Home > Security Tips > Network Security Tactics > Safe WLAN deployment checklist
Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

NETWORK SECURITY TACTICS

Safe WLAN deployment checklist


Lisa Phifer
04.01.2003
Rating: --- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


Policy

  • Define business requirements (assets and wireless access needs).
  • Identify threats and quantify risks.
  • Document your WLAN security policy.
  • Disseminate policy to everyone.

Integration planning

  • Conduct site survey, creating inventories and maps.
  • Lay out access points (APs) and antennas to minimize signal leakage.
  • Determine AP placement relative to existing firewalls.
  • Pick approach to protect adjacent wired network.
  • Define network topology and impact on routers, VLANs.
  • Identify reuse of access control lists (ACLs), DHCP, user databases, desktop security software.
  • Identify software and procedures to harden APs and stations.
  • Identify interfaces for integrated WLAN management and monitoring.
  • Determine need for WLAN-specific policy management tools.

Policy implementation

  • Pick access control method(s): MAC ACLs, 802.1X, SSL portal.
  • Define access policies for authorized APs, stations, users, groups and guests.
  • Issue and distribute authentication credentials to every station.
  • Select encryption layer(s): 802.11, network, transport, application.
  • Pick authentication method(s): none, shared key, EAP, VPN, SSL login.
  • Identify software required on stations, APs and authentication servers.
  • For link-layer crypto, apply WPA upgrades to APs.
  • For network/transport crypto, choose tunneling protocol and cipher(s).
  • Determine key distribution and refresh method.

Deployment and beyond

  • Penetration test existing network to create security baseline.
  • Stage WLAN, pen test and fix vulnerabilities.
  • Pen test after deployment and fix until remaining risks are acceptable.
  • Monitor WLAN for suspicious activity; track usage.
  • Repeat discovery and vulnerability assessment at regular intervals.
  • Determine need for and implement wireless intrusion detection.
  • Do forever: Maintain security policy; plan for and implement updates.

MORE INFORMATION ON WIRELESS LANs:

Rate this Tip
To rate tips, you must be a member of SearchSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Network Security Tactics
Exploring Microsoft's Network Access Protection policy options
Screencast: How to use Wikto for Web server assessment
How to avoid DLP implementation pitfalls
Microsoft Baseline Security Analyzer: Do updates offer improved Windows security?
How to patch Kaminsky's DNS vulnerability
Directory services and beyond: The future of LDAP
Screencast: Catching network traffic with Wireshark
Enterprise role management: Trends and best practices
Using Nessus Attack Scripting Language (NASL) to find application vulnerabilities
Screencast: Recovering lost data with WinHex

Wireless Access Control
PCI DSS 1.2 clarifies wireless, antivirus use
Lessons learned from TJX: Best practices for enterprise wireless encryption
Should the enterprise be concerned with the Apple iPhone's automatic connection to Wi-Fi networks?
Is it possible to identify a fake wireless access point?
How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses
Wi-Fi simplicity edging out Wi-Fi security
Should an enterprise network be regularly checked for rogue access points?
Aruba bolsters mobile suite with security acquisition
Cafe Wi-Fi
VeriSign, AirMagnet team up for wireless IPS
Wireless Access Control Research

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
evil twin  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Research Solutions for Network Security, Access Control and Security Threats
More Security Resources for Resellers, VARs and OEMs
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts