Earlier this month, I discussed recent survey findings indicating that enterprises now feel pretty good about the industry's wireless LAN security standards and solutions. But they are less confident in their own abilities to successfully deploy them. The survey, conducted by educational networking Web site Webtorials, similarly revealed that enterprises still consider security to be the biggest challenge to Wi-Fi implementation.
I've discussed this situation with several industry experts. I'll attempt to offer some very basic tips that might help you get your arms around Wi-Fi security deployment a bit more clearly. After all, the IEEE 802.11 security nomenclature has grown quite large and complex over the past few years (see our glossary for confirmation of that). Breaking it into short, simple pieces might help clarify the process.
Lesson 1: What are the components you need for a best-practice Wi-Fi security deployment?
Joshua Wright, deputy director of training at the SANS Institute, a Bethesda-based information security training, research and education organization, helped me compile the following list:
- An authentication database. You likely already have one in place in your organisation, perhaps in the form of Windows Active Directory or a stand-alone RADIUS server (or a combination of both).
- A strong authentication mechanism. This is the wireless Extensible Authentication Protocol (EAP) method that you must select from several available algorithms to verify that the user attempting to connect to the network is who he says he is. A future article will focus on choosing an EAP method.
- A strong over-the-air data encryption mechanism, which regularly rotates the encryption key. Key rotation gives hackers a smaller window of opportunity to crack the key. If you use current 802.11 security standards, this function will be built right into the encryption algorithm.
- A regular auditing mechanism to check for rogue devices connected to your network and device misconfigurations. This can consist of periodic scanning of your WLAN environment using free or commercial tools. More security-conscious organisations will wish to use full-time wireless intrusion detection/protection sensors.
Next time: Now that you know the basic "ingredients" that go into the Wi-Fi security "recipe," what initial configuration steps should you take?