Wi-Fi Security: FORTRESS OUTLINES TIPS FOR ACHIEVING 8100.2 COMPLIANCE


Agencies Can Overcome Wireless Security Challenges by Taking a Multi-Layered, Big-Picture Approach

Tampa, Fl.-/July 20, 2004 - Wi-Fi Technology News/-Responding to the DoD?s Directive 8100.2 requiring comprehensive security for wireless networks within military branches and agencies, Fortress Technologies today outlined five tips for achieving privacy and security of data traveling on wireless networks. Fortress advocates a proactive approach that requires agencies to take a grassroots, systems view of their wireless architecture.

Given the clear benefits of mobility and the increasing need for flexibility in communications, wireless LAN use will continue to grow within the DoD. However, with Directive 8100.2, DoD is acknowledging the significant threats posed by unauthorized or off-the-shelf wireless products without adequate security. Learning from highly publicized corporate breaches and the ease with which World Wide War Drive participants recently discovered a record number of unsecured wireless networks, DoD aims to eliminate potentially costly vulnerabilities and prevent breaches, information theft or even more dire consequences from occurring on federal, state and local networks.

Without question, the DoD?s well-established physical security prevents key documents, including electronic, from falling into the wrong hands. Strict credentialing and frequent checkpoints, however, cannot protect data traveling through the air on a wireless network. In fact, if left unchecked, information on wireless networks and stored on wireless devices can be easily stolen or manipulated by someone sitting in a nearby parking lot tapping into thin air. What?s worse, the person that penetrates the networks could have virtually unlimited access to sensitive information on government operations and the citizens it serves.

To minimize these threats, agencies must implement a system of evaluating, protecting and monitoring their wireless infrastructure and ensure that their networks are not compromised. Following the tips below, agencies can mitigate the risks posed by wireless to achieve compliance with Directive 8100.2 and similar polices being rolled out by the Army, Navy, Air Force, and other branches of the military. Agencies should also, as outlined in the knowledge management section of the Directive, research best practices, investigate successful deployments and tap into wireless expertise within the military community so as not to "reinvent the wheel" on wireless security.

Gauge your wireless exposure and assess your risk. Begin by inventorying wireless access points and devices?both approved and rogue devices that are touching the network. Once there is a good understanding of who accesses the network, conduct a vulnerability assessment. Upon completion, map applications accessed and employee usage trends to create wireless usage policies in accordance with the 8100.2 Directive.
Protect all existing wireless investments. Monies spent on wireless infrastructure (devices and access points) should not need to replaced or upgraded in order to achieve 8100.2 compliance. Rather, a security solution that is interoperable with existing devices and APs, can be seamlessly integrated into the current wireless architecture and allow for future expansion of the network as new applications and devices are put into service.
Maintain administrative flexibility. Ultimately, the wireless network solution should make administering a secure wireless network easier. WLANs shouldn?t become an IT administration burden forced on the users by single vendor solutions that do not interoperate with the surrounding infrastructure. Any solution that appears to be time and training-intensive should be eliminated from consideration.
Select and implement a comprehensive, high-assurance wireless security solution that is in keeping with the standards and practices for secure computing and communications. The Directive outlines the requirement for end-to-end security as validated by the NIST FIPS 140-2 program. Qualifying vendor systems should be able to outline how a solution maps to the new Directive and how it simultaneously ensures that the agency and its users can still reap the inherent benefits of wireless without compromising security. More importantly, the vendor should be able to provide details on how the product will adjust and adapt to a changing wireless infrastructure so that the buyer can rest easy that it will not be outgrown or outdated when the next generation of wireless is implemented.
Regulate and educate users. Set security-specific wireless policies that dictate authentication, encryption levels, identify trusted users and minimize exposure to attacks. Educate users on the importance of maintaining a secure wireless infrastructure, and detail implications of misuse. By outlining the benefits and hazards of widespread wireless use, employees can be held accountable for any abuse of policies that may put an agency or branch in conflict with the Directive.
By following the advice outlined above, military branches, supporting agencies and DoD contractors will be able to evaluate and select appropriate security technologies to achieve Directive 8100.2 compliance without sacrificing the value of wireless use. However, no amount of security can guarantee data security and privacy unless usage policies are set and embraced by wireless administrators and end users.

About Fortress Technologies
The AirFortress product family offers flexible, market-proven security to address the risks and vulnerabilities of wireless networks. It is a trusted and easy-to-use security solution that supports and integrates with corporate wired assets and systems to ensure the business integrity demanded by the global 1000, government, financial and health care organizations. AirFortress provides a single security solution for all wireless LANs. AirFortress meets the government?s rigorous standards for wireless network security, under the Federal Information Processing Standards (FIPS 140) validation program, and is one of the only companies to offer the end-to-end security consistent with the Department of Defense?s new directive for wireless devices and use.

Having achieved market-leader status through deployments with the DoD, civilian agencies like the VA, and brand-name commercial accounts, Fortress was recently honored as SC Magazine?s 2004 "Readers Trust" award winner for best wireless security solution. Additional industry recognition includes Venture Reporter?s "20 Venture-backed Wireless Firms Most Likely to Succeed" and Federal Computer Week?s "10 Hot Companies to Watch." Fortress Technologies is headquartered in Tampa, Florida, with partners and resellers worldwide. For more information, contact us at info@fortresstech.com or call 813-288-7388.