Draft Wireless Networks Security Guidelines
in response to the new
State IT Security Policy on Wireless Networks

4. Network Security Standard

Wireless Networks

General Controls Guidelines

  • Complete a security assessment of the wireless system before production implementation. The assessment should include an evaluation of potential risks to the campus networks that are accessible from a wireless domain
  • Maintain a current, documented diagram of the topology of the wireless network
  • Perform periodic assessments for access point discovery
  • Perform periodic security testing and assessment of the wireless network
  • Implement configuration/change control and management to ensure that equipment has the latest software release that includes security enhancements and patches for discovered vulnerabilities
  • Implement standardized configurations to maintain wireless network security, to ensure change of default values, and to ensure consistency of operations
  • Implement security training to raise awareness about the threats and vulnerabilities inherent in the use of wireless technologies
  • Monitor the wireless industry for changes to standards that enhance security features and for the release on new products
  • Wireless networks should facilitate some form of cryptographic protocol, where necessary, examples being secure shell (SSH), Transport-Level Security (TLS), Internet Protocol Security (IPsec), or Virtual Private Networks (VPN)
  • Use a VPN for any protocol that may include sensitive information
  • Additional countermeasures such as strategically locating access points, ensuring firewall filtering, and blocking and the installation of antivirus software should be implemented
  • Ensure that all access points are administered from the wired LAN and never the wireless network

Wireless Security Plan

The Wireless Security Plan must do the following:

  • Identify who may use the technology
  • Identify whether Internet access is required
  • Describe who can install access points and other wireless equipment
  • Provide guidelines on the location of and physical security for access points
  • Describe the type of information that may be sent over wireless links
  • Define standard security settings for access points
  • Describe limitations on how the wireless devices may be used
  • Provide guidelines on reporting wireless security incidents
  • Define the frequency and scope of security assessments to include access point discovery

Access Point Configuration

  • All default passwords should be changed
  • If SNMP is not required, the institution should disable it
  • If SNMP is required, institutions should use SMNPv3 or higher


  • Wireless networks should authenticate the identity of all users, where necessary

Intrusion Detection Systems

  • Institutions should monitor wireless networks to identify potentially infected devices