- Define business requirements (assets and wireless access needs).
- Identify threats and quantify risks.
- Document your WLAN security policy.
- Disseminate policy to everyone.
- Conduct site survey, creating inventories and maps.
- Lay out access points (APs) and antennas to minimize signal leakage.
- Determine AP placement relative to existing firewalls.
- Pick approach to protect adjacent wired network.
- Define network topology and impact on routers, VLANs.
- Identify reuse of access control lists (ACLs), DHCP, user databases, desktop security software.
- Identify software and procedures to harden APs and stations.
- Identify interfaces for integrated WLAN management and monitoring.
- Determine need for WLAN-specific policy management tools.
- Pick access control method(s): MAC ACLs, 802.1X, SSL portal.
- Define access policies for authorized APs, stations, users, groups and guests.
- Issue and distribute authentication credentials to every station.
- Select encryption layer(s): 802.11, network, transport, application.
- Pick authentication method(s): none, shared key, EAP, VPN, SSL login.
- Identify software required on stations, APs and authentication servers.
- For link-layer crypto, apply WPA upgrades to APs.
- For network/transport crypto, choose tunneling protocol and cipher(s).
- Determine key distribution and refresh method.
Deployment and beyond
- Penetration test existing network to create security baseline.
- Stage WLAN, pen test and fix vulnerabilities.
- Pen test after deployment and fix until remaining risks are acceptable.
- Monitor WLAN for suspicious activity; track usage.
- Repeat discovery and vulnerability assessment at regular intervals.
- Determine need for and implement wireless intrusion detection.
- Do forever: Maintain security policy; plan for and implement updates.
MORE INFORMATION ON WIRELESS LANs:
- Read the first part of the tip Strategies for securing your wireless LAN and learn how WEP, 802.1X and 802.11i help protect your WLAN.
- Learn about Web authentication and IPsec in the second part of Strategies for securing your wireless LAN.