Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Cisco Aironet Wireless LAN Security - Overview

 

 

Introduction

Overview of security features

 

Resolution

 

Overview of Security Features

 

When you use your client adapter with Windows CE, you can protect your data as it is transmitted through your wireless network by encrypting it through the use of wired equivalent privacy (WEP) encryption keys. With WEP encryption, the transmitting device encrypts each packet with a WEP key, and the receiving device uses that same key to decrypt each packet.

 

The WEP keys used to encrypt and decrypt transmitted data can be statically associated with your adapter or dynamically created as part of the LEAP authentication process. The information in the "Static WEP Keys" and "Dynamic WEP Keys with LEAP" sections below can help you to decide which type of WEP keys you want to use. Dynamic WEP keys with LEAP offer a higher degree of security than static WEP keys.

 

WEP keys, whether static or dynamic, are either 40 or 128 bits in length. 128-bit WEP keys contain more information than 40-bit keys and, therefore, offer a greater level of security.

 

Note Refer to the "Additional WEP Key Security Features" section for information on three security features that can make your WEP keys even more secure.

 

Cisco Aironet Wireless LAN Security Solution

 

In fact, Cisco Aironet wireless security solution offers the more sophisticated key management techniques desired by the researchers. The recently introduced Cisco Aironet WLAN security solution combines several innovations, such as dynamic, per-user, per-session WEP and integrated network logon, that address several of the limitations of WEP, while promoting hassle-free enterprise deployment. Cisco also believes that these features, along with best practices in network design and deployment, and standards efforts on open security framework, such as IEEE 802.1x, will help drive new interoperable solutions to better meet customer needs. By employing a dynamic, not static, WEP encryption key for every user and enabling that key to change frequently, the Cisco Aironet security solution greatly diminishes the applicability of certain attacks identified by the Berkeley researchers.

Using the Cisco Aironet Security solution as a reference, the next sections:

 

Discuss inherent limitations of WEP

Identify areas where the Cisco Aironet wireless security solution augments WEP as defined by IEEE 802.11b to achieve increased levels of robustness and to minimize the vulnerabilities to certain classes of attacks to which WEP and RC4-based security schemes are susceptible

Identify other solutions that Cisco offers its customers to achieve integrated end-to-end security

Outline the standards initiatives that Cisco has undertaken to promote inter-operable security standards for wireless networks

 

Cisco Aironet Wireless LAN Security Overview

 

Perhaps the only thing more important to your business than the data exchanged on your network is the ability to maintain the security of that data. Security fears have caused some network managers to avoid installing wireless LANs (WLANs), regardless of the numerous benefits that they provide.

 

Now the landscape of wireless security has changed, giving IT managers the confidence to deploy WLANs. Today via the Cisco Unified Wireless Network, Cisco offers an enterprise-ready, standards-based, WLAN security solution that supports the following features for Cisco wireless products, Cisco Aironet® products, and Cisco Compatible WLAN client devices.

 

• Support for the IEEE 802.11i standard

• Support for the Wi-Fi Alliance security certifications Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2)

• Strong, mutual authentication and dynamic encryption key management via support for IEEE 802.1X

• Data encryption using Advanced Encryption Standard (AES) or Temporal Key Integrity Protocol (TKIP)

• Support for the broadest range of 802.1X authentication types, client devices, and client operating systems on the market

• Mitigation of active and passive network attacks

• Integration with the Cisco Self-Defending Network and Network Admission Control (NAC)

• Intrusion Prevention System (IPS) capabilities and advanced location services with real-time network visibility

• Indoor/outdoor Wi-Fi security convergence with Cisco's wireless mesh solution

• Management Frame Protection (MFP) to provides strong cryptographic authentication of WLAN management frames for the detection and prevention of 802.11 management frame attacks

 

Cisco, the network leader and a driving force behind wireless networking, has made it possible for network managers to give users the freedom they crave without sacrificing the network security they demand.

 

Important Points

Special attention should be paid to the use of strong passwords. Cisco LEAP is a password-based algorithm. To minimize the possibility of a successful dictionary attack, use strong passwords, which are difficult to guess. Some characteristics of strong passwords include:

 

  • A minimum of ten characters.
  • A mixture of uppercase and lowercase letters.
  • At least one numeric character or one non-alphanumeric character (example: !#@$%).
  • No form of the user's name or user ID.
  • A word that is not found in the dictionary (domestic or foreign).

 

Problem Type

Release notes / product  overview / data sheet / FAQ

 

Reference

Overview of Security Features

Cisco Aironet Response to Press - Flaws in 802.11 Security

Cisco Aironet Wireless LAN Security Overview

Wireless LAN Security Solution

802.11 Wireless LAN Security White Paper