Wireless Security: Ensuring Compliance with HIPAA, GLBA, SOX, DoD 8100.2 & Enterprise Policy

White Paper




 
 !""#$%%&'( 

This paper is designed to guide network administrators and security managers to design, implement, and enforce wireless LAN security policies that enable every organization to fully reap the benefits of wireless LANs without experiencing undue management pains and security holes. This paper will also cover how organizations can comply with regulatory policies like HIPAA, GLBA - Safeguards Rule, DoD 8100.2, Sarbanes-Oxley Act etc.
Enterprises of all sizes are deploying wireless LANs for their many productivity and mobility Enterprises must be proactive in benefits that come from employees seamlessly establishing policy for the adoption of connecting to IT resources and performing daily wireless LANs, given the aggressive rate at tasks without requiring a wired connection. But which Wi-Fi will appear in corporate just like wired networks, 802.11 wireless LANs laptops and the security threat associated require network policies that are designed, with rogue networks. . Enterprises must implemented, and enforced to maximize establish corporate policies (relative to network performance and reduce exposure to the infrastructure, usage, and security) on the inherent security flaws in 802.11 wireless LANs. adoption of Wi-Fi or risk losing network integrity and increasing TCO. - META Group IS administrators should establish a written policy dictating that the airwaves inside the enterprise are a managed resource, no different from a wired resource. (((())))



 - META Group As wireless networks proliferate, the ever-present danger of new, more sophisticated hacking tools is also on the upswing. Hackers, armed with new tools such as AirJack, AirSnarf, The many benefits and expected return on Hunter_Killer, etc are launching more investment of a wireless LAN can be wiped out sophisticated attacks on the network -- networks if a security and management policy is not in that a year ago were said to be unbreakable. place and enforced. When an organization's network is left exposed by insecure wireless LAN devices, hackers can This paper is designed to guide network compromise an organization's network administrators and security managers to design, backbone, rendering the investment in IT implement, and enforce wireless LAN security security useless. Not only are there financial policies that enable every organization to fully implications from a security standpoint, but the reap the benefits of wireless LANs without breach can potentially impact the company's experiencing undue management pains and reputation and proprietary and regulatory security holes.
. information. These scenarios can lead to policy and mirror the standard six-step policy additional financial loss and legal ramifications. process. Hence various regulatory bodies have defined 1.) Policies are first defined and policies that have to be complied with by documented. organizations. Regardless of the WLAN deployment status, organizations have to ensure 2.) Management must then buy-into the that they track all wireless activity and prevent documented policies. the transmission of wireless data in clear text. The Department of Defense issued a wireless 3.) The policy should then be directive, Number 8100.2 on April 14, 2004. communicated to all employees, This directive establishes policy and assigns contractors, on-site vendors, and anyone responsibilities for the use of commercial else expected to comply with the policy. wireless devices, services, and technologies in the DoD Global Information Grid. Healthcare 4.) The wireless LAN should then be organizations have to main the sanctity of monitored to audit for policy patient data by complying with the HIPAA regulations. Various regulations e.g. OCC Essentially, policies are house rules Wireless Advisory, GLBA - Safeguards Rule with possible actions that work on an etc have been defined for banking and financial if-then structure and can prohibit, institutions. A new section of the permit, or require actions for both Sarbanes-Oxley Act, Section 404, requires all publicly people and the hardware and software traded firms to file... [download for more]