Mr BA
27-08-2009, 16:33
Table of Contents
Executive Summary . 1
1. Introduction . 1-1
1.1 Authority 1-1
1.2 Document Purpose and Scope . 1-1
1.3 Audience and Assumptions . 1-2
1.4 Document Organization 1-2
2. Overview of Wireless Technology 2-1
2.1 Wireless Networks . 2-1
2.1.1 Wireless LANs . 2-1
2.1.2 Ad Hoc Networks . 2-1
2.2 Wireless Devices 2-2
2.2.1 Personal Digital Assistants . 2-2
2.2.2 Smart Phones 2-3
2.3 Wireless Standards . 2-3
2.3.1 IEEE 802.11 . 2-3
2.3.2 Bluetooth 2-3
2.4 Wireless Security Threats and Risk Mitigation 2-4
2.5 Emerging Wireless Technologies . 2-6
2.6 Federal Information Processing Standards . 2-6
3. Wireless LANs . 3-8
3.1 Wireless LAN Overview 3-8
3.1.1 Brief History . 3-8
3.1.2 Frequency and Data Rates 3-9
3.1.3 802.11 Architecture 3-9
3.1.4 Wireless LAN Components 3-11
3.1.5 Range 3-11
3.2 Benefits 3-12
3.3 Security of 802.11 Wireless LANs .3-13
3.3.1 Security Features of 802.11 Wireless LANs per the Standard 3-13
3.3.2 Problems With the IEEE 802.11 Standard Security 3-17
3.4 Security Requirements and Threats .3-19
3.4.1 Loss of Confidentiality 3-20
3.4.2 Loss of Integrity 3-21
3.4.3 Loss of Network Availability 3-22
3.4.4 Other Security Risks 3-22
3.5 Risk Mitigation .3-22
3.5.1 Management Countermeasures . 3-23
3.5.2 Operational Countermeasures . 3-23
3.5.3 Technical Countermeasures 3-24
3.6 Emerging Security Standards and Technologies .3-36
3.7 Case Study: Implementing a Wireless LAN in the Work Environment 3-37
3.8 Wireless LAN Security Checklist 3-40
3.9 Wireless LAN Risk and Security Summary .3-42
4. Wireless Personal Area Networks 4-1
4.1 Bluetooth Overview . 4-1
4.1.1 Brief History . 4-3
4.1.2 Frequency and Data Rates 4-3
4.1.3 Bluetooth Architecture and Components 4-4
4.1.4 Range 4-4
4.2 Benefits . 4-5
4.3 Security of Bluetooth 4-6
4.3.1 Security Features of Bluetooth per the Specifications 4-7
4.3.2 Problems with the Bluetooth Standard Security 4-13
4.4 Security Requirements and Threats .4-14
4.4.1 Loss of Confidentiality 4-14
4.4.2 Loss of Integrity 4-17
4.4.3 Loss of Availability 4-17
4.5 Risk Mitigation .4-17
4.5.1 Management Countermeasures . 4-17
4.5.2 Operational Countermeasures . 4-18
4.5.3 Technical Countermeasures 4-18
4.6 Bluetooth Security Checklist 4-20
4.7 Bluetooth Ad Hoc Network Risk and Security Summary .4-22
5. Wireless Handheld Devices 5-26
5.1 Wireless Handheld Device Overview .5-26
5.2 Benefits 5-27
5.3 Security Requirements and Threats .5-28
5.3.1 Loss of Confidentiality 5-28
5.3.2 Loss of Integrity 5-30
5.3.3 Loss of Availability 5-30
5.4 Risk Mitigation .5-31
5.4.1 Management Countermeasures . 5-31
5.4.2 Operational Countermeasures . 5-32
5.4.3 Technical Countermeasures 5-33
5.5 Case Study: PDAs in the Workplace .5-36
5.6 Wireless Handheld Device Security Checklist .5-36
5.7 Handheld Device Risk and Security Summary 5-38
Appendix A— Common Wireless Frequencies and Applications .A-1
Appendix B— Glossary of Terms .B-1
Appendix C— Acronyms and Abbreviations C-1
Appendix D— Summary of 802.11 Standards D-1
Appendix E— Useful References .E-1
Appendix F— Wireless Networking Tools . F-1
