Get a glimpse inside Roberta Bragg's new book "Hardening Windows systems" with this series of book excerpts. This excerpt from Chapter 1, "An immediate call to action," explains why you should ban wireless networks that don't meet your organization's policy. Click for the complete book excerpt series or purchase the book.
Ban wireless networks that don't meet tough security policy requirements
Wireless networks can easily be implemented by users. Access points are available at low cost and can easily be plugged in to the network jack assigned to their desktop or laptop computer. Unfortunately, the default configuration on these networks has no security implemented and makes your wired network accessible to anyone in close proximity, not just authorized users. While it is possible to provide security for wireless networks, userinstalled wireless access points are unlikely to have even minimal security applied.
The best policy is to ban wireless networks unless they meet the wireless access policy of your organization. Enforce this ban by including in the policy the statement that noncompliance is punishable by employment termination.
Your wireless security policy should require encryption and authentication. This can be implemented with newer wireless networks by using Protected EAP (PEAP) and 802.1x authentication. Older wireless networks should be segmented from the wired network and require the use of VPN connections to the wired network.
Click for the next excerpt in this series: Don't allow unprotected laptops and desktops to connect to the LAN.
Click for book details or purchase the book.