Cisco Cisco 4402 Wireless LAN Controller Libro bianco
Cisco and Intel—Five Myths of Wireless Networks
Page 3
A multilayered approach to security is required to provide protection to any mobile solution. The following is a five-step approach for mitigating
risks to the network from wireless threats:
“Intel and Cisco have delivered industry-
leading, standards- based wireless
security solutions, making the wireless
network more secure than the wired.”
— Pat
Calhoun
CTO Wireless Networking
Cisco Systems
Cisco Systems
1.
Create a WLAN security policy.
2.
Secure the WLAN.
3.
Secure the wired (Ethernet) network against wireless threats.
4.
Defend the organization from external threats.
5.
Enlist employees in safeguarding the network.
Secure network communications entail both encryption of data and authentication of
users to the network. In a wireless network, much like a wired network, these two
components do not have to be combined, but for most networks it is recommended
to use both. Exceptions might include hotspot or guest networks. In addition, the
unique characteristics of the wireless network require adoption of other security
techniques to defend the network, including:
• Using strong encryption
• Deploying mutual authentication between the client and the network
• Modifying the Secure Set Service Identifier (SSID)
• Using identity-based networking to segment users to appropriate resources
• Ensuring management ports are secure
• Deploying mutual authentication between the client and the network
• Modifying the Secure Set Service Identifier (SSID)
• Using identity-based networking to segment users to appropriate resources
• Ensuring management ports are secure
To protect the wired network from wireless threats, IT must also consider threat control and containment. Wireless threat control and
containment are vitally important, especially in an era in which lack of threat control can lead to violations of regulatory controls or legal
statutes. Even a “no Wi-Fi” policy is no guarantee of security against these threats without a comprehensive RF monitoring solution. For
example, rogue access points can be brought in by employees, and notebook computers with embedded Wi-Fi can connect to neighboring
networks, which can create security holes.
By working together, both Intel and Cisco address such security vulnerabilities—for example, by utilizing roaming profile rules for the Cisco
Unified Wireless Network as well as the Intel
®
Centrino
®
mobile technology client. Wireless network security is dramatically enhanced when
both the access point infrastructure and the client are locked down. The last thing IT wants to worry about is clients roaming to rogue access
points or a user setting up their own ad hoc network to some other notebook computer or device.
Based on a multilayered approach to securing wireless networks, IT directors can have confidence when deploying production-scale networks.
Such an approach ensures the integrity of the information passed over the wireless network and maintains adequate barriers to protect
internal resources.
Cisco and Intel Enhance Security
Cisco Systems and Intel have worked extensively to improve both the robustness and manageability of wireless security.
Both companies have:
• Taken a leading role in the standards bodies
• Delivered the Cisco Compatible Extensions program to bring the latest
• Delivered the Cisco Compatible Extensions program to bring the latest
Wi-Fi security standards to Wi-Fi devices
• Provided customers with security standards such as LEAP and EAP-FAST
• Committed to delivering improved security features such as management frame protection
• Committed to delivering improved security features such as management frame protection
7/25/06