12.6 Conclusion

Instead of waiting reactively for the next encroachment, security managers must assess possible weaknesses and begin taking actions to shore up their defenses before they are breached. In this chapter, we have focused on a methodology based around risk assessment methodology, regulatory requirements awareness, development and enforcement of security policies, security best practices, and architectural design appropriate for the level of risk acceptable to a company. These actions provide the right combination of technology and policy elements required for a successful wireless security practitioner to proactively harden the security of WLANs within an enterprise environment. This chapter also provides WISDOM, which provides a series of guidelines for mitigating the threats to WLANs with three levels of protection for basic, intermediate, and advanced security requirements. The reader is encouraged to reivew the formal WISDOM test results completed by The PKI Group. This document may be reviewed online at http://hypersecurity.net/hypersec/about/Ransome.htm.

The most effective way to minimize business risk is via integrated threat management that spans the entire IT infrastructure to include servers, desktops, and mobile devices, so that both wired and wireless networks can be protected by a holistic approach that brings antivirus software, intrusion detection systems (IDSs), firewalls, and other security elements together in a coordinated solution. Most often, the wireless element is left out of this equation. We have addressed this issue by providing what every wireless security practitioner should know and do to provide a holistic approach to the corporate security infrastructure. As part of this approach, we have included a series of linked and enforceable corporate InfoSec policies (see Appendix A). The next, and perhaps most important, step is for you, the security practitioner, to go make it happen. Good luck.