Tips for making wireless LANs secure Decide why you need wireless. Who will use it? For what? Quantify the costs (including security) and benefits (such as increased productivity). Publish (and publicize) network policies. The cube dweller who plugs his wireless router into an Ethernet port probably doesn’t have evil intentions. But this access point now sits behind the firewall and most intrusion-detection systems can’t see it. Define when people can use the wireless LAN, when they can’t and guest-access use, says Ellen Daley, principal analyst with Forrester Research. Always authenticate. The 802.1x standard for port-based authentication is a top tool. The protocol behind 802.1x is called EAP, for extensible authentication protocol; it uses encrypted tunnels to exchange information between device and network. According to WLAN vendor Aruba, although an intruder can monitor the exchange over the air, data inside the encrypted tunnel cannot be intercepted. EAP is used on wired networks so it can be part of a unified network strategy. Its mutual authentication ability ensures that the network they’re seeing is legit—and not a hacker’s fake access point. Other tools: client-based software from AirDefense and AirMagnet; and network admission control, or NAC, a Cisco-led authentication scheme that screens WLAN devices for malware. Encrypt well and password protect. In March, the Wi-Fi Alliance said that WPA2—the strongest encryption specification for 802.11—was required on Wi-Fi–enabled products. WPA2 stands for Wi-Fi Protected Access 2 and is the long-awaited successor to WPA (which itself supplanted the earlier wired equivalency protocol, or WEP). Turn it on. Strong user names and passwords are a must. Sniff out bad guys. New tools can detect, locate and shut down attacks before they do damage. Vendors such as Airespace (a Cisco subsidiary), Aruba, Network Chemistry and Symbol offer technologies that can detect and fend off unauthorized intruders at access points. Segregate visitors. Torrance Memorial Medical Center provides its five-building campus with 100 percent coverage, says IS Director Bill Tomcsanyi. He set up an open network for guests and a secure network with encrypted access for employees. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe