CHAPTER 6Hardening the Wireless Infrastructure
Infrastructure hardening has a special place in my heart; it's how I got involved with network security in the beginning. As part of architecting networks for clients and upgrading switches, routers, firewalls, and wireless, hacking into the devices (with the client's permission of course) was how we were able to access the systems in cases where a team inherited an environment or lost key personnel. Among the various projects, there was only one router we weren't able to access. Every other device or network offered a way in, either through misconfiguration or lack of hardening.
Secure architecture planning should address hardening the infrastructure, and many of these best practices should be in place before the wireless infrastructure is deployed, even in a test or proof of concept (PoC) deployment.
This chapter introduces concepts related to hardening the infrastructure including securing management access, implementing controls to guarantee integrity of the system, guidance for hardening client-facing services, and additional considerations and vendor-dependent features.
After you've worked through your planning tasks covered in Chapter 5, “Planning and Design for Secure Wireless,” the next considerations to incorporate are the hardening aspects.
Hardening recommendations vary by organization based on risk tolerance, threats, and the resources available. It's important to note that not every organization will be able to implement ...