Security Basics mailing list archives
RE: wireless policies
From: "Hagen, Eric" <ehagen () DenverNewspaperAgency com>
Date: Thu, 13 Nov 2003 09:12:05 -0700
Well, our email server is up and down right now (not my domain, fortunately) so this may come in a bit late, but just a few things. First, use authentication and good encryption. It is a good idea to try to conform to the WPA standard, using TKIP encryption with 802.1x authentication. If you want to be bleeding edge, you could aim for the 802.11i draft, which uses AES encryption along with 802.1x authentication, but hardware/firmware support will be hard to come by. Second, the policy should mandate that only access points meeting your specifications can be installed. Having the wired backbone for the wireless infrastructure on a separate VLAN is a good idea, mostly for DOS prevention. There are a variety of good templates for a wireless policy out there. Make sure you include all of the important domains and then PUBLICIZE it so that people know they cannot set up their own points but also so they know that if it is a benefit to the business, they can request and will likely receieve authorization and your help implimenting it... Just a few of the areas that are important to address are firm requirements for authentication, encryption, approval/change management and usage. Mission critical and extremely sensitive applications should never use wireless. All wireless in the company should meet or exceed your policy standards and be monitored by your department. That's all that's coming to mind right now. Eric -----Original Message----- From: netethix () iprimus com au [mailto:netethix () iprimus com au] Sent: Tuesday, November 11, 2003 3:45 PM To: security-basics () securityfocus com Subject: wireless policies Hi people of the planet earth, I'm in the process of assisting in the creation of a wireless policy for a large company. I'm interested in hearing people's experiences in a) putting together an effective wireless policy and b) how they have gone about securely implementing a wireless solution. It's a broad topic - and so answers can be as broad or specific as you like. If I get enough responses I will provide a summary back to the list. Cheers, Netethix. --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- wireless policies netethix (Nov 11)
- Re: wireless policies Steve (Nov 13)
- Re: wireless policies Alessandro Bottonelli (Nov 13)
- Re: wireless policies Meritt James (Nov 14)
- Re: wireless policies Steve (Nov 16)
- Military and Wireless (Was: wireless policies) Alessandro (Nov 17)
- Re: wireless policies Meritt James (Nov 14)
- Re: wireless policies Tomas Wolf (Nov 17)
- <Possible follow-ups>
- RE: wireless policies Hagen, Eric (Nov 13)
- Re: Re: wireless policies cdirricq (Nov 16)