Professional Documents
Culture Documents
Access control 4.1 The access point should be configured to drop any unencrypted network traffic so that unauthorized wireless stations or rogue access points cannot associate with the access point if they do not know the shared secret or dont have X.509 certificates. 4.2 Access control device such as firewalls should be implemented to segregate the WLAN from the internal wired network. The WLAN should be deployed in a different network segment, which is separate from the internal wired network 4.3 Wireless IPS should be implemented to prevent and detect rogue access points and any unauthorized access to the wireless station over the WLAN 4.4 IP / Port filtering can be implemented at the gateway to ensure that only authorized network traffic from the WLAN or legitimate access points are allowed to enter the wired network. This is to prevent unauthorized access to the internal wired network via rogue access points 4.5 Traffic security policies and rule-sets to be provided by ISD, based on threat/vulnerability assessment of application traffic profiling provided by application owners Access Point Administration 5.1 Wireless access points to be configured to restrict the range of network access to the physical location in which the users are expected to reside 5.2 Change network default name at installation; SSID should not reflect the name of any divisions/departments, system name or product name 5.3 MAC addresses administration procedures for wireless users to be documented. They must include MAC address administration procedures for user additions, terminations and changes in assigned equipment 5.4 Change product default access point configuration settings, which are considered, unsecured most of the time for easy deployment 5.5 Enable and configure security settings including SSID, encryption keys and Simple Network Management Protocol (SNMP) community strings 5.6 Disable SSID broadcasting to prevent the access points from broadcasting the SSID so that only authorized users whose configured SSID matches that of the access point can connect to the network 5.7 Disable DHCP and assign static IP addresses to all wireless users to minimize the possibility of an unauthorized user obtaining a valid IP address 5.8 Access to Network Devices to be controlled by access lists so that the equipment is accessible only from a limited number of locations 5.9 The wireless station should not be configured for network file sharing without any protection to prevent any unauthorized access to his local files