3 Steps for Bullet-Proof Wireless LAN Security & Management

While a wireless LAN can be installed by simply plugging an access point into an Ethernet port, an enterprise wireless LAN deployment requires a more thought-out plan that incorporates advanced security and management technologies.
Over the last year, analysts and media have documented and publicized vulnerabilities of wireless LANs, such as encryption that can be broken and rogue access points that allow intruders to connect to your network.
These reports focus on breaking encryption, the risk of unauthorized access points connected to the wired network, and the failure of enterprises to incorporate security into their wireless LANs. The attention on the pitfalls of wireless LANs has inspired some enterprises to ban wireless LANs altogether, but any organization that utilizes laptop computers faces the risk of these easily becoming wireless stations that introduce security risks.
However, security-conscious enterprises are fortifying their wireless LANs with a layered approach to security that resembles the accepted security practices of wired networks. This layered approach to security addresses all network components:
1. Secure Wireless LAN Devices
2. Secure Communications
3. Monitor for Security & Compliance
In fact, Gartner outlined the three "must have" requirements for enterprise wireless LANs:
* Install a centrally managed firewall on all laptops that are issued wireless network interface cards or are bought with built-in wireless capabilities. This protects against ad hoc WLAN connections and Internet attacks when users connect to public "hot spot" Internet providers.
* Perform wireless intrusion detection to discover rogue access points, foreign devices connecting to corporate access points and accidental associations to nearby access points in use by other companies
* Turn on some form of encryption and authentication for supported WLAN use.&&&&&
1. Secure Wireless LAN Devices
Like installing a door on a building to keep passersby from wandering in, enterprises must control the perimeter of their enterprise networks. For the traditional wired LAN, this was accomplished by installing firewalls to control the entry point to the network. However, wireless LANs present greater challenges from the hard-to-control nature of radio transmissions.
With data and network connections broadcasting across the air and through windows, walls, floors, and ceilings, the perimeter of a wireless LAN can be as difficult to control as it to define. However, enterprises can control the perimeter of a wireless LAN by securing their WLAN devices that act as the endpoints of the network.
"The use of wireless LANs and mobile workforce is on the rise; so is sophistication of wireless threats and attacks. Mobile users could get duped by hackers phishing for credentials or other sensitive information at hotspots and must be protected."
- Gartner
Perimeter control for the wireless LAN starts with deploying personal firewalls on every wirelessequipped laptop and also includes a deployment of enterprise-class access points that offer advanced security and management capabilities. The wireless LAN should be segregated from the enterprise wired network as part of a VLAN to allow for wirelessspecific management and security policies that do not affect the wired network.
All access points should be completely locked down and reconfigured from their default settings. The SSIDs and passwords of the access points should be changed from their default names. Some organizations choose to establish set channels of operation for each AP to identify all off-channel traffic as suspicious activity.
To secure mobile users at hotspots etc, organizations can deploy the AirDefense Personal product. An industry first, AirDefense Personal protects mobile users of hotspots and other public Wi-Fi networks from wireless-specific risks that could expose private data and transactions. AirDefense Personal is a software agent that runs on Windows PCs and monitors for malicious or accidental wireless activity and wireless misconfigurations that may cause security exposures or policy violations. The AirDefense Personal agent offers protection from a broad and growing set of new risks that directly target vulnerable wireless users and unobtrusively notifies the user when risky activity occurs.
2. Secure Communication ? Authentication & Encryption
In deploying secure wireless LANs, IT security and network managers face the most difficult decision in choosing how to secure WLAN communication with multiple forms of authentication and encryption. Like installing locks and keys on a door to control who can enter, the next layer of wireless LAN security is to control which users can access the wireless LAN.