|
|
Once a Wi-Fi system is installed, it still requires periodic maintenance.
Periodically, security logs should be inspected for unusual activity. Depending on what shows up, actions are required. Security is a continuous process and not a state that is achieved.
To find rogue APs, one can use a program like Netstumbler[18] or Airopeek[19] with a client access card and a handheld Yagi antenna. Such software and devices can help one spot all the beacons from unknown APs and client access cards in your building. Clues can be found, such as clients using ad hoc mode rather than infrastructure, SSIDs that do not conform to the ones used in the area, and MAC addresses that don't belong to the group of known MAC addresses. Note that the MAC addresses are ones that belong to the air interface and not the MAC addresses of the LAN connection to the network.
It is worthwhile to check coverage once in a while. An AP's antenna can become disconnected when air-conditioning or electrical service people climb around in the plenum. It is also possible for the transceivers to cease functioning once in a while. Use the opportunity of looking for rogue APs to check coverage at the same time.
Upgrades are often necessary as technology develops and security enhancements are found. If a new version of AP software is made available, test it in one AP for a week before deploying it to the rest. Once the week passes without incident, deploy the upgrade during a low-service period to avoid service interruption.
[18]www.netstumbler.com.
[19]www.wildpackets.com.
|
|