Wireless security: Too much of a good thing?

Not long ago, the complaint heard about wireless LAN security was that there wasn’t enough of it. Now it seems there may be too much.

Network executives today face a bewildering number of approaches to solve what’s been a consistent hot-button issue for them. As a result, once users get past some very basic recommendations, best practices in WLAN security hinge on your specific enterprise security needs.

Wireless experts and net managers can quickly run off a basic set of routine steps to help lock up wireless LANs. These typically include:

* Turning on basic Wired Equivalent Privacy encryption for all access points.

* Create a list of MAC addresses that are allowed to access the WLAN.

* Use a dynamic encryption key exchange method as implemented by various security vendors.

* Keep software, and patches, on access points and clients up to date.

* Create access point passwords that can’t be easily guessed.

* Change the Service Set Identifier on the access point, and block the SSID broadcast feature.

* Minimize radio wave leakage outside your building through access point placement and antenna selection.

Some users welcome the possible end of what one called “frankenparts” – cobbling together a security architecture and a set of best practices based on products from several vendors. But others see the multiplicity of choices as a benefit. The numerous choices compel a systematic security approach that uses existing resources while being flexible enough to meet new standards.

For more on this story see: https://www.nwfusion.com/news/2003/0804specialfocus.html