02-08-2007 06:03 PM - edited 07-03-2021 01:36 PM
Good Afternoon Everyone,
We have WLSE currently setup with around 30x Aironet 1200 AP's and 10x 1130 AP's. Unfortunately there are no security or encryption. I was wondering what is the best way to provide security. We are a Windows 2003 domain as well.
cheers,
Mark
02-09-2007 06:53 AM
Hi Mark,
Wireless Security is a very complex issue (as you have probably discovered) To recommend a "best" way to secure your environment in this forum would be doing you a real disservice :( I have attached some good "getting started" type Security docs) and would suggest having a good read of them. You may also want to engage your Cisco partner and Cisco SE to help you plan and implement this most important function of Wireless.
Wireless LAN Security White Paper
Five Steps to Securing Your Wireless LAN and Preventing Wireless Threats
WLAN Security considerations (Part of WLAN SRND Guide)
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns178/c649/ccmigration_09186a00800d67eb.pdf
Wireless LAN Security Solution
http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/netqa0900aecd801e3e59.html
I truely hope this helps you on your way with this excellent endeavour!
Rob
02-15-2007 07:51 PM
I would recommend that you set up a lab to set up your security for the wireless and then test it. Once you get the design down for the wireless and have tested it, you may want to have your security department or IT auditors give it a vulnerability test.
We did ours years ago and did such things as switch port mac address security so nobody could plug in an A/P and get on our network.
We put wireless on a seperate vlan considered to be unsecure.
We installed a soon to be EOL 3030 VPN to provide the AAA/encryption/tunneling and placed the 3030 in a secure computer room. Only after the AAA encrypted session coming in could you get onto the secure backbone vlan.
We installed the VPN encryption software on all PC's to encrypt/de-encrypt the traffic in a VPN tunnel.
We installed mac filtering on all A/P.
Now Cisco has the new ASA5500 series security appliances and it is really much better than the old 3030/3060 VPN's.
See your Cisco Rep, they have come a long way since we put ours in.
Word of caution, watch using inexperienced people updating your network....especially contractors. We took our lab equipment out of the box and accessed a secure network a block away for a very sensitive government facility because they did not reapply their security features and they accepted defaults after an upgrade.
Good Luck,
Ron
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide