Problem solve Get help with specific problems with your technologies, process and projects.

Checklist for secure wireless LAN deployment

Lisa Phifer outlines a checklist for secure wireless LAN deployment in the areas of policy, integration planning, and deployment and beyond.


  • Define business requirements (assets and wireless access needs).
  • Identify threats and quantify risks.
  • Document your WLAN security policy.
  • Disseminate policy to everyone.

Integration planning

  • Conduct site survey, creating inventories and maps.
  • Lay out access points (APs) and antennas to minimize signal leakage.
  • Determine AP placement relative to existing firewalls.
  • Pick approach to protect adjacent wired network.
  • Define network topology and impact on routers, VLANs.
  • Identify reuse of access control lists (ACLs), DHCP, user databases, desktop security software.
  • Identify software and procedures to harden APs and stations.
  • Identify interfaces for integrated WLAN management and monitoring.
  • Determine need for WLAN-specific policy management tools.

Policy implementation

  • Pick access control method(s): MAC ACLs, 802.1X, SSL portal.
  • Define access policies for authorized APs, stations, users, groups and guests.
  • Issue and distribute authentication credentials to every station.
  • Select encryption layer(s): 802.11, network, transport, application.
  • Pick authentication method(s): none, shared key, EAP, VPN, SSL login.
  • Identify software required on stations, APs and authentication servers.
  • For link-layer crypto, apply WPA upgrades to APs.
  • For network/transport crypto, choose tunneling protocol and cipher(s).
  • Determine key distribution and refresh method.

Deployment and beyond

  • Penetration test existing network to create security baseline.
  • Stage WLAN, pen test and fix vulnerabilities.
  • Pen test after deployment and fix until remaining risks are acceptable.
  • Monitor WLAN for suspicious activity; track usage.
  • Repeat discovery and vulnerability assessment at regular intervals.
  • Determine need for and implement wireless intrusion detection.
  • Do forever: Maintain security policy; plan for and implement updates.


This was last published in April 2003

Dig Deeper on Wireless network security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.