Secure Wireless LAN
Imagine your agency's wired network infrastructure. Now imagine it again without wires. A wireless LAN comprises many parts, but when they work together they create a communications infrastructure as secure as your traditional LAN. Building a secure wireless network requires attention to detail. Here's a partial list of questions you should ask when requesting proposals for your agency's WLAN.
- What wireless protocols does the solution support? 802.11a/b/g? Bluetooth? WiMax?
- What encryption standards does it use? Does the device comply with FIPS-140-2?
- Will your existing equipment support the encryption standard or will it need to be upgraded? Will client devices need upgrading?
- How does the system support different types of traffic that require higher or lower levels of security?
- Are different categories of users routed over separate physical LANs or virtual LANs?
- Can visitors obtain temporary Internet access? What about contractors?
- Does the system restrict access depending on physical location? For example, users in a lobby or conference room might only get access to the Internet but not to the enterprise network.
- Does the wireless authentication system use the same user identification and password data as the rest of the network, or do two systems need to be maintained?
- What type of intrusion detection/prevention does the vendor propose? Are these separate sensors, or do the access points perform a double duty? How many sensors will there be? Are they active or passive?
- Are the MAC addresses of wireless cards registered with the WLAN or do users only need an ID and password?
- Do users need to reauthenticate when they move between different segments of the WLAN?
- Does any software need to be loaded on the client devices?
- How is security enforced on the end points? Will personal firewalls and antivirus clients be centrally managed? How do the security measures affect the performance of the network? Are SSL off-loaders or encryption accelerators necessary?
- Will access be granted to devices that are out-of-date or misconfigured? Can they be quarantined while they are remotely updated or reconfigured?
- Will the wireless equipment and software work with the existing network and applications?
- How is the WLAN managed? Can you monitor traffic loads and performance on individual segments?
- Can you remotely manage the access points to turn them on or off or change the configuration?
- Will all the pieces work together without conflict? Is there some extra piece needed to make the whole system work?