|
Wireless Network Security
Security, Security, Security.... The one concept that seems to get pushed aside in business. We are here to help educate and protect our customers valued data and network connections.
Here at Best PC Professionals, LLC we push security first!
For a limited time we are offering a free wireless security analysis to all new and existing customers. We know that brute force attacks to hack wireless networks is becoming more popular to those that are not setup correctly. Not only can attackers possibly get to your important data, but they get access to your internet connection to possibly do illegal activities. Doing this all while using Your registered IP Address.
Contact us email: (
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
) for any questions or to schedule your free wireless analysis. Secure your infrastructure today before a disaster occurs that your company can't recover from...
WLAN SECURITY -
From a security standpoint, centralized WLANs are more secure than distributed APs. The most glaring security fault of a distributed WLAN is that each AP contains security information. If a hacker can gain access to one AP, then they could
gain access to the entire network. Additionally, if an AP was stolen and a hacker gained access, then the AP username and password (which should always be changed from the defaults), encryption keys, and RADIUS pre-shared key(s)
would be revealed. Other features that are available in some centrally managed WLAN offerings include:
• WIDS/WIPS.
• VPN termination.
• Wireless location services.
• RF planning tools for AP deployment planning.
• Heat maps showing actual wireless coverage in real time.
• Integrated user-aware stateful firewall.
• EAP termination.
• Site-to-site VPN.
• Secure remote AP.
• Quality of Service.
In addition to cost and management advantages, the list of security features available in today’s centrally managed WLANs is comprehensive and continually growing.
Businesses with WLAN installations should include WLAN usage and security policies in their IT policy repertoire. All employees and guest users of the WLAN should be required to review and sign off on these policies. A comprehensive WLAN usage and security policy should include the following components:
1. Explanation of the policy and why it is required.
2. Approved equipment and end user or mobile devices.
3. Monitoring of the wireless network environment.
4. WLAN authentication and encryption.
5. Access control.
6. Remote access.
7. Client security standards.
8. Guest access mode.
9. Explanation of non-adherence penalties.
Policies must be enforceable, so it is important to ensure that the technology and operational infrastructure support the identification of the business's policy violators.
-
RECOMMENDATIONS
-
Implementing and maintaining a secure business WLAN requires the right technology infrastructure, operational processes, and usage and security policies. It is not an insignificant undertaking. Yet the benefits secure mobility offers the enterprise often warrant the investment and effort. Build the framework for a secure WLAN by following these guidelines:
1. Build on a centralized WLAN architecture as opposed to a implementing a distributed deployment. (This is only appropriate for very small implementations of less than 10 APs). 2. Implement 802.11i for mutual authentication on every WLAN client device. Authentication servers must be validated by clients and vice-versa. -
-
3. Enforce strong encryption. Use AES-CCMP wherever supported and TKIP at a minimum. Do not allow the use of WEP on the business WLAN.
-
-
WLAN SECURITY
-
From a security standpoint, centralized WLANs are more secure than distributed APs. The most glaring security fault of a distributed WLAN is that each AP contains security information. If a hacker can gain access to one AP, then they could
gain access to the entire network. Additionally, if an AP was stolen and a hacker gained access, then the AP username and password (which should always be changed from the defaults), encryption keys, and RADIUS pre-shared key(s)
would be revealed. Other features that are available in some centrally managed WLAN offerings include:
• WIDS/WIPS.
• VPN termination.
• Wireless location services.
• RF planning tools for AP deployment planning.
• Heat maps showing actual wireless coverage in real time.
• Integrated user-aware stateful firewall.
• EAP termination.
• Site-to-site VPN.
• Secure remote AP.
• Quality of Service.
In addition to cost and management advantages, the list of security features available in today’s centrally managed WLANs is comprehensive and continually growing.
Businesses with WLAN installations should include WLAN usage and security policies in their IT policy repertoire. All employees and guest users of the WLAN should be required to review and sign off on these policies. A comprehensive WLAN usage and security policy should include the following components:
1. Explanation of the policy and why it is required.
2. Approved equipment and end user or mobile devices.
3. Monitoring of the wireless network environment.
4. WLAN authentication and encryption.
5. Access control.
6. Remote access.
7. Client security standards.
8. Guest access mode.
9. Explanation of non-adherence penalties.
Policies must be enforceable, so it is important to ensure that the technology and operational infrastructure support the identification of the business's policy violators.
-
RECOMMENDATIONS
-
Implementing and maintaining a secure business WLAN requires the right technology infrastructure, operational processes, and usage and security policies. It is not an insignificant undertaking. Yet the benefits secure mobility offers the enterprise often warrant the investment and effort. Build the framework for a secure WLAN by following these guidelines:
1. Build on a centralized WLAN architecture as opposed to a implementing a distributed deployment. (This is only appropriate for very small implementations of less than 10 APs). 2. Implement 802.11i for mutual authentication on every WLAN client device. Authentication servers must be validated by clients and vice-versa. -
-
3. Enforce strong encryption. Use AES-CCMP wherever supported and TKIP at a minimum. Do not allow the use of WEP on the business WLAN.
