Developing Wireless Security Standards
As stated earlier, many organizations include standards and procedures in their policy. You should not. Even so, you need to set some measures. Some wireless security standards that you may develop include:
Standard support:
Do you support 802.11a, b, or g?
Equipment:
Do you support equipment from any vendor?
Hours of operation:
Do you allow off-hours connections?
Naming standard:
How do you name access points and bridges?
Channel support:
What channels do you use?
Data rates:
What data rates do you support?
Performance:
What are traffic thresholds, and how many stations do you allow an access point to support?
Encryption algorithm:
What algorithm does your organization support?
Key lengths:
What is the minimum key length?
Extensible Authentication Protocol:
What flavor of the many types of EAP do you support?
Password:
What is the password length, and how often do you change it?
Upgrades:
When do you apply upgrades or patches?
Tunneling protocol and algorithms:
What layer and what algorithm?
Key distribution and refresh procedures:
How do you disseminate keys?
These are just some of the topics to cover in your standards. Think of the definition of standard. It is the required degree or level of requirement, excellence, or attainment. The standard is the ideal. Your management and internal and external auditors will measure you on how well you meet the established standards.
In this tutorial:
- Designing a Secure Network
- Security as Cost of Doing Business
- Developing a Security Architecture
- Developing a Wireless Security Policy
- Developing Wireless Security Standards
- Developing Wireless Security Best Practice
- Managing Your Wireless Security Policy
- Designing a Secure Network
- Performing a Risk Analysis