-authorization of clients, behavior-based authorization)
AC-19 Access control for mobile devices
  • Establish usage restrictions and implementation guidance for organization-controlled mobile devices;
  • Authorize connection of mobile devices meeting organizational usage restrictions and implantation guidance;
  • Monitor for unauthorized connections of mobile devices;
  • Enforce requirements for the connection of mobile devices;
  • Disable information system functionality that provides the capability for automatic execution of code on mobile devices without user direction;
  • Applies controls to mobile devices returning from locations deemed to be of significant risk.
  • Profile policies enforced for home, work and away
  • Automatically block unauthorized access behavior without user intervention or harming neighboring networks
AU-6 Audit review, analysis, and reporting
  • Review and analyze information system audit records for indications of inappropriate or unusual activity, and report findings to designated organizational officials;
  • Adjust the level of audit review, analysis, and reporting when there are significant changes in risks.
  • Monitor both the wired and wireless networks for wireless traffic
  • Perform wireless policy audits
  • Automated reports, compliance reports, forensics analysis, remote packet capture
CA-7 Continuous monitoring
  • Use a configuration management process for the information system and its constituent components;
  • Determine the security impact of changes to the information system and environment of operation;
  • Provide ongoing security control assessments;
  • Report the security state of the information system to appropriate organizational officials.
  • Always on, discovers vulnerabilities affecting wireless assets 24x7
  • Proactive WLAN performance management and troubleshooting
IA-2 Identification and authentication (organizational users):
  • Ensure that the information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).
  • No open wireless network usage
  • Monitor encryption and authentication configurations of authorized wireless networks
IA-8 Identification and authentication (non-organizational users):
  • Ensure that the information system uniquely identifies and authenticates non-organizational users such as civilians, contractors, or guests (or processes acting on behalf of non-organizational users).
  • Monitor encryption and authentication configurations of authorized guest wireless networks
PE-18 Location of information system components:
  • Ensure that the organization position information system components within the facility to minimize the opportunity for unauthorized access.
  • Discover all wireless assets on a 24x7 basis without requiring a physical site survey
  • Locate unauthorized WiFi devices on your floor map for quick removal
RA-2 Security categorization:
  • Categorize information and the information system in accordance with applicable federal authorities;
  • Document the security categorization results in the security plan;
  • Ensure the security categorization decision is reviewed and approved by authorized parties.
  • Automatically classifies all wireless activity into authorized, rogue and external
  • Accurately identify genuine threats versus false alarms
  • Customization of alerts, events and reports
RA-3 Risk assessment:
  • Conduct an assessment of risk, including the likelihood and magnitude of harm, from the unauthorized access, use, disclosure, disruption, modification, or destruction of the information system and the information it processes, stores, or transmits.
  • Document risk assessment results;
  • Review risk assessment results;
  • Update the risk assessment or whenever there are significant changes to the system or environment of operation (including the identification of new threats and vulnerabilities), or other conditions that may impact the security state of the system.
  • Automated, canned and customizable reports, e.g. wireless vulnerabilities, intrusion prevention
  • Continuously monitors wireless activity to identify soft spots in wireless security
RA-5 Vulnerability scanning:
  • Scan for vulnerabilities in the system and hosted applications, and when new vulnerabilities potentially affect the system/applications are identified and reported;
  • Employ vulnerability scanning tools and techniques that promote interoperability among tools and automate parts of the vulnerability management process by using standards;
  • Analyze vulnerability scan reports and results from security control assessments;
  • Remediate legitimate vulnerabilities in accordance with an organizational assessment of risk; and
  • Share information obtained from the vulnerability scanning process and security control assessments with designated personnel to help eliminate similar vulnerabilities in other systems.
  • Scan for vulnerabilities affecting both the wired and wireless networks 24x7
  • Detect, classify, block and locate rogue access points
  • Distributed administration allows regional reports, alerts and management
  • Wireless vulnerability reports can be generated automatically or on demand with a single click
  • Detailed drill down on detected vulnerabilities
SC-7 Boundary protection:
  • Monitor and control communications at the external boundary of the system and at key internal boundaries within the system;
  • Connect to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture.
  • Location based policy enforcement for access points and client devices
SI-4 Information systems monitoring:
  • Monitor events on the system and detect system attacks;
  • Identify unauthorized use of the system;
  • Deploy monitoring devices;
  • Heighten the level of system monitoring whenever there is an indication of increased risk;.
  • Provides monitoring for WLAN security and performance
SI-5 Security alerts, advisories, and directives:
  • Receive system security alerts, advisories, and directives from designated external organizatinos on an ongoing basis;
  • Generate internal security alerts, advisories, and directives as deemed necessary;
  • Disseminate security alerts, advisories, and directives to designated personnel; and
  • Implement security directives in accordance with established time frames, or notify the issuing organization of the degree of noncompliance.
  • Automatic notification of all wireless client vulnerabilities
  • Centralized alarms and reporting from thousands of sensors and millions of devices
PM-5 Information system inventory:
  • Develop and maintain an inventory of the organization’s information systems.
  • Detects and documents all wireless devices in the air space

Other Guidelines for Civilian Agencies

The Department of Defense has published DoD Directive 8420.01, which addresses additional security best practices for commercial wireless local area network devices, systems, and technologies. See our DoD Solutions page for more information on how Mojo Networks helps implement these best practices.

Learn More About Mojo Networks

Share this: