Security Basics mailing list archives
Re: wireless policies
From: Alessandro Bottonelli <a.bottonelli () axis-net it>
Date: Thu, 13 Nov 2003 00:14:02 +0100
On Tuesday 11 November 2003 23:44, netethix () iprimus com au wrote:
I'm in the process of assisting in the creation of a wireless policy for a large company. I'm interested in hearing people's experiences in a) putting together an effective wireless policy and b) how they have gone about securely implementing a wireless solution. It's a broad topic - and so answers can be as broad or specific as you like.
I am supporting a military client of mine on a very similar task. What happens here is that the key points to define are: When and where WLANs are acceptable, ie: -1- For Unclassified networks only -2- When wired arrangements are not possible for example: in buildings of historical value for temporary networks -3- Where in-campus mobility is a requirement How they are to be implemented, ie: -1- Only encrypted traffic -2- Cipher of at least N bits -3- Key changes every N days -4- Strong (two-factor) user authentication -5- Must be approved by the Security Officer -6- Must be audited N time(s) a year This is just a starting point, these concepts need to be developed further on the specific client environment. Any statement in the policy means MONEY, so you must carefully balance actual risk with protection levels really needed by the client. -- Alessandro Bottonelli CISSP & BS7799 Lead Auditor Information Security Consultant www.axis-net.it --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- wireless policies netethix (Nov 11)
- Re: wireless policies Steve (Nov 13)
- Re: wireless policies Alessandro Bottonelli (Nov 13)
- Re: wireless policies Meritt James (Nov 14)
- Re: wireless policies Steve (Nov 16)
- Military and Wireless (Was: wireless policies) Alessandro (Nov 17)
- Re: wireless policies Meritt James (Nov 14)
- Re: wireless policies Tomas Wolf (Nov 17)
- <Possible follow-ups>
- RE: wireless policies Hagen, Eric (Nov 13)
- Re: Re: wireless policies cdirricq (Nov 16)