Wireless LANs (WLANs) bring incredible productivity and new efficiencies to organizations of all sizes. Advances in WLAN features and capabilities allow organizations to offer the benefits of wireless to their employees without sacrificing security. Properly deployed, WLANs can be as secure as wired networks. This paper discusses the five steps to creating a secure WLAN infrastructure.
WLAN deployments have increased significantly in recent years, evolving from guest access in conference rooms to limited “hot” zones of connectivity within the organization to full coverage throughout the organization. Unfortunately, many of these deployments are insecure, leaving opportunities for the curious—or malicious hackers—to try to access confidential information. Securing a WLAN is not difficult; industry advances in technology and the Cisco Unified Wireless Network make it easier than ever. Securing the network is based on extending the Cisco Self-Defending Network strategy, which is based on three pillars: secure communications, threat control and containment, and policy and compliance management. With these three areas in mind, following are best practices for securing your Cisco Unified Wireless Network.
A summary checklist of all the recommended best practices discussed in this paper follows:
- Create a WLAN security policy.
– Modify the default SSID.
– Use strong encryption.
– Deploy mutual authentication between the client and the network.
– Use VPNs or WEP combined with MAC address control lists to secure business-specific devices.
– Use identity networking in combination with VLANs to restrict access to network resources.
– Ensure management ports are secured.
– Deploy lightweight access points as they do not store security information locally.
– Physically hide or secure access points to prevent tampering.
– Monitor the exterior building and site for suspicious activity.
- Secure the wired network against wireless threats:
– Deploy and enable wireless IPSs to prevent rogue access points and other wireless threats—even if you do not have a WLAN.
– Permanently remove any rogue devices using location tracking.
- Defend against external threats:
– Equip mobile devices with similar security services as the company network (firewalls, VPNs, antivirus software, etc.).
– Ensure mobile device security policy compliance with Cisco NAC.
- Enlist employees in safeguarding the network through education.
SOURCE : Cisco System
Thanks....
Monday, April 11, 2011
Anu