From a security standpoint, centralized WLANs are more secure than distributed APs. The most glaring security fault of a distributed WLAN is that each AP contains security information. If a hacker can gain access to one AP, then they could
gain access to the entire network. Additionally, if an AP was stolen and a hacker gained access, then the AP username and password (which should always be changed from the defaults), encryption keys, and RADIUS pre-shared key(s)
would be revealed. Other features that are available in some centrally managed WLAN offerings include:
• WIDS/WIPS.
• VPN termination.
• Wireless location services.
• RF planning tools for AP deployment planning.
• Heat maps showing actual wireless coverage in real time.
• Integrated user-aware stateful firewall.
• EAP termination.
• Site-to-site VPN.
• Secure remote AP.
• Quality of Service.
In addition to cost and management advantages, the list of security features available in today’s centrally managed WLANs is comprehensive and continually growing.
Businesses with WLAN installations should include WLAN usage and security policies in their IT policy repertoire. All employees and guest users of the WLAN should be required to review and sign off on these policies. A comprehensive WLAN usage and security policy should include the following components:
1. Explanation of the policy and why it is required.
2. Approved equipment and end user or mobile devices.
3. Monitoring of the wireless network environment.
4. WLAN authentication and encryption.
5. Access control.
6. Remote access.
7. Client security standards.
8. Guest access mode.
9. Explanation of non-adherence penalties.
Policies must be enforceable, so it is important to ensure that the technology and operational infrastructure support the identification of the business's policy violators.
RECOMMENDATIONS
Implementing and maintaining a secure business WLAN requires the right technology infrastructure, operational processes, and usage and security policies. It is not an insignificant undertaking. Yet the benefits secure mobility offers the enterprise often warrant the investment and effort. Build the framework for a secure WLAN by following these guidelines:
1. Build on a centralized WLAN architecture as opposed to a implementing a distributed deployment. (This is only appropriate for very small implementations of less than 10 APs). 2. Implement 802.11i for mutual authentication on every WLAN client device. Authentication servers must be validated by clients and vice-versa.
3. Enforce strong encryption. Use AES-CCMP wherever supported and TKIP at a minimum. Do not allow the use of WEP on the business WLAN.
WLAN SECURITY
From a security standpoint, centralized WLANs are more secure than distributed APs. The most glaring security fault of a distributed WLAN is that each AP contains security information. If a hacker can gain access to one AP, then they could
gain access to the entire network. Additionally, if an AP was stolen and a hacker gained access, then the AP username and password (which should always be changed from the defaults), encryption keys, and RADIUS pre-shared key(s)
would be revealed. Other features that are available in some centrally managed WLAN offerings include:
• WIDS/WIPS.
• VPN termination.
• Wireless location services.
• RF planning tools for AP deployment planning.
• Heat maps showing actual wireless coverage in real time.
• Integrated user-aware stateful firewall.
• EAP termination.
• Site-to-site VPN.
• Secure remote AP.
• Quality of Service.
In addition to cost and management advantages, the list of security features available in today’s centrally managed WLANs is comprehensive and continually growing.
Businesses with WLAN installations should include WLAN usage and security policies in their IT policy repertoire. All employees and guest users of the WLAN should be required to review and sign off on these policies. A comprehensive WLAN usage and security policy should include the following components:
1. Explanation of the policy and why it is required.
2. Approved equipment and end user or mobile devices.
3. Monitoring of the wireless network environment.
4. WLAN authentication and encryption.
5. Access control.
6. Remote access.
7. Client security standards.
8. Guest access mode.
9. Explanation of non-adherence penalties.
Policies must be enforceable, so it is important to ensure that the technology and operational infrastructure support the identification of the business's policy violators.
RECOMMENDATIONS
Implementing and maintaining a secure business WLAN requires the right technology infrastructure, operational processes, and usage and security policies. It is not an insignificant undertaking. Yet the benefits secure mobility offers the enterprise often warrant the investment and effort. Build the framework for a secure WLAN by following these guidelines:
1. Build on a centralized WLAN architecture as opposed to a implementing a distributed deployment. (This is only appropriate for very small implementations of less than 10 APs). 2. Implement 802.11i for mutual authentication on every WLAN client device. Authentication servers must be validated by clients and vice-versa.
3. Enforce strong encryption. Use AES-CCMP wherever supported and TKIP at a minimum. Do not allow the use of WEP on the business WLAN.
