Part 2: Strategies for securing your wireless LAN

IPsec
This option offers the most robust security, according to Snyder. IPsec enables positive bi-directional authentication of the user and gateway; per-packet encryption and authentication; a high re-key rate and selector-based firewall rules.

The drawback to IPsec is that implementation and updating are difficult. Plus, IPsec requires expensive hardware investments.

Finally, there is an interesting feature of IPsec, Snyder added: You can either terminate the tunnel at the access point directly or back haul it to a VPN security gateway behind the access point. The second option is a good way for organizations to recycle investment in IPsec by using the same model for wireless as Internet remote-access users. If you're looking to reuse expensive hardware investments, IPsec might be a good solution to consider.

So, which wireless security strategy is right for you? Of course, that all depends on a balance between your organization's needs, budget, resources and time. Any one of these strategies -- including WEP, 802.1X and 802.11i/WPA from part one -- can help you implement a secure wireless LAN.

About the author
Mia Shopis is assistant editor for SearchSecurity.com. You can e-mail her here at mshopis@techtarget.com

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Network Security Tactics Enterprise role management: Trends and best practices Using Nessus Attack Scripting Language (NASL) to find application vulnerabilities Screencast: Recovering lost data with WinHex How to build security into a virtualized server environment How to install and configure Nessus How to run a Nessus system scan Nessus: Vulnerability scanning in the enterprise Screencast: An introduction to the Open Source Security Testing Methodology Manual (OSSTMM) Understanding multifactor authentication features in IAM suites Network intrusion prevention systems: Should enterprises deploy now? Wireless Access Control Lessons learned from TJX: Best practices for enterprise wireless encryption Should the enterprise be concerned with the Apple iPhone's automatic connection to Wi-Fi networks? Is it possible to identify a fake wireless access point? How 'evil twins' and multipots seek to bypass enterprise Wi-Fi defenses Wi-Fi simplicity edging out Wi-Fi security Should an enterprise network be regularly checked for rogue access points? Aruba bolsters mobile suite with security acquisition Cafe Wi-Fi VeriSign, AirMagnet team up for wireless IPS Check Point promises more VoIP security, fewer slowdowns Wireless Access Control Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary evil twin  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.