ISO 27001 Wireless LAN Security Checklist
Download Free ISO 27001 Wireless LAN Security Checklist
This checklist consist more than 50 Wireless Network Security Controls that cover from Management, Technical and Operational side. Download the checklist for more detail controls:
1. Develop an agency security policy that addresses the use of wireless technology, including 802.11.
2. Ensure that users on the network are fully trained in computer security awareness and the risks associated with wireless technology.
3. Perform a risk assessment to understand the value of the assets in the agency that need protection.
4. Ensure that the client NIC and AP support firmware upgrade so that security patches may be deployed as they become available (prior to purchase).
5. Perform comprehensive security assessments at regular and random intervals (including validating that rogue APs do not exist in the 802.11 WLAN) to fully understand the wireless network security posture.
1. Understand and make sure that all default parameters are changed.
2. Disable all insecure and nonessential management protocols on the APs.
3. Enable all security features of the WLAN product, including the cryptographic authentication and WEP privacy feature.
4. Ensure that encryption key sizes are at least 128-bits or as large as possible.
5. Make sure that default shared keys are periodically replaced by more secure unique keys.
1. Enable utilization of key-mapping keys (802.1X) rather than default keys so that sessions use distinct WEP keys.
2. Fully understand the impacts of deploying any security feature or product prior to deployment.
3. Designate an individual to track the progress of 802.11 security products and standards (IETF, IEEE, etc.) and the threats and vulnerabilities with the technology.
4. Wait until future releases of 802.11 WLAN technologies incorporate fixes to the security features or provide enhanced security features.
5. When disposing access points that will no longer be used by the agency, clear access point configuration to prevent disclosure of network configuration, keys, passwords, etc.
6. If the access point supports logging, turn it on and review the logs on a regular basis
|Free Download Attachment||Size|