Information Technology Reference
In-Depth Information
7.4.2
Security Concerns
Wireless LAN security is a combination of three perspectives: securing data trans-
mitted over a wireless link, securing the wireless network from unauthorized
access, and securing the wired network from unauthorized access from the wireless
side. Securing the wireless network from unauthorized access includes protection
against unauthorized users as well as protection from rogue access points that may
be authorized users over an unauthorized link.
7.4.3
Policy
The IA architect should view wireless (security) policy from an organizational per-
spective and from an employee perspective. The corporate perspective addresses
network configuration and is more relevant to network designers and system
administrators. The employee perspective includes desktop, laptop, cell phone, and
other wireless devices with which an employee directly interacts.
7.4.3.1
Corporate Perspective
Wireless technology is inherently insecure. Physical/facility compromise is not nec-
essary to intercept wireless transmissions or to gain access to wireless devices. Wire-
less security policy considerations include:
n
−
Defense-in-depth
All items below are part of a layered security approach; none are stand-
alone solutions.
Wireless LAN traffic to wired LAN
Use of a VPN or firewall
Minimum encryption strength standards
Routing rules
Restrict routing to multiple networks.
Modify equipment default settings and standard settings for configurable
parameters.
Set WAP to not broadcast service set identities (SSIDs).
Modify all WAP default SSIDs to a unique identifier.
Implement OSI layer 2 access control lists; Media Access Control (MAC)
filtering.
Monitoring and alerting
Monitor WLAN use via wireless sniffers and intrusion detection systems
(IDSs).
Provide alerting to network or security operations center.
n
−
n
n
−
n
−
−
n
n
−
−
