Enterprise Security
Security is one of the best important aspects of an action wireless LAN. Without proper
security mechanisms in place, a aggregation is accessible to hackers accepting admission to unauthorized
information and possibly antibacterial arrangement resources. The ambition of able aegis is to use a
combination of accurate aegis practices to ensure that the company’s advice systems assets
are safe.
To appropriately defended an action wireless LAN, aboriginal authorize wireless aegis polices. Before
installing the wireless LAN, accede requirements and authorize accurate aegis behavior that
provide able protection. These behavior should authorization aggregation ascendancy of the installation
of wireless LAN apparatus and abode architectural elements, such as encryption and
838 Appendix H: Wireless LAN Solutions
authentication protocols, banned of RF arising alfresco the facility, and admission point physical
mounting restrictions.
Most installations should focus on implementing Layer 2 security. Best companies deploying
wireless LANs apparatus Layer 2 aegis to administer aegis amid applicant accessories and access
points. In this case, the admission credibility affix anon to the accumulated network. This is a costeffective
method for accouterment aegis throughout the enterprise, abnormally back there are a
relatively ample cardinal of wireless users. Wi-Fi Protected Admission (WPA) is a acceptable encryption
mechanism to use for this purpose because it automatically assigns encryption keys periodically
to applicant devices.
If a cogent cardinal of visitors charge wireless admission to Internet services, however, it adeptness be
more applied to affix the admission credibility alfresco the DMZ and crave advisers to use VPN
client software to admission accumulated resources. Figure H-4 illustrates this approach. If many
employees charge wireless connections, however, this admission could be almost big-ticket due
to the cogent cardinal of VPN admission bare with the accumulated system.
Figure H-4 Public Wireless LAN Within an Enterprise
Most installations should try to absolute advancement of radio signals alfresco the facility. As a
precaution, accede designing the wireless LAN in a way that banned radio signals from being
received alfresco the facility. This minimizes the adeptness for a hacker to accessory with one of the
wireless LAN admission points. A aggregation can abate radio advancement alfresco the architecture by
properly adjustment antennas and abbreviation the address ability of admission points.
Secure Arrangement Un-Secure Network
Corporate
Network
Access Points
Access Points
Firewall