NETWORK SECURITY TACTICS
Safe WLAN deployment checklist
Lisa Phifer
04.01.2003
Rating: --- (out of 5)
|
Policy
- Define business requirements (assets and wireless access needs).
- Identify threats and quantify risks.
- Document your WLAN security policy.
- Disseminate policy to everyone.
Integration planning
- Conduct site survey, creating inventories and maps.
- Lay out access points (APs) and antennas to minimize signal leakage.
- Determine AP placement relative to existing firewalls.
- Pick approach to protect adjacent wired network.
- Define network topology and impact on routers, VLANs.
- Identify reuse of access control lists (ACLs), DHCP, user databases, desktop security software.
- Identify software and procedures to harden APs and stations.
- Identify interfaces for integrated WLAN management and monitoring.
- Determine need for WLAN-specific policy management tools.
Policy implementation
- Pick access control method(s): MAC ACLs, 802.1X, SSL portal.
- Define access policies for authorized APs, stations, users, groups and guests.
- Issue and distribute authentication credentials to every station.
- Select encryption layer(s): 802.11, network, transport, application.
- Pick authentication method(s): none, shared key, EAP, VPN, SSL login.
- Identify software required on stations, APs and authentication servers.
- For link-layer crypto, apply WPA upgrades to APs.
- For network/transport crypto, choose tunneling protocol and cipher(s).
- Determine key distribution and refresh method.
Deployment and beyond
- Penetration test existing network to create security baseline.
- Stage WLAN, pen test and fix vulnerabilities.
- Pen test after deployment and fix until remaining risks are acceptable.
- Monitor WLAN for suspicious activity; track usage.
- Repeat discovery and vulnerability assessment at regular intervals.
- Determine need for and implement wireless intrusion detection.
- Do forever: Maintain security policy; plan for and implement updates.
MORE INFORMATION ON WIRELESS LANs:
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
