This article describes in detail how to deploy WLAN and make it comply with regulatory requirements. Here we will introduce some basic rules to ensure the security of WLAN networks.
SOX, FIPS, and HIPAA. If you are using WLAN technology and are not familiar with these terms, please listen. With the emergence of problems such as land security, enterprise scandal, and dissemination of medical information on the Internet, the management department has passed many regulations that require strict attention to the security of the IT field. SOX, FIPS, and HIPAA are abbreviated as Sarbanes-Oxley, federal information processing standards, and health insurance circulation and Accountability Act. These regulations are introduced for different reasons, but they all have a meaning: You 'd better ensure the security of your WLAN Network.
These regulations to ensure network security are as ubiquitous as most federal regulations. For example, the SOX Act requires an internal accounting management architecture that certifies the responsibility of the management to establish and maintain adequate internal control over the financial reports of the institution. Efforts should be made to turn this approach into a security policy or the best technical solution to date that complies with this standard. Both HIPAA and SOX laws provide for institutional audits to ensure the implementation of these laws and to give people who use WLAN technology a minimum understanding of how to comply with these regulations.
I want to tell you the simplest way to implement these regulations. This is to use strong identification and encryption standards to lock your WLAN. For those who are not familiar with WLAN technology, there is also a set of security protocols and design solutions to ensure strong identification and encryption. I will not introduce all WLAN security protocols and standards in detail, but I will tell you that the Wired Equivalent protocol (WEB) does not comply with regulatory requirements.
Encryption is very important because information is transmitted in the WLAN environment in the air. Someone can intercept the financial report Indicators of your organization or the medical records of someone outside the parking lot. Using powerful measures to protect this environment can avoid the above.
The key to complying with regulations is to avoid mistakes due to negligence. Since there is no specific regulation on which technology needs to be applied when complying with regulations, you have to decide what technology you need in your environment. If auditors come to check that they access your network through WLAN, you 'd better not let them get any sensitive data.
The best way to protect your network is to use the following WLAN security measures:
· Do not broadcast any SSID (Service Group Identifier) from any access point ).
· Use 802.1x EAP (Extensible Authentication Protocol) protocol for identity recognition.
· Use dynamic WEP for encryption at the minimum.
· Use IPSec for encryption is preferred.
If you use the above four methods, you can pass the audit at least. However, it is necessary to constantly monitor your environment to ensure that no one breaks through the security line or install fake access points in your environment. Therefore, you need to purchase a WLAN management system to monitor your environment 24 hours a day seven days a week. AirDefense, BlueSocket, AirMagnet and other companies provide such products.