RECOMMENDATIONS
Implementing and maintaining a secure business WLAN requires the right technology infrastructure, operational processes, and usage and security policies. It is not an insignificant undertaking. Yet the benefits secure mobility offers the enterprise often warrant the investment and effort. Build the framework for a secure WLAN by following these guidelines:
1. Build on a centralized WLAN architecture as opposed to a implementing a distributed deployment. (This is only appropriate for very small implementations of less than 10 APs). 2. Implement 802.11i for mutual authentication on every WLAN client device. Authentication servers must be validated by clients and vice-versa.
3. Enforce strong encryption. Use AES-CCMP wherever supported and TKIP at a minimum. Do not allow the use of WEP on the business WLAN.
WLAN SECURITY
From a security standpoint, centralized WLANs are more secure than distributed APs. The most glaring security fault of a distributed WLAN is that each AP contains security information. If a hacker can gain access to one AP, then they could
gain access to the entire network. Additionally, if an AP was stolen and a hacker gained access, then the AP username and password (which should always be changed from the defaults), encryption keys, and RADIUS pre-shared key(s)
would be revealed. Other features that are available in some centrally managed WLAN offerings include:
• WIDS/WIPS.
• VPN termination.
• Wireless location services.
• RF planning tools for AP deployment planning.
• Heat maps showing actual wireless coverage in real time.
• Integrated user-aware stateful firewall.
• EAP termination.
• Site-to-site VPN.
• Secure remote AP.
• Quality of Service.
In addition to cost and management advantages, the list of security features available in today’s centrally managed WLANs is comprehensive and continually growing.
Businesses with WLAN installations should include WLAN usage and security policies in their IT policy repertoire. All employees and guest users of the WLAN should be required to review and sign off on these policies. A comprehensive WLAN usage and security policy should include the following components:
1. Explanation of the policy and why it is required.
2. Approved equipment and end user or mobile devices.
3. Monitoring of the wireless network environment.
4. WLAN authentication and encryption.
5. Access control.
6. Remote access.
7. Client security standards.
8. Guest access mode.
9. Explanation of non-adherence penalties.
Policies must be enforceable, so it is important to ensure that the technology and operational infrastructure support the identification of the business's policy violators.
RECOMMENDATIONS
Implementing and maintaining a secure business WLAN requires the right technology infrastructure, operational processes, and usage and security policies. It is not an insignificant undertaking. Yet the benefits secure mobility offers the enterprise often warrant the investment and effort. Build the framework for a secure WLAN by following these guidelines:
1. Build on a centralized WLAN architecture as opposed to a implementing a distributed deployment. (This is only appropriate for very small implementations of less than 10 APs). 2. Implement 802.11i for mutual authentication on every WLAN client device. Authentication servers must be validated by clients and vice-versa.
3. Enforce strong encryption. Use AES-CCMP wherever supported and TKIP at a minimum. Do not allow the use of WEP on the business WLAN.
-
4. Do not use VLANs and SSIDs for security but rather for performance and manageability.
5. Interior security is essential when implementing a WLAN. Internal firewalls, ACLs, and policies to control WLAN access are critical components of an enterprise deployment.
6. Enforce client integrity policies and provide for remediation to bring client devices into compliance.
7. Secure mobile devices to prevent internal breaches or external data exposure.
8. Implement WIDS/WIPS to lock down the bigger enterprise WLAN's.
9. Implement and enforce usage and security policies.
10. Perform regular WLAN vulnerability assessments to ensure the network is secure. Assess internal security, as well as external vulnerabilities.
11. Perform due diligence when selecting infrastructure or WIDS vendors to ensure the enterprise business selects the product and vendor that best suit the company’s size and needs.
Businesses will require skilled resources to implement and properly manage the WLAN. Those that lack the required skills internally should rely on external consultants during implementation and train internal resources to manage the network post-installation. Consider vendor-specific training, as well as broad WLAN management and administrative training and certifications such as those offered though Microsoft Certified or the Certified Wireless Network Professional (CWNP) program.
-
-
CONCLUSION
The security record of 802.11 WLAN technologies is blemished, but advances in the security protocols and technology make it possible to implement a WLAN that is more secure than a wired network. Businesses that have implemented, or are planning to implement, a WLAN should take a holistic approach to securing the network. Mutual authentication and strong encryption form the foundation of a secure WLAN, but security does not end there. Companies must continually monitor the security of the network, enforce client integrity, implement proper interior security, lock down mobile devices, and introduce strict usage and security policies. Securing a WLAN requires proper planning, careful implementation, extensive testing, and ongoing monitoring and assessment. The IT manager who takes the appropriate measures to secure the enterprise WLAN will be able to sleep at night, and take credit for the productivity benefits that a well functioning, highly secure WLAN affords the enterprise.
-
-
Ensure that whoever handles your security administration reports directly to you or to someone in top management. They must have the ear of key decision makers, have access to key players in other departments, and be aware of organizational priorities.
|