Appendix G— References .G-1
Executive Summary . 1
1. Introduction . 1-1
1.1 Authority 1-1
1.2 Document Purpose and Scope . 1-1
1.3 Audience and Assumptions . 1-2
1.4 Document Organization 1-2
2. Overview of Wireless Technology 2-1
2.1 Wireless Networks . 2-1
2.1.1 Wireless LANs . 2-1
2.1.2 Ad Hoc Networks . 2-1
2.2 Wireless Devices 2-2
2.2.1 Personal Digital Assistants . 2-2
2.2.2 Smart Phones 2-3
2.3 Wireless Standards . 2-3
2.3.1 IEEE 802.11 . 2-3
2.3.2 Bluetooth 2-3
2.4 Wireless Security Threats and Risk Mitigation 2-4
2.5 Emerging Wireless Technologies . 2-6
2.6 Federal Information Processing Standards . 2-6
3. Wireless LANs . 3-8
3.1 Wireless LAN Overview 3-8
3.1.1 Brief History . 3-8
3.1.2 Frequency and Data Rates 3-9
3.1.3 802.11 Architecture 3-9
3.1.4 Wireless LAN Components 3-11
3.1.5 Range 3-11
3.2 Benefits 3-12
3.3 Security of 802.11 Wireless LANs .3-13
3.3.1 Security Features of 802.11 Wireless LANs per the Standard 3-13
3.3.2 Problems With the IEEE 802.11 Standard Security 3-17
3.4 Security Requirements and Threats .3-19
3.4.1 Loss of Confidentiality 3-20
3.4.2 Loss of Integrity 3-21
3.4.3 Loss of Network Availability 3-22
3.4.4 Other Security Risks 3-22
3.5 Risk Mitigation .3-22
3.5.1 Management Countermeasures . 3-23
3.5.2 Operational Countermeasures . 3-23
3.5.3 Technical Countermeasures 3-24
3.6 Emerging Security Standards and Technologies .3-36
3.7 Case Study: Implementing a Wireless LAN in the Work Environment 3-37
3.8 Wireless LAN Security Checklist 3-40
3.9 Wireless LAN Risk and Security Summary .3-42
4. Wireless Personal Area Networks 4-1
4.1 Bluetooth Overview . 4-1
4.1.1 Brief History . 4-3
4.1.2 Frequency and Data Rates 4-3
4.1.3 Bluetooth Architecture and Components 4-4
4.1.4 Range 4-4
4.2 Benefits . 4-5
4.3 Security of Bluetooth 4-6
4.3.1 Security Features of Bluetooth per the Specifications 4-7
4.3.2 Problems with the Bluetooth Standard Security 4-13
4.4 Security Requirements and Threats .4-14
4.4.1 Loss of Confidentiality 4-14
4.4.2 Loss of Integrity 4-17
4.4.3 Loss of Availability 4-17
4.5 Risk Mitigation .4-17
4.5.1 Management Countermeasures . 4-17
4.5.2 Operational Countermeasures . 4-18
4.5.3 Technical Countermeasures 4-18
4.6 Bluetooth Security Checklist 4-20
4.7 Bluetooth Ad Hoc Network Risk and Security Summary .4-22
5. Wireless Handheld Devices 5-26
5.1 Wireless Handheld Device Overview .5-26
5.2 Benefits 5-27
5.3 Security Requirements and Threats .5-28
5.3.1 Loss of Confidentiality 5-28
5.3.2 Loss of Integrity 5-30
5.3.3 Loss of Availability 5-30
5.4 Risk Mitigation .5-31
5.4.1 Management Countermeasures . 5-31
5.4.2 Operational Countermeasures . 5-32
5.4.3 Technical Countermeasures 5-33
5.5 Case Study: PDAs in the Workplace .5-36
5.6 Wireless Handheld Device Security Checklist .5-36
5.7 Handheld Device Risk and Security Summary 5-38
Appendix A— Common Wireless Frequencies and Applications .A-1
Appendix B— Glossary of Terms .B-1
Appendix C— Acronyms and Abbreviations C-1
Appendix D— Summary of 802.11 Standards D-1
Appendix E— Useful References .E-1
Appendix F— Wireless Networking Tools . F-1
Appendix G— References .G-1