Home page logo
/

basics logo Security Basics mailing list archives

RE: wireless policies
From: "Hagen, Eric" <ehagen () DenverNewspaperAgency com>
Date: Thu, 13 Nov 2003 09:12:05 -0700

Well, our email server is up and down right now (not my domain, fortunately)
so this may come in a bit late, but just a few things.

First, use authentication and good encryption.  It is a good idea to try to
conform to the WPA standard, using TKIP encryption with 802.1x
authentication.  If you want to be bleeding edge, you could aim for the
802.11i draft, which uses AES encryption along with 802.1x authentication,
but hardware/firmware support will be hard to come by.

Second, the policy should mandate that only access points meeting your
specifications can be installed.  Having the wired backbone for the wireless
infrastructure on a separate VLAN is a good idea, mostly for DOS prevention.

There are a variety of good templates for a wireless policy out there.  Make
sure you include all of the important domains and then PUBLICIZE it so that
people know they cannot set up their own points but also so they know that
if it is a benefit to the business, they can request and will likely
receieve authorization and your help implimenting it...  Just a few of the
areas that are important to address are firm requirements for
authentication, encryption, approval/change management and usage.  Mission
critical and extremely sensitive applications should never use wireless.
All wireless in the company should meet or exceed your policy standards and
be monitored by your department.

That's all that's coming to mind right now.

Eric

-----Original Message-----
From: netethix () iprimus com au [mailto:netethix () iprimus com au]
Sent: Tuesday, November 11, 2003 3:45 PM
To: security-basics () securityfocus com
Subject: wireless policies


Hi people of the planet earth,

I'm in the process of assisting in the creation of a wireless policy for
a large company. I'm interested in hearing people's experiences in a)
putting
together an effective wireless policy and b) how they have gone about
securely
implementing a wireless solution. It's a broad topic - and so answers can
be as broad or specific as you like. 

If I get enough responses I will provide a summary back to the list.

Cheers,

Netethix.


---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to

simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault