Checklist for secure wireless LAN deployment

Lisa Phifer outlines a checklist for secure wireless LAN deployment in the areas of policy, integration planning, and deployment and beyond.

This Content Component encountered an error

Policy

  • Define business requirements (assets and wireless access needs).
  • Identify threats and quantify risks.
  • Document your WLAN security policy.
  • Disseminate policy to everyone.

Integration planning

  • Conduct site survey, creating inventories and maps.
  • Lay out access points (APs) and antennas to minimize signal leakage.
  • Determine AP placement relative to existing firewalls.
  • Pick approach to protect adjacent wired network.
  • Define network topology and impact on routers, VLANs.
  • Identify reuse of access control lists (ACLs), DHCP, user databases, desktop security software.
  • Identify software and procedures to harden APs and stations.
  • Identify interfaces for integrated WLAN management and monitoring.
  • Determine need for WLAN-specific policy management tools.

Policy implementation

  • Pick access control method(s): MAC ACLs, 802.1X, SSL portal.
  • Define access policies for authorized APs, stations, users, groups and guests.
  • Issue and distribute authentication credentials to every station.
  • Select encryption layer(s): 802.11, network, transport, application.
  • Pick authentication method(s): none, shared key, EAP, VPN, SSL login.
  • Identify software required on stations, APs and authentication servers.
  • For link-layer crypto, apply WPA upgrades to APs.
  • For network/transport crypto, choose tunneling protocol and cipher(s).
  • Determine key distribution and refresh method.

Deployment and beyond

  • Penetration test existing network to create security baseline.
  • Stage WLAN, pen test and fix vulnerabilities.
  • Pen test after deployment and fix until remaining risks are acceptable.
  • Monitor WLAN for suspicious activity; track usage.
  • Repeat discovery and vulnerability assessment at regular intervals.
  • Determine need for and implement wireless intrusion detection.
  • Do forever: Maintain security policy; plan for and implement updates.

MORE INFORMATION ON WIRELESS LANs:

This was first published in April 2003

Dig deeper on Wireless Network Protocols and Standards

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close