In the following discussion the key issues effecting Wi-Fi deployments are highlighted and generic solutions are suggested. Several vendors supply systems that can meet the issues raised:

Practice 1 - Create the Policy

"The security policy will describe the organization’s attitude to risk."

Define how you intend to use wireless technology within the organization. Understand the risks posed by exposing your sensitive data assets to unauthorised disclosure. Ensure to get the wireless security policy approved by the management team.

The security policy will describe the organization’s attitude to risk. By identifying the risks and deciding in advance what risks will be tackled, these risks can be reduced. Consider these scenarios and ask yourself how would your organization react? Consider your position on three potential risks:

a) Unauthorised Access point
A rogue Access Point leads to your network being selected to release a new virus into the unsuspecting world. The publicity is wholly unkind and labels the company in a harmful way.

b) Unauthorised disclosure
Y our company results for the year are emailed from a wireless connected laptop and are eavesdropped. The disclosure leads to fluctuations in the share price and an enquiry by the regulator into the quality of your systems?

c) Disruptive Wi-Fi service
Unauthorised Wi-Fi devices repeatingly causes interference and degrades the quality of your Wi-Fi service( i.e. your 802/11g 54Mbits/s WLAN drops to a 802.11b 11Mbits/s). You are evaluating wireless technology for a sales staff productivity project. Your Sales Director wants to deploy mobile solutions to enable access to CRM system recently installed at great cost. Poor connection speeds results in users rejecting new technology.

Practice 2 - Monitor your airwaves

Ensure that you know what is going on. Operate a automatic wireless monitoring system. These systems can alert key personnel to breaches in the wireless security policy. Several vendors have products where a centralized policy can be created with sensors distributed across their network. The sensors detect wireless use and feed back to a central control where policy anomaly’s are identified and acted upon. Some systems will also monitor the performance aspects of Wi-Fi.

Practice 3 - Ability to detect actual location of Wi-Fi device

Knowing that a Rogue device is one thing but having the ability to walk out on to the office floor find it is another. Hand held devices that act like a Geiger detector are available and are used to track ...

Practice 4 - Need for centralised control

With any control process it is vital that the information is collected centrally and can be accessed by authorized personnel anywhere on the network. Likewise an alerting system needs to be incorporated be it email, SMS SNMP etc that notifies of policy violations.

Practice 5 - Authenticate your users

It is important to know who is accessing what. Wireless networks are no different and steps should be taken to ensure wi-fi users credentials are checked before access is permitted. Systems available typically employ Radius authentication.

Practice 6 - Encrypt wireless traffic

Wi-Fi traffic (for many systems) is transmitted clear text. This makes eavesdropping extremely easy and can lead to unauthorised disclosure of sensitive data. Several encryption schemes are available – some stronger that others. It’s important to utilize a encryption scheme that can be relied upon which would typically be AES 256 or higher.

Practice 7 - Create wireless VLANs for greater Access Control

It is important to be able to direct wireless users into specific VLANs so that access to applications and services can be tightly controlled. This means that user access to data & applications can be controlled by their location e.g. some sensitive financial applications could be made available to staff in the office or their own home but not when they are in the buildings ‘guest area’ or when accessing from a internet café. Furthermore control may be restricted to only grant access at specific times of day, with restrictions on service out of business hours, holidays etc.