Checklist for secure wireless LAN deployment

Checklist for secure wireless LAN deployment

Policy

  • Define business requirements (assets and wireless access needs).
  • Identify threats and quantify risks.
  • Document your WLAN security policy.
  • Disseminate policy to everyone.

Integration planning

  • Conduct site survey, creating inventories and maps.
  • Lay out access points (APs) and antennas to minimize signal leakage.
  • Determine AP placement relative to existing firewalls.
  • Pick approach to protect adjacent wired network.
  • Define network topology and impact on routers, VLANs.
  • Identify reuse of access control lists (ACLs), DHCP, user databases, desktop security software.
  • Identify software and procedures to harden APs and stations.
  • Identify interfaces for integrated WLAN management and monitoring.
  • Determine need for WLAN-specific policy management tools.

Policy implementation

  • Pick access control method(s): MAC ACLs, 802.1X, SSL portal.
  • Define access policies for authorized APs, stations, users, groups and guests.
  • Issue and distribute authentication credentials to every station.
  • Select encryption layer(s): 802.11, network, transport, application.
  • Pick authentication method(s): none, shared key, EAP, VPN, SSL login.
  • Identify software required on stations, APs and authentication servers.
  • For link-layer crypto, apply WPA upgrades to APs.
  • For network/transport crypto, choose tunneling protocol and cipher(s).
  • Determine key distribution

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

  • and refresh method.

Deployment and beyond

  • Penetration test existing network to create security baseline.
  • Stage WLAN, pen test and fix vulnerabilities.
  • Pen test after deployment and fix until remaining risks are acceptable.
  • Monitor WLAN for suspicious activity; track usage.
  • Repeat discovery and vulnerability assessment at regular intervals.
  • Determine need for and implement wireless intrusion detection.
  • Do forever: Maintain security policy; plan for and implement updates.
MORE INFORMATION ON WIRELESS LANs:

This was first published in May 2004

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top