Cisco Systems OL-7426-03 About the Operating System Software, About Operating System Security

5/26/05 Operating System Software

OL-7426-03

About the Operating System SoftwareOperating System Software

The Operating System Software controls Cisco Wireless LAN Controllers and Cisco 1000 Series Light-

weight Access Points. It includes full Operating System Security and Radio Resource Management

(RRM) features.

About Operating System SecurityOperating System Security

Operating System Security bundles Layer 1, Layer 2 and Layer 3 security components into a simple,

Cisco WLAN Solution-wide policy manager that creates independent security policies for each of up to

16 WLANs. (Refer to Cisco WLAN Solution WLANs.)

One of the barriers that made enterprises avoid deploying 802.11 networks was the inherent weakness

of 802.11 Static WEP (Wired Equivalent Privacy) encryption. Because WEP is so insecure, enterprises

have been looking for more secure solutions for business-critical traffic.

The 802.11 Static WEP weakness problem can be overcome using robust industry-standard security

solutions, such as:

•802.1X dynamic keys with EAP (extensible authentication protocol).

•WPA (Wi-Fi protected access) dynamic keys. The Cisco WLAN Solution WPA implementation

includes:

-TKIP + Michael (temporal key integrity protocol + message integrity code checksum)

dynamic keys, or

-WEP (Wired Equivalent Privacy) keys, with or without Pre-Shared key Passphrase.

•RSN with or without Pre-Shared key.

•Cranite FIPS140-2 compliant passthrough.

•Fortress FIPS140-2 compliant passthrough.

•Optional MAC Filtering.

The WEP problem can be further solved using industry-standard Layer 3 security solutions, such as:

•Terminated and passthrough VPNs (virtual private networks), and

•Terminated and passthrough L2TP (Layer Two Tunneling Protocol), which uses the IPSec (IP

Security) protocol.

•Terminated and pass-through IPSec (IP security) protocols. The terminated Cisco WLAN

Solution IPSec implementation includes:

-IKE (internet key exchange),

-DH (Diffie-Hellman) groups, and

-Three optional levels of encryption: DES (ANSI X.3.92 data encryption standard), 3DES

(ANSI X9.52-1998 data encryption standard), or AES/CBC (advanced encryption

standard/cipher block chaining).

The Cisco WLAN Solution IPSec implementation also includes industry-standard authentication

using:

-MD5 (message digest algorithm), or

-SHA-1 (secure hash algorithm-1).

•The Cisco WLAN Solution supports local and RADIUS MAC Address (media access control)

filtering.

•The Cisco WLAN Solution supports local and RADIUS user/password authentication.