Cisco Systems OL-7426-03 Manual De Usuario
5/26/05
Cisco WLAN Solution Security
OL-7426-03
Cisco WLAN Solution Security
Cisco WLAN Solution Security
Cisco WLAN Solution Security includes the following sections:
•
•
•
•
•
•
•
•
Overview
Overview
The industry-leading Cisco WLAN Solution Security solution bundles potentially complicated Layer 1,
Layer 2 and Layer 3 802.11 Access Point security components into a simple policy manager that
customizes system-wide security policies on a per-WLAN basis (
Layer 2 and Layer 3 802.11 Access Point security components into a simple policy manager that
customizes system-wide security policies on a per-WLAN basis (
). Unlike
SOHO (small office, home office) 802.11 products, the Cisco WLAN Solution Security solution provides
simple, unified, and systematic security management tools.
One of the biggest hurdles to WLAN deployment in the enterprise is the WEP (Wired Equivalent Privacy)
encryption, which has proven to be a weak standalone encryption method. A newer problem is the
availability of low-cost access points, which can be connected to the enterprise network and used to
mount ‘man-in-the-middle’ and denial-of-service attacks. Also, the complexity of add-on security
solutions has prevented many IT managers from embracing the new 802.11 benefits. Finally, the
802.11 security configuration and management cost has been daunting for resource-bound IT
departments.
simple, unified, and systematic security management tools.
One of the biggest hurdles to WLAN deployment in the enterprise is the WEP (Wired Equivalent Privacy)
encryption, which has proven to be a weak standalone encryption method. A newer problem is the
availability of low-cost access points, which can be connected to the enterprise network and used to
mount ‘man-in-the-middle’ and denial-of-service attacks. Also, the complexity of add-on security
solutions has prevented many IT managers from embracing the new 802.11 benefits. Finally, the
802.11 security configuration and management cost has been daunting for resource-bound IT
departments.
Layer 1 Solutions
Layer 1 Solutions
The Cisco WLAN Solution Operating System Security solution ensures that all clients gain access within
an operator-set number of attempts. Should a client fail to gain access within that limit, it is
automatically excluded (blocked from access) until the operator-set timer expires. The Operating
System can also disable SSID broadcasts on a per-WLAN basis.
an operator-set number of attempts. Should a client fail to gain access within that limit, it is
automatically excluded (blocked from access) until the operator-set timer expires. The Operating
System can also disable SSID broadcasts on a per-WLAN basis.
Layer 2 Solutions
Layer 2 Solutions
If a higher level of security and encryption is required, the network administrator can also implement
industry-standard security solutions, such as: 802.1X dynamic keys with EAP (extensible authentication
protocol), or WPA (Wi-Fi protected access) dynamic keys. The Cisco WLAN Solution WPA
implementation includes AES (advanced encryption standard), TKIP + Michael (temporal key integrity
protocol + message integrity code checksum) dynamic keys, or WEP (Wired Equivalent Privacy) static
keys. Disabling is also used to automatically block Layer 2 access after an operator-set number of failed
authentication attempts.
Regardless of the wireless security solution selected, all Layer 2 wired communications between Cisco
Wireless LAN Controllers and Cisco 1000 Series lightweight access points are secured by passing data
through LWAPP tunnels.
industry-standard security solutions, such as: 802.1X dynamic keys with EAP (extensible authentication
protocol), or WPA (Wi-Fi protected access) dynamic keys. The Cisco WLAN Solution WPA
implementation includes AES (advanced encryption standard), TKIP + Michael (temporal key integrity
protocol + message integrity code checksum) dynamic keys, or WEP (Wired Equivalent Privacy) static
keys. Disabling is also used to automatically block Layer 2 access after an operator-set number of failed
authentication attempts.
Regardless of the wireless security solution selected, all Layer 2 wired communications between Cisco
Wireless LAN Controllers and Cisco 1000 Series lightweight access points are secured by passing data
through LWAPP tunnels.