Chapter 1 Overview
Operating System Security
•RSN with or without
•Cranite
•Fortress
•Optional MAC Filtering.
The WEP problem can be further solved using
•Terminated and passthrough VPNs
•Terminated and passthrough Layer Two Tunneling Protocol (L2TP), which uses the IP Security (IPSec) protocol.
•Terminated and
–Internet key exchange (IKE)
–
–Three optional levels of encryption: DES (ANSI X.3.92 data encryption standard), 3DES (ANSI
The Cisco WLAN Solution IPSec implementation also includes
–Message digest algorithm (MD5), or
–Secure hash
•The Cisco Wireless LAN Solution supports local and RADIUS MAC Address filtering.
•The Cisco Wireless LAN Solution supports local and RADIUS user/password authentication.
•The Cisco Wireless LAN Solution also uses manual and automated Disabling to block access to network services. In manual Disabling, the operator blocks access using client MAC addresses. In automated Disabling, which is always active, the operating system software automatically blocks access to network services for an
These and other security features use
Cisco WLAN Solution Wired Security
Many traditional access point vendors concentrate on security for the Wireless interface similar to that described in the “Operating System Security” section on page
Each Cisco Wireless LAN Controller and Cisco 1000 series lightweight access point is manufactured with a unique, signed X.509 certificate. This certificate is used to authenticate IPSec tunnels between devices. These IPSec tunnels ensure secure communications for mobility and device servicing.
Cisco Wireless LAN Controllers and Cisco 1000 series lightweight access points also use the signed certificates to verify downloaded code before it is loaded, ensuring that hackers do not download malicious code into any Cisco Wireless LAN Controller or Cisco 1000 series lightweight access point.
Cisco Wireless LAN Controller Configuration Guide
| ||
|
