Checklist for secure wireless LAN deployment


This article can also be found in the Premium Editorial Download "Information Security magazine: Unwrapping Windows Server 2003: An exclusive first look at Microsoft's new OS."

Download it now to read this article plus other related content.


  • Define business requirements (assets and wireless access needs).
  • Identify threats and quantify risks.
  • Document your WLAN security policy.
  • Disseminate policy to everyone.

Integration planning

  • Conduct site survey, creating inventories and maps.
  • Lay out access points (APs) and antennas to minimize signal leakage.
  • Determine AP placement relative to existing firewalls.
  • Pick approach to protect adjacent wired network.
  • Define network topology and impact on routers, VLANs.
  • Identify reuse of access control lists (ACLs), DHCP, user databases, desktop security software.
  • Identify software and procedures to harden APs and stations.
  • Identify interfaces for integrated WLAN management and monitoring.
  • Determine need for WLAN-specific policy management tools.

Policy implementation

  • Pick access control method(s): MAC ACLs, 802.1X, SSL portal.
  • Define access policies for authorized APs, stations, users, groups and guests.
  • Issue and distribute authentication credentials to every station.
  • Select encryption layer(s): 802.11, network, transport, application.
  • Pick authentication method(s): none, shared key, EAP, VPN, SSL login.
  • Identify software required on stations, APs and authentication servers.
  • For link-layer crypto, apply WPA upgrades to APs.
  • For network/transport crypto, choose tunneling protocol and cipher(s).
  • Determine key distribution

    Requires Free Membership to View

  • and refresh method.

Deployment and beyond

  • Penetration test existing network to create security baseline.
  • Stage WLAN, pen test and fix vulnerabilities.
  • Pen test after deployment and fix until remaining risks are acceptable.
  • Monitor WLAN for suspicious activity; track usage.
  • Repeat discovery and vulnerability assessment at regular intervals.
  • Determine need for and implement wireless intrusion detection.
  • Do forever: Maintain security policy; plan for and implement updates.


This was first published in April 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.