WLSE / Security / Authentication advice

Unanswered Question
Feb 8th, 2007

Good Afternoon Everyone,

We have WLSE currently setup with around 30x Aironet 1200 AP's and 10x 1130 AP's. Unfortunately there are no security or encryption. I was wondering what is the best way to provide security. We are a Windows 2003 domain as well.

cheers,

Mark

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rob.huffman Fri, 02/09/2007 - 06:53

Hi Mark,

Wireless Security is a very complex issue (as you have probably discovered) To recommend a "best" way to secure your environment in this forum would be doing you a real disservice :( I have attached some good "getting started" type Security docs) and would suggest having a good read of them. You may also want to engage your Cisco partner and Cisco SE to help you plan and implement this most important function of Wireless.

Wireless LAN Security White Paper

http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns386/networking_solutions_white_paper09186a00800b469f.shtml

Five Steps to Securing Your Wireless LAN and Preventing Wireless Threats

http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns386/networking_solutions_white_paper0900aecd8042e23b.shtml

WLAN Security considerations (Part of WLAN SRND Guide)

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns178/c649/ccmigration_09186a00800d67eb.pdf

Wireless LAN Security Solution

http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/netqa0900aecd801e3e59.html

I truely hope this helps you on your way with this excellent endeavour!

Rob

rcoblentz Thu, 02/15/2007 - 19:51

I would recommend that you set up a lab to set up your security for the wireless and then test it. Once you get the design down for the wireless and have tested it, you may want to have your security department or IT auditors give it a vulnerability test.

We did ours years ago and did such things as switch port mac address security so nobody could plug in an A/P and get on our network.

We put wireless on a seperate vlan considered to be unsecure.

We installed a soon to be EOL 3030 VPN to provide the AAA/encryption/tunneling and placed the 3030 in a secure computer room. Only after the AAA encrypted session coming in could you get onto the secure backbone vlan.

We installed the VPN encryption software on all PC's to encrypt/de-encrypt the traffic in a VPN tunnel.

We installed mac filtering on all A/P.

Now Cisco has the new ASA5500 series security appliances and it is really much better than the old 3030/3060 VPN's.

See your Cisco Rep, they have come a long way since we put ours in.

Word of caution, watch using inexperienced people updating your network....especially contractors. We took our lab equipment out of the box and accessed a secure network a block away for a very sensitive government facility because they did not reapply their security features and they accepted defaults after an upgrade.

Good Luck,

Ron

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode