[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nanog
Subject:    NIST best practices for wireless networks?
From:       Sean Donelan <sean () donelan ! com>
Date:       2002-07-27 6:29:29
[Download RAW message or body]



NIST has a new draft publication on Wireless Network Security.  It is a
good consolidation of 802.11 and bluetooth wireless security.

http://csrc.nist.gov/publications/drafts/draft-sp800-48.pdf

What I would like to call network operator's attention is the checklist of
recommended wireless network security best practices.  Although the NIST
publication says it is applicable to all organizations, the checklist may
only be applicable to specific uses of wireless networks.  Some
universities are on the fourth generation of their wireless network
architecture, having found some of the best practices weren't the best
thing to do.

One example, the NIST recommendation is to "enable all security features
of the WLAN product, including the cryptographic authentication and WEP
privacy feature."  While vendors may like this, a blanket recommendation
to enable all (including vendor proprietary?) security features probably
isn't a good idea.

[prev in list] [next in list] [prev in thread] [next in thread]