A couple of weeks ago I submitted a post regarding what I feel is a forgotten strategy of security and compliance of enterprise networks. The post was based on an article that I read. Although my comments within the post focused on security and compliance during the deployment (installation, configuration, verification) of a network, I did pose a question regarding the real-time security and compliance of a wireless network. The response I received addressed real-time protection in the form of deep packet inspection within a wireless environment. The contributor’s response (Thanks Nik!) also pointed out that the current methods (hidden SSID, WPA2/PSK, MAC authentication) used to protect a wireless enterprise network all have known vulnerabilities (hyperlinks to supporting articles below). I was aware that someone could get around hiding the SSID and MAC authentication. But I was not aware that deciphering the WPA2 passphrase was well known. The response post and the supporting articles caused me to consider that spectrum analysis and WIDS, at the very least, must be a standard feature to any enterprise network. This may not be news to others in the forum, but to me this is major.
If WIDS becomes a standard for enterprise networks the baseline feature set for wireless equipment changes. Autonomous access points and mobility controllers will have to offer WIDS, WIPS, and stateful firewall functionality. Deep packet inspection would no longer be a key differentiator. In the event that a security breach occurs and a customer decided not to sign up for WIDS, at the very least, service contracts will have to contain language that excludes the MSP from responsibility. This new information has cause me to pose the following questions:
Within enterprise networks, should WIDS functionality be a new requirement?
If WIDS (and possibly WIPS) functionality is enabled, is there a need to ensure that installers have restricted access to the network during deployment?
Should WIPS functionality be a new requirement as well? If so, what features could be enabled that minimize the probability of lawsuits?
What are some of the best tools to certify WIDS/WIPS functionality?
In deploying a wireless network, does increased resources required to enable WIDS/WIPS become a factor?
Despite the vulnerabilities of a hidden SSID, WPA2, and MAC authentication, should these still be used in conjunction with WIDS, WIPS, and a stateful firewall?