hello..i have a lot of questions regarding the access point (AP)...below
are the list of some checklist that i found in order to be taken into
consideration in the wireless technology..i juz want to know how those
checklist can be implemented and what kind of software could be used to do
that..thanx for ur help..
i) Perform comprehensive security assessments at regular intervals
(including
validating that rogue APs do not exist in the 802.11 WLAN) to fully
understand
the wireless network security posture
ii) Deploy physical access controls to the building and other secure areas
(e.g., photo ID, card badge readers).
iii) Complete a site survey to measure and establish the AP coverage for
the Organization
iv) Take a complete inventory of all APs and 802.11 wireless devices.
v) Empirically test AP range boundaries to determine the precise extent of
the wireless coverage
vi) Ensure AP channels are at least five channels different from any other
nearby wireless networks to prevent interference.
vii) Locate APs on the interior of buildings versus near exterior walls and
windows.
viii) Place APs in secured areas to prevent unauthorized physical access
and user manipulation.
viv) Make sure that APs are turned off during all hours during they are not
used.
x) Make sure the reset function on APs is being used only when needed and
is only invoked by an authorized group of people.
xi) Restore the APs to the latest security settings when the reset
functions are used.
xii) Change the default SSID in the APs.
xiii) Disable the “broadcast SSID” feature so that the client SSID must
match that of
the AP.
xiv) Disable the broadcast beacon of the APs.
xv) Disable all insecure and nonessential management protocols on the
APs.
xvi) Install a properly configured firewall between the wired
infrastructure and the wireless network (AP or hub to APs).
xvii) Consider installation of Layer 2 switches in lieu of hubs for AP
connectivity.
xviii) Ensure all APs have strong administrative passwords.
xviv) Enable user authentication mechanisms for the management interfaces
of the AP.
xx) Ensure management traffic destined for APs is on a dedicated wired
subnet.
xxi) Make sure adequately robust community strings are used for SNMP
management traffic on the APs.
xxii) Configure SNMP settings on APs for least privilege (i.e., read only).
Disable SNMP if it is not used.
xxiii) Enhance AP management traffic security by using SNMPv3 or equivalent
cryptographically protected protocol.
xxiv) Use a local serial port interface for AP configuration to minimize
the exposure of sensitive management information.
