Introduction

In this chapter, we ll provide the framework for creating a wireless security project as part of your overall corporate IT security strategy. As with all the individual security area projects (ISAPs) discussed in this book, it is intended to be a template to use as a starting point. There is no one-size-fits-all project plan for any security topic, and wireless security is no exception. You will need to modify this project plan to fit your organizational needs in many different ways but you will find the basic building blocks here.

Wireless technology continues to evolve and so, too, do the tools hackers use to gain unauthorized access to wireless networks. Even as recently as two years ago, a majority of corporate wireless networks were unsecured, allowing anyone with a wireless card to access the network. In the past couple of years, more companies have begun securing their wireless networks in a variety of ways (though a surprising number are still unsecured). Some companies have created a separate wireless network for customers or guests that does not connect in any way to the corporate network (such as those often found in hotels, coffee shops, and airports). Other companies have applied basic security such as Wired Equivalent Privacy (WEP), which was once thought to be secure but has since been shown to be hackable; or Wi-Fi Protected Access (WPA), a stronger but more difficult-to-administer security solution for wireless. We won t get into the pros and cons of various wireless security solutions...