Ok, I know David Letterman really set the standard for Top 10 lists, but there seems to be no shortage of lists related to IT that come in 10s, 5s or some other numerical sequence. I happen to like lists, as they remind me of CliffsNotes from college - someone's attempt to boil down a fairly lengthy, often mind-numbing subject, into a much shorter, more understandable, summary that still captures most, but not all, of the important elements.
So, I thought I'd occasionally share some of the Top "fill in number here" lists I run across that you might find of value. Given all the talking I did last week about wardriving, it seemed like Dr. Thomas Shinder's list of "the 10 things you should do to protect your network against wireless devices" was a good place to start.
So, without further adieu, here's the list:
- Place anonymous access WAPs on perimeter networks
- Require VPN connections for links between anonymous access WAPs and corporate network segments
- Force client health checking for all hosts connecting from anonymous access WAP segments
- Limit anonymous access perimeter segments to unencrypted protocols
- Enforce strong bandwidth control on anonymous access WAP segments
- Require certificate authentication for WAPs connected to corporate network segments
- Enlist "secret agents" to find rogue WAPs
- Use IPSec-based domain isolation to protect domain members
- Block Internet access for wireless devices from corporate network segments
- Prevent VPN connections from wireless handheld devices
Dr. Shinder shares lots of important details on each point in an article on ZDNet, so read the full article here.
Just remember, as we talked about last week, securing your wireless access points is only part of what's required to secure your infrastructure. Make sure, even after following these 10 things, that you still assume that someone is going to be successful and you take the steps to properly configure the rest of your infrastructure, then regularly audit those configurations with a software solution like Ecora Auditor Pro.
