Wireless Encryption Technologies
All public and confidential information transmitted through wireless technologies shall be deployed through the IEEE 802.11 standard for WLANs (Wireless Local Area Networks). The Wireless Protected Access2 (WPA2) protocol with AES encryption shall be deployed for data encryption to further protect transported information from intruders and eavesdroppers. Current versions of IEEE standards are 802.11, 802.11a, 802.11b, 802.11e, 802.11g, 802.11i and 802.11n.All Budget Units shall deploy 802.11g or greater for WLAN and WMAN wireless communications and encryption. 802.11g can update drivers to support WPA2.
Wireless technologies generally come with some embedded security features of which many are disabled by default and all Budget Units shall review and enable such features as appropriate. While some security features have some vulnerabilities and weakness, they still provide a substantial degree of protection against unauthorized disclosure, access, and other active-probing attacks.
Budge Units shall also deploy higher-level encryption protocols and applications, such as secure shell (SSH), Transport-Level Security (TLS) and the Internet Protocol Security (IPsec) associated algorithms to protect transported information, regardless of whether nonvalidated data-link security-protocols are used.
Budget Units shall routinely test inherent security features of both 802.11g or greater and WPA2 as an overall defense-in-depth strategy to attain the highest levels of integrity, authentication, and confidentiality. Budget Units shall also carefully consider deployment of robust and proven security features as listed below:
- Authentication and encryption algorithms;
- Bluetooth and built-in security features (data-link-level encryption and authentication protocols);
- Firewalls and other appropriate protection and intrusion mechanisms.
STATE of ARIZONA, May 7, 2008
Comments: