10 points to take into account
Try to reduce the insecurity of WiFi or any other type of networking technology in just 10 points is a utopia, however, is never over use this list as a basis in our facilities.

Rule 1: Discretion

Avoid unnecessary announce the presence of WiFi installation. Be sure to change the SSID of your equipment and not to leave the next factory. Also if possible, disable the beacon (beacon) SSID.
Try to install antennas for access point (AP) and power levels of equipment to prevent the arrival of signal in areas where coverage is not required nor desired.

Rule 2: Protect the cloning

Today it is easy to "convert" a device to appear as another device (impersonation). Lost or stolen devices are also a threat. Filtering by Address Media Access Control (MAC) is an authentication method that can not be used on an individual basis. There should always be accompanied by an independent method of authentication devices, such as user-names and passwords, network directories or other existing authentication schemes.

Rule 3: Encrypt the data

Want privacy is something normal. For this, the data must be encrypted wireless. Basic encryption provided by WiFi, WEP known, is relatively weak in all its forms and its maintenance is costly and inefficient. As a complement to this method is advisable to use demonstrably effective networking technologies such as IPSec with 3DES encryption. Always try to use standard security schemes to facilitate interoperability.

Rule 4: Filter Data

This rule is not actually unique to wireless networks, but it is useful to remember here: Limit and control where you can go traffic on the wireless network. A firewall is the ideal tool for this task. If the wireless network will be used for a particular purpose, such as access to specific enterprise resources, then configure packet filters to the data coming from the wireless network can not reach unintended places.

Rule 5: Limit physical access to access points

Avoid locating APs on desks or other places that can be easily accessed. Visitors curious, unscrupulous or careless employees can easily move, replace or reset the APs. Security can not be guaranteed if care is not the point.

Rule 6: Keep your eyes open

Actively monitor the configurations of the AP. It is not enough to properly configure an AP. Once configured, the AP must be configured properly. Consider that it is easy for someone to run a hardware reset on an AP that is placed on a desk or ceiling. Andalusia actively monitor the configuration of the AP, can ensure that the AP is automatically reconfigured to such events that may occur.

Rule 7: Check the clandestine teams

In many places the APs can be easily installed by employees and intruders and attacking the security policies of the network. Maintain an active policy of detecting transmissions with WiFi sniffer-type software is a critical requirement for operational security

Rule 8: Extreme care if you do not use access points

In a wireless network operating on an ad hoc (or peer to peer), an attacker can leach out and get access to the network using just one client a legitimate point of entry cone. The products known as personal firewall or firewall software complemented with other network management tools to actively track and manage the client before allowing access through the wireless LAN is a good prevention.

Rule 9: Control the bandwidth usage

Failure to comply with this rule exposes it to attacks from denial of service (DoS) or an inefficient use of bandwidth in the best case. There are several ways to regulate the bandwidth usage but remember that the most basic equipment WiFi provide no solution at this point. This really is not a problem if this function located in another part of your network properly.

Rule 10: Time is money

Whenever possible, management implements policies in real time. On many occasions the WiFi networks are widely distributed. For example covering entire campus and incorporate multiple global sites. Security policies (eg validated lists of users or access rights) to change course. These changes must be reflected in real time through the wireless network to reduce the window of opportunity for the intrusion, and more importantly, facilitate the immediate closing of the security breaches detected.