Many commercially available wireless products offer the capability of electronic security comparable to wired networks. However, these products must be configured and secured properly to provide the degree of security desired. Unlike a wired network, wherein the active components of the data communications network can be physically secured in a telecom room with restricted access, the wireless network requires that wireless access points and antennas are distributed throughout the facility. Thus, the physical security and protection of the wireless access point must be considered.
DoD Instruction 8420.01 establishes policy, assigns responsibilities, and provides procedures for the use of commercial WLAN devices, systems, and technologies. This instruction requires validated Physical Security. APs used in unclassified WLANs should not be installed in unprotected environments due to an increased risk of tampering and/or theft. If installed in unprotected environments, APs that store plain text cryptographic keying information shall be protected with added physical security to mitigate risks. DoD Components may choose products that meet FIPS 140-2 Overall Level 2 or higher validation (to ensure that the AP provides validated tamper evidence, at a minimum). Alternatively, DoD Components may physically secure APs by placing them inside of securely mounted, pick-resistant, lockable enclosures.
WLAN APs used to transmit or process classified information shall be physically secured, and methods shall exist to facilitate the detection of tampering. WLAN APs are part of communication systems and shall have controlled physical security, in accordance with DoD 5200.08-R.
In FIPS-140-2 Security Requirements for Cryptographic Modules, DoD Instruction 8420.01 specifies Security Level 2 for wireless LAN. Security Level 2 enhances the physical security mechanisms of a Security Level 1 cryptographic module by adding the requirement for tamper-evidence, which includes the use of tamper-evident coatings or seals or for pick-resistant locks on removable covers or doors of the module. Tamper-evident coatings or seals are placed on a cryptographic module so that the coating or seal must be broken to attain physical access to the plain text cryptographic keys and critical security parameters (CSPs) within the module. Tamper-evident seals or pick-resistant locks are placed on covers or doors to protect against unauthorized physical access.
FIPS-140-2 paragraph 4.5 states "A cryptographic module shall employ physical security mechanisms in order to restrict unauthorized physical access to the contents of the module and to deter unauthorized use or modification of the module (including substitution of the entire module) when installed. All hardware, software, firmware, and data components within the cryptographic boundary shall be protected."
Oberon wireless access point enclosures simplify the planning of network deployments. Secure, locking doors protect wireless APs behind ABS plastic providing strength while remaining virtually invisible to wireless signals. Enclosures are secured to building structure for greater security. Access points securely mounted within the enclosure can be easily reached by authorized personnel via the locking door, making moves, adds, and changes fast, easy, and exceptionally convenient in high-traffic, high-security environments.
Further discussion of Department of Defense resources relating to wireless network security is available at the Oberon Blog at http://oberonwireless.com/
For more information on designing networks to meet upcoming challenges, and for secure, convenient, and aesthetic telecommunications and wireless access point enclosures for suspended ceiling and wall-mounted systems, please call 1-877-867-2312 or visit http://oberonwireless.com.
# # #
Since 1999, Oberon, Inc. has been providing products and services to integrators and end users of wireless LAN "Wi-Fi" network products. Oberon's wireless enclosures and antenna products are used where the RF coverage, infrastructure security, environmental robustness, and aesthetics are paramount in the network design and implementation. Oberon offers ceiling-mounted telecommunications enclosures for Ethernet switches, patch panels, wireless controllers, and other networking and A/V components - ideal for structured cabling and Fiber-to-the-
Oberon's products and services have helped thousands of integrators and end-users in the global healthcare, government, transportation and logistics, education, retail, hospitality, and manufacturing achieve reliable indoor network connection mobility.