Securing wireless LANs
Information technology managers should consider the following checklist as they plan a wireless security policy:
* Determine the type and configuration of wireless access points (APs), wireless Network Interface Cards (NICs) and virtual private networking infrastructures.
* Address the need for changing default AP settings (including Simple Network Management Protocol) and other configuration issues (including the locations and wireless coverage areas of APs).
* Determine installation procedures and physical security for the APs (including shutting off APs after hours or when not in use).
* Create a strong password policy with a robust security infrastructure using Remote Authentication Dial-In User Service or a similarly strong mechanism.
* Determine what groups or individuals will be using the wireless local-area network and whether they need Internet access or can get by with intranet access.
* Determine who will be responsible for security audits, AP log monitoring and maintenance, and maintaining the configuration of APs and wireless NICs.
* Include a policy for protecting portable devices. A stolen laptop with a properly configured wireless LAN card is an open invitation to steal mission-critical network data.