Basic WLAN Security Technologies
The WLAN security wheel

Most wireless security incidents occur because system administrators do not implement available countermeasures. Therefore, the issue is not just one of confirming that a technical vulnerability exists and finding a countermeasure that works. It is also critical to verify that the countermeasure is in place and working properly.

This is where the WLAN Security Wheel, which is a continuous security process, is effective. The WLAN Security Wheel not only promotes applying security measures to the network, but most importantly, it promotes retesting and reapplying updated security measures on a continuous basis. The WLAN Security Wheel is illustrated in Figures .

To begin the Security Wheel process, first develop a WLAN security policy that enables the application of security measures. A security policy must accomplish the following tasks:

  • Identify the wireless security objectives of the organization.
  • Document the resources to be protected.
  • Identify the network infrastructure with current maps and inventories.

Wireless security policies are worth the time and effort to develop because they provide many benefits. The development of a good security policy accomplishes the following:

  • Provides a process to audit existing wireless security
  • Provides a general framework for implementing security
  • Defines behavior that is allowed and that is not allowed
  • Helps determine which tools and procedures are needed for the organization
  • Helps communicate consensus among a group of key decision makers and defines responsibilities of users and administrators
  • Defines a process for handling wireless breaches
  • Creates a basis for legal action, if necessary

An effective wireless security policy works to ensure that the network assets of the organization are protected from sabotage and from inappropriate access, which includes both intentional and accidental access. All wireless security features should be configured in compliance with the security policy of the organization. If a security policy is not present, or if the policy is out of date, the policy should be created or updated before deciding how to configure or deploy wireless devices.