Most wireless security incidents occur because system administrators do not
implement available countermeasures. Therefore, the issue is not just one of
confirming that a technical vulnerability exists and finding a countermeasure
that works. It is also critical to verify that the countermeasure is in place
and working properly.
This is where the WLAN Security Wheel, which is a
continuous security process, is effective. The WLAN Security Wheel not only
promotes applying security measures to the network, but most importantly, it
promotes retesting and reapplying updated security measures on a continuous
basis. The WLAN Security Wheel is illustrated in Figures
–
.
To begin
the Security Wheel process, first develop a WLAN security policy that enables
the application of security measures. A security policy must accomplish the
following tasks:
- Identify the wireless security objectives of the organization.
- Document the resources to be protected.
- Identify the network infrastructure with current maps and inventories.
Wireless security policies are worth the time and effort to develop
because they provide many benefits. The development of a good security policy
accomplishes the following:
- Provides a process to audit existing wireless security
- Provides a general framework for implementing security
- Defines behavior that is allowed and that is not allowed
- Helps determine which tools and procedures are needed for the organization
- Helps communicate consensus among a group of key decision makers and
defines responsibilities of users and administrators
- Defines a process for handling wireless breaches
- Creates a basis for legal action, if necessary
An effective wireless security policy works to ensure that the network
assets of the organization are protected from sabotage and from inappropriate
access, which includes both intentional and accidental access. All wireless
security features should be configured in compliance with the security policy
of the organization. If a security policy is not present, or if the policy is
out of date, the policy should be created or updated before deciding how to
configure or deploy wireless devices.