Cisco Systems OL-7426-03 quick start Cisco Wlan Solution Security, Overview, Layer 1 Solutions

Cisco WLAN Solution Security

Cisco WLAN Solution Security includes the following sections:

•Overview

•Layer 1 Solutions

•Layer 2 Solutions

•Layer 3 Solutions

•Single Point of Configuration Policy Manager Solutions

•Rogue Access Point Solutions

•Integrated Security Solutions

•Simple, Cost-Effective Solutions

Overview

The industry-leading Cisco WLAN Solution Security solution bundles potentially complicated Layer 1, Layer 2 and Layer 3 802.11 Access Point security components into a simple policy manager that customizes system-wide security policies on a per-WLAN basis (Operating System Security). Unlike SOHO (small office, home office) 802.11 products, the Cisco WLAN Solution Security solution provides simple, unified, and systematic security management tools.

One of the biggest hurdles to WLAN deployment in the enterprise is the WEP (Wired Equivalent Privacy) encryption, which has proven to be a weak standalone encryption method. A newer problem is the availability of low-cost access points, which can be connected to the enterprise network and used to mount ‘man-in-the-middle’ and denial-of-service attacks. Also, the complexity of add-on security solutions has prevented many IT managers from embracing the new 802.11 benefits. Finally, the

802.11security configuration and management cost has been daunting for resource-bound IT departments.

Layer 1 Solutions

The Cisco WLAN Solution Operating System Security solution ensures that all clients gain access within an operator-set number of attempts. Should a client fail to gain access within that limit, it is automatically excluded (blocked from access) until the operator-set timer expires. The Operating System can also disable SSID broadcasts on a per-WLAN basis.

Layer 2 Solutions

If a higher level of security and encryption is required, the network administrator can also implement industry-standard security solutions, such as: 802.1X dynamic keys with EAP (extensible authentication protocol), or WPA (Wi-Fi protected access) dynamic keys. The Cisco WLAN Solution WPA implementation includes AES (advanced encryption standard), TKIP + Michael (temporal key integrity protocol + message integrity code checksum) dynamic keys, or WEP (Wired Equivalent Privacy) static keys. Disabling is also used to automatically block Layer 2 access after an operator-set number of failed authentication attempts.

Regardless of the wireless security solution selected, all Layer 2 wired communications between Cisco Wireless LAN Controllers and Cisco 1000 Series lightweight access points are secured by passing data through LWAPP tunnels.