Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Mobile & Wireless

In Mobile & Wireless:
News
Reviews
Features
How-tos
Slideshows

Top How-Tos / Advice articles

A Wi-Fi security parts list

Here's what you need to keep your WLAN tight

By Joanie Wexler, Network World | Network World US | Published: 01:00, 26 May 2005

Earlier this month, I discussed recent survey findings indicating that enterprises now feel pretty good about the industry's wireless LAN security standards and solutions. But they are less confident in their own abilities to successfully deploy them. The survey, conducted by educational networking Web site Webtorials, similarly revealed that enterprises still consider security to be the biggest challenge to Wi-Fi implementation.

I've discussed this situation with several industry experts. I'll attempt to offer some very basic tips that might help you get your arms around Wi-Fi security deployment a bit more clearly. After all, the IEEE 802.11 security nomenclature has grown quite large and complex over the past few years (see our glossary for confirmation of that). Breaking it into short, simple pieces might help clarify the process.

Lesson 1: What are the components you need for a best-practice Wi-Fi security deployment?
Joshua Wright, deputy director of training at the SANS Institute, a Bethesda-based information security training, research and education organization, helped me compile the following list:

An authentication database. You likely already have one in place in your organisation, perhaps in the form of Windows Active Directory or a stand-alone RADIUS server (or a combination of both).

A strong authentication mechanism. This is the wireless Extensible Authentication Protocol (EAP) method that you must select from several available algorithms to verify that the user attempting to connect to the network is who he says he is. A future article will focus on choosing an EAP method.

A strong over-the-air data encryption mechanism, which regularly rotates the encryption key. Key rotation gives hackers a smaller window of opportunity to crack the key. If you use current 802.11 security standards, this function will be built right into the encryption algorithm.

A regular auditing mechanism to check for rogue devices connected to your network and device misconfigurations. This can consist of periodic scanning of your WLAN environment using free or commercial tools. More security-conscious organisations will wish to use full-time wireless intrusion detection/protection sensors.

Next time: Now that you know the basic "ingredients" that go into the Wi-Fi security "recipe," what initial configuration steps should you take?

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.