On Securing Wireless LAN Access to Government Information Systems

The success of the IEEE 802.11 series of standards has led to a proliferation of affordable and interoperable wireless networking devices. Wireless functionality is an integrated feature of many laptops, personal digital assistants, and even mobile phones. With the ratification of the security enhancement to IEEE 802.11, referred to as IEEE 802.11i, in 2004 and the subsequent availability of implementations of the standard in current hardware, many of the security concerns surrounding the original wireless standards would seem to have been addressed. Are the security enhanced features of IEEE 802.11i, however, suitable for securing access to Australian Government information systems? In this paper, we review the capability of the security features of IEEE 802.11i to address the requirements for securing access to Government information systems as expressed in the Australian Government information technology security manual (ACSI33). Our review identifies the requirements of ACSI33 and reveals that a number of these can be met by specific security configurations of IEEE 802.11i. Meeting these requirements, however, is highly dependent not only on the correct configuration of the wireless networking components, but also the supporting authentication infrastructure. Additionally, remaining vulnerabilities in the IEEE 802.11i standard are identified as are vulnerabilities introduced by the use of mobile and wireless devices.