Security Policy for Wifi

Review the WLAN security policy to find out any security shortcomings and ensure whether they are
managed consistently with managements intent.
WLAN Architecture
Do you have a network diagram?
Identify logical separation of wired & wireless network based on the network diagram.
Determine the placement of the access point - Is it running behind the firewall?
Who has access to Wifi? (Internal user or external users?)
Are Wifi granted access to internet?
Whether the wireless IDS/IPS is installed to monitor the traffic.
Are wifi traffic log stored in a syslog server?
Are the logs reviewed regularly?
Are access failure (login failure) detected?
Detect Rogue Access points
Scan for any unauthorised access points present in the network.
Check whether the WIDS/IPS is deployed to monitor the traffic.
SSID Broadcasting
The SSID is visible using a packet sniffer or wireless detection tools from any station within radio
range.
SSID Broadcasting should be disabled
SSID should be changed from default and not specific to company











Authentication
Utilize third party authenticating devices to enhance the security of a wireless network e.g. RADIUS
server
MAC Address Filtering: Check whether the mac address filtering Is enabled on the access point using
the admin panel.
DHCP pool Restriction if any?
Default Configuration
Type the AP IP in the browser and go to the management interface, check whether the AP default
settings should be changed to make it more difficult to identify and penetrate wireless network.
Has the default administrative login/password been changed?
Is the administrative password easily cracked?
Check the AP admin panel to know
Are encrypted administrative interfaces available (e.g., SSH, HTTPS)?
Is the AP running the latest firmware and security patches?
Configuration Management how it is enforced?
How the configuration changes should be done.
Whether they follow the change management process. Review documents for Change management.










Encryption
WPA2/PSK should be used. Stronger encryption necessary.
If the AP is using a PreShared Key (PSK), is it easily cracked?
Changing encryption keys in regular intervals.
RF Management
AP should be placed in an area that will limit broadcasting of signal outside of building.
Minimize the power of the AP signal to restrict signal outside of the building.
AP broadcasts in a 360 degree circle . Consider using directional antenna to minimize the signal in
areas you do not need wireless coverage in.
Physical Security
Wireless AP should be stored in a secure location.
User awareness training have to done at least on yearly basis.
Physical Failure of Access Point What are the business impact? What is the continuity plan?