Meeting the DoD Wireless Directive:

Section:	Requirements:	Solution:	AirDefense
4.1.1	Monitoring for Strong Authentication	AirDefense allows organizations to set authentication and personal identification policy and monitor for its compliance (click for more).
4.1.2	Monitoring for Strong Encryption	AirDefense allows organizations to set encryption policies and monitor for compliance (click for more)
4.1.4	Mitigation of Denial of Service and other Disruptions	AirDefense identifies impending threats, and attacks against the wireless network by correlating information gathered from the smart sensors (click for more)
4.2 & 4.3	Banning Wireless Devices in Designated Areas/Monitoring	AirDefense recognizes all wireless LAN devices, which include access points, wireless LAN user stations, soft APs, and specialty devices (click for more)
4.4	Removing Wireless Personal Area networks (WPAN) / Bluetooth Devices	AirDefense BlueWatch scans for the presence of Bluetooth devices and identifies rogue and insecure Bluetooth devices...
4.5	Active Monitoring of Unauthorized Access of DoD IS	AirDefense provides 24x7 active monitoring using passive sensors and a strong centralized policy manager ensures that WLANs are conforming to the security policy (click for more)

Section 4.1.1: Monitoring for Strong Authentication:

Section 4.1.1 of the directives mandates that all commercial wireless devices connected to the DoD global information grid need to use strong authentication.

AirDefense allows organizations to set this authentication and personal identification policy and monitor for its compliance. If any wireless LAN device is found noncompliant, AirDefense generates a notification. Furthermore, AirDefense offers reporting tailored to DoD directive compliance that allows system administrators to see all potential vulnerabilities at a glance (sample report shown below). AirDefense has specific detection for VPN or 3-factor authentication solutions, such as AirFortress.

Back

Section 4.1.2: Monitoring for Strong Encryption:

Section 4.1.2 requires strong encryption (FIPS 140-2 compliant) for all unclassified communication between wireless devices.

AirDefense allows organizations to set encryption policies and monitor for their compliance. AirDefense has specific detection for FIPS 140-2 compliant solutions such as AirFortress that are mandated by the directive. Plus, custom DoD reports make encryption compliance testing and assessment simple.

Back

Section 4.1.4: Mitigation of Denial of Service and other Disruptions:

Section 4.1.4 mandates the measures be taken to mitigate denial of service attacks including interference from friendly sources.

AirDefense identifies suspicious wireless LAN activity, impending threats, and attacks against the wireless network by correlating information gathered from the smart sensors using four different intrusion detection technologies. This dramatically reduces false positives and gives accurate results. AirDefense goes beyond threat detection to monitor the health of the wireless LAN and provide operational support. By detecting overlapping networks, interference, and access point bottlenecks, AirDefense help administrators identify problems and maximize network performance.

Back

Section 4.2 & 4.3: Banning Wireless Devices in Designated Areas:

Section 4.2 & 4.3 of the Directive bans wireless devices from areas where classified information is discussed, processed, stored or transmitted.

Unauthorized “rogue” wireless LANs represent one of the biggest threats to an organization’s network security. Rogue wireless LANs create an open entry point (backdoor) to the enterprise network by bypassing all existing security measures. AirDefense detects and recognizes all wireless LAN devices, which include access points, wireless LAN user stations, soft APs, and specialty devices. AirDefense also identifies rogue behavior from ad hoc, peer-to-peer networking between user stations, and accidental associations from user stations connecting to neighboring networks. By identifying the stations that connect to rogue wireless LANs, AirDefense enables IT personnel to assess risks from a rogue network and identify the damage that has been done.

Back

Section 4.4: Removing Wireless Personal Area networks (WPAN) / Bluetooth Devices

Section 4.4 requires that DAAs ensure that Wireless Personal Area Network (WPAN) capability is removed or
physically disabled in devices that do not have a FIPS PUB 140-2- validated cryptographic module implemented.

AirDefense BlueWatch is a Windows-based software program that scans for the presence of Bluetooth devices and their key attributes. BlueWatch can enable individual users and enterprises to identify rogue and insecure Bluetooth devices in their air space, enabling them to take proactive steps to mitigate the risk of security breaches.

Back

Section 4.5: Active Monitoring of Unauthorized Access of DoD IS

Per Section 4.5, the DoD Components shall actively screen for wireless devices. Active electromagnetic sensing at the DoD or contractor premises to detect/prevent unauthorized access of DoD ISs shall be performed to ensure compliance.

AirDefense provides 24x7 active monitoring using passive sensors and a strong centralized policy manager ensures that WLANs are conforming to the security policy. AirDefense allows IT managers to define policies for authorized user stations, their configuration, how stations connect to the wireless LAN, and recognized threats. A network roaming policy for user stations recognizes roaming policy violations when a user station tries to connect with unapproved access points within the enterprise. Additionally, AirDefense can generate DoD specific reports make directive compliance easy to verify and monitor.

Back

Department of Defense Directive 8100.2 FAQs:

What is the DoD Wireless Directive?

To whom does it apply?

What is the timeline for compliance?

What is the DoD Wireless Directive?

The Department of Defense (DoD) Directive Number 8100.2 was issued on April 14, 2004. The Directive covers the use of commercial wireless devices, services, and technologies in the DoD Global Information Grid (GIG). The Directive spells out policies for deploying secure wireless networks, and requires monitoring of those wireless networks for compliance. Additionally, the Directive states that wireless networks are banned from use in certain areas, and it covers policies for banned and authorized wireless networks. The Directive is effective immediately.

To whom does it apply?

The DoD Wireless Directive applies to all DoD organizations, including:

The Directive refers to these agencies collectively as the DoD Components. The Directive applies to all commercial wireless devices, services, and technologies, including voice and data capabilities. This includes, but is not limited to, commercial wireless networks and Portable Electronic Devices (PEDs) such as laptop computers with wireless capability, cellular/Personal Communications System (PCS) devices, audio/video recording devices, scanning devices, remote sensors, messaging devices, Personal Digital Assistants (PDAs), and any other commercial wireless devices capable of storing, processing, or transmitting information.

The following people are responsible for directive compliance:

What is the timeline for compliance?

The DoD Wireless Directive requires heads of the DoD Components to submit to the DoD CIO, within 180 days of this Directive, specific implementation timelines for compliance, and ensure that all new commercial wireless procurements comply with this Directive immediately. The Directive asks DAAs (Designated Approving Authorities) to:

• Ensure that wireless networks do not introduce wireless vulnerabilities that undermine the assurance of interconnected systems
• Include intrusion detection methodologies for the wireless systems.