SANS Wireless Communication Policy

workablejeansΚινητά – Ασύρματες Τεχνολογίες

21 Νοε 2013 (πριν από 4 χρόνια και 7 μήνες)

69 εμφανίσεις



By Lauren Williams

Brief Overview of WiFi

Technology is similar to walkie

Ability to transmit and receive radio signals

Transmit @ much higher frequencies

Simple to implement

WiFi card or built

Find hotspot once hardware/software installed

Relevant Definitions


Connection point for WiFi network


Local Area Network

WEP key

Wired Equivalent Privacy

Needed to gain access to a network

2 variations: 64
bit encryption (really 40
bit) and
bit encryption (really 104

Definitions Continued


Virtual Private Network

makes use of a public network (such as the
Internet), while maintaining security and privacy
through encryption and security procedures


Service Set Identifier

identifies a Wi
Fi network (manufacturer default)

secret key set by the network admin

must know the SSID to join an 802.11 network

Purpose & Scope of SANS Policy

Purpose is to prohibit access to company
networks via unsecured wireless communication

Policy should cover all data communication
devices on all internal networks:

PCs, cell phones, PDAs, etc.

Anything capable of transmitting packet data

Recommendations for
Implementing Policy

1. Register access points and cards

All wireless access points (WAPs) connected to network
to be registered and approved by InfoSec

Subject to penetration tests and audits

All network interface cards (NICs) in use must also be

2. Approved Technology

All LAN access must use corporate approved vendor
products and security configurations

Recommendations Continued

3. VPN Encryption & Authentication

Use corporate approved VPN to drop all
unauthenticated and unencrypted traffic

Must use point to point hardware encryption of at
least 56 bits

Must support hardware address that can be
registered and tracked (MAC address)

Recommendations Continued

4. Setting the SSID

Should not contain any identifying information about
the organization

Company name, division, employee name

5. Enforcement

Employees may face disciplinary action or
termination if policy is violated