Best practices

Previous Page    Next Page

Computer Studies wireless router

Customer requirements, bandwidth, number of uses, applications and uses, security requirements, what is the budget?, get existing network documents blueprints, surveys, area maps, security policies, business documentation, perform a comprehensive site survey, do a wireless scan of the area and record any existing networks in the area, physically inspect the site and surrounding area, get electrical diagrams, record the physical characteristics of the site, the farthest distance from one point of the site to another, to check what range is needed, balance requirements to the outlay of the network, try to stick to a single vendor improves standardisation and interoperability, co-ordinate with personnel, test equipment and connections, correct problems as they occur then re-test, train personnel as necessary on design, configuration, administration and troubleshooting, document everything.

Administering wireless clients can be important and challenging, use standardised hardware that fits the needs of the business, try to use hardware from the same manufacturer whenever possible, centrally maintain a driver library CDs, use standardised configuration on clients whenever possible, set permissions and rights to prevent users from changing configuration, ensure that the strongest security used is compatible with client hardware and operating systems, record hardware addresses and inventory of client devices and maintain the information, ensure the client computers are patched with the latest security updates from the vendor, train users, ensure users are aware of security and company use policies, test each computer for correct operation prior to handing it over to the user.

Configure wireless access points for optimum connectivity and security, use standardise configurations, use devices from the same manufacturers whenever possible to ensure standardisation and interoperability, document standard configuration options, test applications and access points and their configuration settings, backup configuration files per device, ensure the highest level of supported encryption is used should be compatible to all equipment, ensure the correct time and date is set, change the access points SSID and password, use the device name in accordance with standard host/device naming convention, configure network address translation or NAT for client computers, configure DHCP and DNS options correctly, use filtering options in conjunction to other security devices to support the security policy, place access points in secure areas, check the distance between access points and client computers, use care when connecting wireless networks to corporate wired networks, ensure proper safeguards are built in to the separate devices, users, applications and protocols, limit the traffic between networks to only what is necessary to maintain business needs.

Document and get authorisation for all connections to a wired network, use single point of entry where possible, use a firewall between the wireless and wired network in addition to any other perimeter security devices, it may be better to use separate authentication for the wired and wireless networks, put servers and any other mission critical resources on the wired network, if wired networks are bridged using wireless bridges, ensure all traffic is encrypted using both wireless bridges and encryption methods on the wired network, require authentication for traffic that is bridged this prevents session hijacking, man in the middle attacks and spoofing, ensure proper permissions are implemented on network shares and resources, consider using VPN or virtual private networks to establish connection between a wired network and wireless clients, setting up an encrypted tunnel which provides encryption and authentication, use switches to limit collision domains from incoming wireless network traffic, maintain all the connection documentation on wired to wireless connection points, use different IP subnets for wired and wireless traffic.

Design and install the wireless network with security in mind from the ground up, configure every link in the chain securely clients, access point and any other infrastructure devices, use the strongest encryption method that the network infrastructure can support, develop the security policies to define what is and what is not allowed on the network, make an inventory of the devices allowed on the network and list the MAC addresses, limit the access point administration to just a few knowledgeable administrators, change the SSID to something obscure and don't broadcast the SSID, set up MAC address filtering to allow only authorised hardware addresses from approved devices and periodically check that no new addresses are on the network, use built in firewall and proxy features in conjunction with other security devices, use NAT and private IP addresses, use a different DHCP scope, change the routers default password, use 802.1X authentication where possible, use additional measures IPSec, SSH from the clients and servers where necessary, require additional authentication methods like smart cards, domain authentication to networked resources, only allow certain protocols to pass, update the firmware periodically to ensure the latest security fixes are applied.

A free video course on installing a wireless network

Wireless Networks

Previous Page    Next Page

Recommended Books