Re: What's the best way to secure 802.11x

danyel.beaudoin · ‎12-03-2001

hello,

I'm a rf network specialist located in Canada and we experience an explosion for WLAN. the biggest concern for the customer is the secutity. Everbody know the problem with the WEP since berkeley crack it.

I was very surprise to don't find this subject on some discution in the security forum.

Now we have a lot of project to secure wireless lan and we read a lot on the subject, but from my point of view there's no perfect solution.

If i use LEAP,radius or ACS my speed will be affected.

What's happen if i use VPN ???, i don't know much this technology, as i said i'm a RF guay who need your help.

Many thanks

Danyel

mmellet · ‎12-10-2001

Take a look at this http://www.cisco.com/warp/public/cc/pd/witc/ao350ap/prodlit/1281_pp.htm

You should also look in the Wireless Security forum www.cisco.com/discuss/wireless for more discussions on this topic.

brent.siler · ‎01-16-2002

The only way to secure wireless is to place the pods outside your firewall or set the up in a DMZ. Have clients connect via VPN. Using LEAP/RADIUS/ACS will place alot of over head. We use this configuration and I have less than a 3% load on my 3005 w/ 20 client accessing.

Get a copy of Airsnort (free) run it on a linux laptop w/ a dlink wireless card, set up a test pod and see how long it takes to gain id's and passwords, most likely less than 3 minutes. Then try the same test with the above config, good luck cracking it.

mmedwid · ‎01-24-2002

FYI - that's what we use as well - CVPN over wireless attached to the outside DMZ. Seems to work fine.