Despite the security risks involved with wireless networks the
benefits of WLAN are numerous and hard to ignore. Many organisations have already implemented a wireless network to support their internal user base.In addition, many others are in the process of planning such a deployment. If your organisation falls into this category it's vital that you take steps to lock down wireless security.
In fact, before you take another wireless step you need to create a wireless LAN security policy. If you already have a policy make sure it's up to date. If you have a wireless network but no policy start creating one today.
Your wireless LAN security policy should focus on a minimum of seven key areas that establish the basis for deployment, use and management of your wireless network:
Define your user base
Clearly identify who can use the WLAN and what level of access those
users have to both your intranet and the Internet. WLANs typically
offer unrestricted access to the entire network and Internet access but
that doesn't mean it's a good idea to leave it like this.
Instead, consider specifying that the WLAN is specifically for guests (i.e., non-company users) and prohibit employees from using it. Some companies block their wireless subnets from either their intranet or the Intranet.
Regardless of how you choose to allow access, it's essential that you determine the scope of access. More important, clearly define this in your policy and implementation.
Identify appropriate usage
After identifying the wireless network user community, identify the
type of information that users can and cannot send over the wireless
network. For example, you might want to prohibit sending personal or
financial records via the WLAN.
In addition, it's a good idea to prohibit ad hoc connections (i.e. peer-to-peer). You don't want a smart user extending your network to users who don't have authorisation to use WLAN access.
Prepare for secure installation
Spell out specifically which internal department is responsible for
deploying wireless access points (WAPs) and other wireless devices
within your network. Otherwise, you run the risk that wannabe
administrators will install a WAP in their office space, which may not
be appropriately secure.
Define minimum physical security standards for WAP locations, and determine who will have physical access to the WAPs. Ideally, try to place your WAPs in controlled access rooms on the interior walls of the building. Adjust their coverage zone to the limits of your physical boundary — not one metre beyond.
Determine effective security settings
Define the minimum security measures enabled on all WAPs. Disable the SSID
broadcast feature, and change the default SSID to something that does
not reveal your company's...
For more, click here...
Talkback
Basicly this sums up good symptom fighting.
As usual functionality comes at a (security) price.
The trick is to identify at which point too much functionality needs (or wants) come with too much (labour intensive or error prone) maintenance and (business) risks in case of failure (if ever discovered).