Results 1 to 3 of 3

Thread: How To: Define Wireless Network Security Policies

  1. #1
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003
    Location
    NYC
    Posts
    246

    How To: Define Wireless Network Security Policies

    Wi-Fi Planet outlines wireless security best practices for enterprises.

    How to: Define Wireless Network Security Policies - Wi-Fi Planet

    Utilize IPSec-based Virtual Private Network (VPN) technology for end-to-end security.

    If users need access to sensitive applications from Wi-Fi hotspots, definitely utilize a VPN system to provide sufficient end-to-end encryption and access control. Some companies require VPNs for all wireless client devices, even when they’re connecting from inside the secured walls of the enterprise. A “full-throttle” VPN solution such as this offers good security, but it becomes costly and difficult to manage when there are hundreds of wireless users (mainly due to the need for VPN servers). As a result, consider implementing 802.11 encryption when users are operating inside the enterprise and VPNs for the likely fewer users who need access from hotspots.

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    A “full-throttle” VPN solution such as this offers good security, but it becomes costly and difficult to manage when there are hundreds of wireless users (mainly due to the need for VPN servers).
    That's where VPN concentrators and RADIUS/TACACS servers come in

    Establish the wireless network on a separate VLAN. A firewall can then help keep hackers located on the VLAN associated with the wireless network from having easy access to corporate servers located on different, more secured VLANs (i.e., not accessible from the wireless network). In this manner, the wireless network is similar to a public network, except you can apply encryption and authentication mechanisms to the wireless users.
    VLAN's should NOT be used as a security measure as they were never meant to be used that way. VLAN's are used to improve network performance by limiting the size of broadcast domains, NOT improve security. Use a separate (physical) LAN not VLAN.

    Don’t broadcast SSIDs. If this feature is available, you can avoid having user devices automatically sniff the SSID in use by the access point. Most current computer operating systems and monitoring tools will automatically sniff the 802.11 beacon frames to obtain the SSID. With SSID broadcasting turned off, the access point will not include the SSID in the beacon frame, making most SSID sniffing tools useless. This isn’t a foolproof method of hiding the SSID, however, because someone can still monitor 802.11 association frames (which always carry the SSID, even if SSID broadcasting is turned off) with a packet tracer. At least shutting off the broadcast mechanism will limit access.
    This is BS. You'll only make it harder for your clients to connect to the network and it adds absolutely nothing to your security.
    Last edited by SirDice; September 20th, 2008 at 03:19 PM.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    Quote Originally Posted by SirDice
    This is BS. You'll only make it harder for your clients to connect to the network and it adds absolutely nothing to your security.
    Agreed. Same goes with MAC filtering, it does almost nothing -_-

Similar Threads

  1. Tips
    By XTC46 in forum Site Feedback/Questions/Suggestions
    Replies: 15
    Last Post: August 24th, 2005, 07:52 PM
  2. Network Security made easy?
    By Tiger Shark in forum Microsoft Security Discussions
    Replies: 5
    Last Post: January 14th, 2005, 08:47 PM
  3. A look into IDS/Snort Whole thing by QoD
    By qod in forum The Security Tutorials Forum
    Replies: 6
    Last Post: February 27th, 2004, 03:03 AM
  4. Understanding DoS
    By NullDevice in forum The Security Tutorials Forum
    Replies: 21
    Last Post: December 17th, 2003, 10:03 PM
  5. Security Policy
    By instronics in forum The Security Tutorials Forum
    Replies: 7
    Last Post: February 5th, 2003, 10:04 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •