Wireless Communication Standard
1.0 Purpose
This standard specifiesdefines the minimum technical requirements that wireless infrastructure devices (e.g., access points, routers) must satisfymeet to connectbe authorized for connection to athe <Company Name>organization's network. The objective is to ensure the security and integrity of the network by controlling wireless access and mitigating associated risks. Only devices meeting these standards, or those granted a formal exception, are permitted.
2.0 Scope
This standard applies to all employees, contractors, consultants, temporary staff, and other personnel of the organization and its subsidiaries. It covers any individual who installs, manages, or utilizes wireless infrastructure devices that connect to, or provide connectivity to, the organization's network infrastructure. This includes both corporate-managed and user-managed (e.g., home) wireless devices used for accessing organizational resources.
3.0 Policy Statements
The following technical standards and requirements apply to all wireless infrastructure devices connecting to the organization's network:
3.1 General Requirements for Corporate Wireless Devices
All wireless infrastructure devices managed by the organization or connecting directly to the corporate network infrastructure, particularly those providing access to Confidential, Highly Confidential, or Restricted information (as defined by the organization's Data Classification Policy), must adhere to the following minimum security configurations:
* **(Placeholder: Specific requirements need to be detailed here.** Examples might include: WPA2/WPA3 Enterprise authentication, specific EAP types like EAP-TLS or PEAP, disabling SSID broadcast for certain networks, strong administrative credentials, regular firmware updates, physical security considerations, prohibition of open/guest networks without proper segmentation, etc.)
3.2 Requirements for Home/Remote Wireless Devices Accessing Corporate Network
Wireless infrastructure devices located in remote or home environments that provide direct access to the organization's internal network (e.g., supporting hardware VPN connections or specific teleworker solutions) must meet the following minimum security standards:
* **(Placeholder: Specific requirements need to be detailed here.** Examples might include: WPA2/WPA3 Personal (PSK) with strong, complex passphrases, changing default administrative credentials, enabling network encryption, disabling UPnP, keeping firmware updated, ensuring the device is physically secure, etc.)
3.3 Approval and Exceptions
Only wireless infrastructure devices that meet the requirements specified in this standard or are granted an exception by the Precision Computer Team are approved for connectivityconnectivity. toAny aexception <Companymust Name>be network.
Alldocumented, employees, contractors, consultants, temporaryjustified, and otherapproved workersin atadvance <Company Name> and its subsidiaries, including all personnel that maintain a wireless infrastructure device on behalf of <Company Name>, must comply with this standard. This standard applies to wireless devices that make a connectionby the networkdesignated andIT all wireless infrastructure devices that provide wireless connectivity to the network.
Precision Computer must approve exceptions to this standard in advance.
General Requirements
All wireless infrastructure devices that connect to a <Company Name> network or provide access to <Company Name> Confidential, <Company Name> Highly Confidential, or <Company Name> Restricted information must:
All home wireless infrastructure devices that provide direct access to a <Company Name> network, such as those behind Enterprise Teleworkerauthority (ECT) or hardware VPN, must adhere to the following:
Compliance Measurement
Thee.g., Precision Computer teamTeam).
4.0 Compliance
4.1 Compliance Measurement
The designated IT authority (e.g., Precision Computer Team) will verify compliance towith this policystandard through various methods, including but not limited to,to periodicnetwork walk-thrus,scanning, videodevice monitoring,configuration businessaudits, log reviews, physical inspections, and analysis of security tool reports,reports. internalFindings andwill externalbe audits, and feedbackreported to the policy owner.owner and relevant management.
Any4.2 Exceptions
As stated in section 3.3, any exception to this standard requires formal, documented justification and advance approval from the policydesignated mustIT beauthority approved by the(e.g., Precision Computer TeamTeam).
4.3 Enforcement
Failure to comply with this standard may result in advance.the
Anof employeenon-compliant founddevices tofrom havethe violatednetwork. thisViolations policyby personnel may be subjectlead to disciplinary action, up to and including termination of employment.employment or contract, consistent with organizational procedures.
Lab5.0 Security PolicyDefinitions
For
clarity,Thethe following definition and terms are relevant to this standard. Further definitions can often be found in theestablished SANSindustry Glossarysecurity located at:glossaries:
https://www.sans.org/security-resources/glossary-of-terms/
**AES
(Advanced Encryption Standard):** A strong symmetric block cipher algorithm used for data encryption.
* **EAP (Extensible Authentication Protocol):** An authentication framework often used in wireless networks (e.g., EAP-FAST, EAP-TLS, PEAP).
* **EAP-FAST
(Flexible Authentication via Secure Tunneling)**
* **EAP-TLS
(Transport Layer Security)**
* **PEAP
(Protected Extensible Authentication Protocol)**
* **SSID
(Service Set Identifier):** A name that identifies a wireless network.
* **TKIP
(Temporal Key Integrity Protocol):** An older encryption protocol used with WPA; now considered less secure than AES.
* **WPA-PSK (Wi-Fi Protected Access - Pre-Shared Key):** A security protocol using a shared key for authentication, commonly used in home networks (also known as WPA/WPA2/WPA3 Personal).