New Cisco Security Enhancements

ED CARMODY · ‎12-27-2001

With the release of firmware 11.10T, Cisco has made a number of security enhancements to its APs. I've read the SCG, and understand what it is that these enhancements are doing.

But in actuality, what is the net effect of implementing these new features? By using Enhanced MIC verification for WEP, and the Temporal Key Integrity Protocol, what do I gain? How secure do these features make a non-LEAP or EAP WLAN? Can enterprises now deploy secure WLANs without spending $6K+ on an ACS box?

Cisco's current LEAP solution, while very robust, is also extremely expensive for a small business, and makes no economic sense for small deployments (what about my house? Don't I deserve a secure WLAN connection?).

Suggestion: Cisco should offer a very watered-down version of the ACS that could fit on an AP, and only perform WLAN authentications. Most of my customers don't require the whole feature set of the ACS, and are only looking to secure their wireless networks. This software should be a free download (how's that for a dramatic statement?)

Thoughts?

James Strong · ‎01-23-2002

Cisco Aironet now also supports generic RADIUS servers for EAP. I just did a search on the net for free RADIUS software and got quite a few hits!

rberke · ‎03-20-2002

Along the same lines you asked, I'm wondering about the relative improvement / resistance to hacking that MIC+TKIP provide. Does it just stretch the hack time from 1 day to 2? And how would that compare to using IPSEC 3DES client on the PC and an IPSEC gateway between the access points and the rest of the company network?