Background
Wireless devices and networks enable un-tethered communications to mobile users. Improperly installed, configured or managed wireless technology presents a significant risk to the confidentiality of information. Wireless network security refers to the protection of wireless network hardware, software, and the information contained in them from threats caused by the inherent vulnerabilities in the technology and its implementation.
Scope
This policy applies to all wireless devices, networks, services, and technologies used to access, store, process or transmit Personal Audit Systems Ltd (PAS Ltd) or connect to PAS Ltd. The term “wireless” refers to any technology that does not use cables.
- Wireless includes radio frequency (i.e. satellite, microwave, radio) and optical (i.e. infrared) technologies.
- Wireless networks include both wireless local area networks (WLANs) and wireless wide area networks.
- Wireless devices are any end-user device that uses wireless technology to communicate. These include but are not limited to: phones, tablets, laptop computers, printers, wireless keyboards, wireless mice or trackballs, and bar code scanners
- Wireless Network Nodes are network elements that terminate one end of the wireless communication. That communication may be between a wireless device and a wireless network element or between two wireless network elements.
- Wireless Bridges are wireless transceivers used to connect two or more remote networks. They are typically used to provide campus building-to-building wireless connectivity
Appropriate Use
- Wireless technology may be used to access, store, process or transmit PAS Ltd business and connect to PAS Ltd infrastructure provided that it conforms to any Information Security Policy including but not limited to this policy.
- Wireless devices may not be used to gain or attempt to gain unauthorised access to any network. This includes the internet where the user has not been granted access.
- Only approved services and applications may be used with wireless devices.
- Any planned wireless connection(s) must be reviewed and approved in advance of installation by the management at PAS Ltd.
- The Wireless network must have a disaster recovery plan if required based on business function of the applications running on the network.
Access Control
Access to the company’s networking and computing infrastructure via a wireless connection is considered remote access and must utilize strong authentication and encryption. Appropriate encryption utilizing approved ciphers must be used.
Risk Assessment
The user should employ security measures commensurate with the risk associated with the wireless network. If the network is used for transmission of business sensitive material, classified communications or supports PAS Ltd critical services the risk of loss in the event of an attack on the wireless network, or loss of service can be extensive.
Due to the ever-changing threats and vulnerabilities, risk assessments should be conducted on a periodic basis no less than annually to provide an accurate picture of the total risk to the organization.
A risk assessment should be performed to ensure the capabilities of protection for the technologies utilized. A risk assessment should include but not be limited to; identifying data sensitivity, network vulnerabilities, and critical services. The focus should be to identify potential threats and vulnerabilities.
Authentication
All users of WLANs are required to authenticate before being allowed to access the network.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article