Decide why you need wireless. Who will use it? For what? Quantify the costs (including security) and benefits (such as increased productivity). Publish (and publicize) network policies. The cube dweller who plugs his wireless router into an Ethernet port probably doesn\u2019t have evil intentions. But this access point now sits behind the firewall and most intrusion-detection systems can\u2019t see it. Define when people can use the wireless LAN, when they can\u2019t and guest-access use, says Ellen Daley, principal analyst with Forrester Research. Always authenticate. The 802.1x standard for port-based authentication is a top tool. The protocol behind 802.1x is called EAP, for extensible authentication protocol; it uses encrypted tunnels to exchange information between device and network. According to WLAN vendor Aruba, although an intruder can monitor the exchange over the air, data inside the encrypted tunnel cannot be intercepted. EAP is used on wired networks so it can be part of a unified network strategy. Its mutual authentication ability ensures that the network they\u2019re seeing is legit\u2014and not a hacker\u2019s fake access point. Other tools: client-based software from AirDefense and AirMagnet; and network admission control, or NAC, a Cisco-led authentication scheme that screens WLAN devices for malware. Encrypt well and password protect. In March, the Wi-Fi Alliance said that WPA2\u2014the strongest encryption specification for 802.11\u2014was required on Wi-Fi\u2013enabled products. WPA2 stands for Wi-Fi Protected Access 2 and is the long-awaited successor to WPA (which itself supplanted the earlier wired equivalency protocol, or WEP). Turn it on. Strong user names and passwords are a must. Sniff out bad guys. New tools can detect, locate and shut down attacks before they do damage. Vendors such as Airespace (a Cisco subsidiary), Aruba, Network Chemistry and Symbol offer technologies that can detect and fend off unauthorized intruders at access points. Segregate visitors. Torrance Memorial Medical Center provides its five-building campus with 100 percent coverage, says IS Director Bill Tomcsanyi. He set up an open network for guests and a secure network with encrypted access for employees.