Cisco Cisco Aironet 1240 AG Access Point 白皮書
White Paper
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 7
Admission Control. For more detailed information about setting up a secure guest network, see
Achieving Business Goals and Enhancing Customer Relationships with a Secure Guest Access
WLAN
.
Security Services
Security and privacy are paramount for retail enterprises. In addition to violating corporate secrets,
breaches can cause severe damage to brand equity, as demonstrated by recent Internet attacks
in which thousands of customer records were stolen. If customers associate a major violation of
private information with the retailer’s brand, it becomes far more difficult to win their loyalty.
Further, the payment card industry (PCI) has created requirements for data security designed
to be implemented by any businesses that accepts or facilitates credit card transactions or the
handling of sensitive credit card and user information. Cisco’s Wireless LAN Security Services
were designed to strictly adhere to the most stringent industry regulations and enable the full
business-enhancing potential of wireless networks to be realized while encrypting, firewalling,
and protecting all sensitive data, whether that data is corporate or private customer information.
When the most recent security standard, IEEE 802.11i, is employed, wireless networks are as
secure as many wired network implementations (and in some cases, more secure). However,
because wireless LANs can penetrate beyond the physical boundaries of buildings, wireless
threats can exist from unauthorized infrastructure and clients that aren’t even on premises. The
good news for retail IT managers is that these threats can be detected and prevented using the
Cisco Unified Wireless Network while it simultaneously provides service to wireless clients.
The most common threat is the rogue client or access point. Rogues are typically consumer-grade
access points that are brought in by employees anxious to provide wireless service to their general
surroundings or clients with dedicated software deliberately trying to access network resources
they are not authorized to access. Unfortunately, while the consumer-grade access points are
deployed on premises with the best of intentions, because the default mode for most APs is to
have security disabled, they become an unsecured portal to the enterprise network for anyone
within range of the signal. And because wireless LAN signals can pass outside the building,
unauthorized rogue clients may gain access to the network.
To address this security risk, the Cisco Unified Wireless Network provides advanced security
services that continuously monitor, identify, and prevent wireless threats. Cisco Unified Wireless
Network lightweight access points, whether servicing clients or configured as air monitors, scan for
all Wi-Fi activity. If a managed access point detects another access point over the air, and it is not
managed by a Cisco Unified Wireless Network controller, it is classified as a rogue. As Figure 2
shows, the location of the rogue will be immediately plotted on the floor plan map in the Cisco
Wireless Control System (WCS). This technique ensures the quick physical removal of the rogue
without the need for time-consuming inspections using a handheld analyzer. Similar techniques
are used for ad hoc networks, client misassociation, denial of service attacks, and penetration
attempts.