CISCO WIRELESS SECURITY SUITE



Similar documents
Cisco IOS Public-Key Infrastructure: Deployment Benefits and Features

How To Get A New Phone System For Your Business

Cisco Conference Connection

CISCO PIX SECURITY APPLIANCE LICENSING

CISCO METRO ETHERNET SERVICES AND SUPPORT

CISCO CONTENT SWITCHING MODULE SOFTWARE VERSION 4.1(1) FOR THE CISCO CATALYST 6500 SERIES SWITCH AND CISCO 7600 SERIES ROUTER

CISCO NETWORK CONNECTIVITY CENTER

THE CISCO CRM COMMUNICATIONS CONNECTOR GIVES EMPLOYEES SECURE, RELIABLE, AND CONVENIENT ACCESS TO CUSTOMER INFORMATION

CISCO IP PHONE SERVICES SOFTWARE DEVELOPMENT KIT (SDK)

Cisco Secure Access Control Server Solution Engine

Cisco CNS NetFlow Collection Engine Version 4.0

Cisco Router and Security Device Manager File Management

PUBLIC KEY INFRASTRUCTURE CERTIFICATE REVOCATION LIST VERSUS ONLINE CERTIFICATE STATUS PROTOCOL

It looks like your regular telephone.

Cisco 2-Port OC-3/STM-1 Packet-over-SONET Port Adapter

Cisco IT Data Center and Operations Control Center Tour

CISCO SMALL AND MEDIUM BUSINESS CLASS VOICE SOLUTIONS: CISCO CALLMANAGER EXPRESS BUNDLES

Cisco Blended Agent: Bringing Call Blending Capability to Your Enterprise

THE BUSINESS CASE FOR MANAGED SERVICES IN SMALL AND MEDIUM-SIZED BUSINESSES

NETWORK AVAILABILITY IMPROVEMENT SUPPORT OPERATIONAL RISK MANAGEMENT ANALYSIS

Figure 1. The Cisco Aironet Power Injectors Provide Inline Power to Cisco Aironet Access Points and Bridges

CISCO MDS 9000 FAMILY PERFORMANCE MANAGEMENT

NetFlow Feature Acceleration

Cisco CNS NetFlow Collection Engine Version 5.0

CISCO IOS SOFTWARE FEATURE PACKS FOR THE CISCO 1700 SERIES MODULAR ACCESS ROUTERS AND CISCO 1800 SERIES (MODULAR) INTEGRATED SERVICES ROUTERS

CISCO IOS IP SERVICE LEVEL AGREEMENT

E-Seminar. Financial Management Internet Business Solution Seminar

HIGH-DENSITY PACKET VOICE DIGITAL SIGNAL PROCESSOR MODULE FOR CISCO IP COMMUNICATIONS SOLUTION

Cisco Aironet 1130AG Series

IS YOUR OLD PHONE SYSTEM HANGING UP YOUR DISTRICT? CISCO K 12 DIRECT LINE SOLUTION FOR IP COMMUNICATIONS

CISCO IOS SOFTWARE RELEASES 12.4 MAINLINE AND 12.4T FEATURE SETS FOR THE CISCO 3800 SERIES ROUTERS

Cisco GLBP Load Balancing Options

CISCO AIRONET POWER INJECTOR

Cisco Systems GigaStack Gigabit Interface Converter

CISCO IOS SOFTWARE RELEASES 12.4 MAINLINE AND 12.4T FEATURE SETS FOR THE CISCO 2800 SERIES ROUTERS

CISCO SFP OPTICS FOR PACKET-OVER-SONET/SDH AND ATM APPLICATIONS

Cisco WebEx Social Compatibility Guide

Internal IT Staff at a Serbian Children s Hospital Takes Innovative Approach to Outpatient Care

CISCO CATALYST 3750 SERIES SWITCHES

CISCO 7304 SERIES ROUTER PORT ADAPTER CARRIER CARD

Cisco Solution Incentive Program Asia Pacific

Cisco SMB Class Solutions Your Next Phone System Purchase

CISCO ATA 186 ANALOG TELEPHONE ADAPTOR

IP Networking and the Advantages of consolidation

Combined voice and data solution supports Orange s ongoing success in the UK business market

CISCO IP PHONE EXPANSION MODULE 7914

Cisco 7200 and 7500 Series Routers

CISCO ISDN BRI S/T WIC FOR THE CISCO 1700, 1800, 2600, 2800, 3600, 3700, AND 3800 SERIES

CISCO ATA 188 ANALOG TELEPHONE ADAPTOR

CISCO NETWORK CONNECTIVITY CENTER MPLS MANAGER 1.0

CISCO 10GBASE X2 MODULES

Cisco Outbound Option

PREVENTING WORM AND VIRUS OUTBREAKS WITH CISCO SELF-DEFENDING NETWORKS

CISCO CATALYST 6500 SUPERVISOR ENGINE 32

How To Outtask Metro Ether To A Managed Service Provider

CISCO MEETINGPLACE MANAGED SERVICE

Cisco IOS Telephony Services Survivable/Standby Remote Site Telephony

Serial Connectivity Network Modules for the 2600, 3600, and 3700 Series (NM-1HSSI, NM-4T, NM-4A/S, NM-8A/S, NM-16A/S, NM-16A, NM-32A)

CISCO MEETINGPLACE FOR OUTLOOK 5.3

Cisco Systems Brings World-Class Online Banking Solutions to State Bank of India

CISCO CATALYST 6500 SERIES CONTENT SWITCHING MODULE

Cisco Router and Security Device Manager Dial-Backup Solution

SOUTH BAY BMW ACHIEVES UNMATCHED AVAILABILITY AND SECURITY WITH ITS CISCO NETWORK

Cisco PBX Interoperability: Lucent/Avaya Definity G3si V7 PBX with CallManager using Analog FXS and FXO Interfaces as an MGCP Gateway

Cisco 7200 Series Enterprise WAN Aggregation Application

Cisco AVVID Network Enterprise Data Center Solution Overview

Cisco 2600XM DSL Router Bundles

How To Connect A Cisco Aironet 350 Series Wireless Bridge To A Network With A Wireless Bridge

Cisco Catalyst 6500 Series/Cisco 7600 Series Supervisor Engine 720-3BXL

Cisco Intelligent Contact Management Enterprise Edition

The Palace of Versailles Goes Digital, Increasing Revenue and Enhancing Overall Visitor Experience

Cisco IOS Firewall Intrusion Detection System

E-Seminar. E-Commerce Internet Business Solution Seminar

CISCO 100BASE-X SFP FOR FAST ETHERNET SFP PORTS

CISCO CALLMANAGER EXPRESS 3.2

Cisco IT Data Center and Operations Control Center Tour

World Consumer Income and Expenditure Patterns

City Government Improves Caller Service and Cultivates Economic Vitality

What is network convergence all about?

Enabling High Availability for Voice Services in Cable Networks

CISCO ISDN BRI S/T WIC FOR THE CISCO 1700, 1800, 2600, 2800, 3600, 3700, AND 3800 SERIES

IP Communications for Small Offices Using Cisco CallManager Express and Cisco Unity Express

SERIAL AND ASYNCHRONOUS HIGH-SPEED WAN INTERFACE CARDS FOR CISCO 1800, 2800, AND 3800 SERIES INTEGRATED SERVICES ROUTERS

Foreign Taxes Paid and Foreign Source Income INTECH Global Income Managed Volatility Fund

Cisco Business Communications Solution. Brochure

Appendix 1: Full Country Rankings

CISCO 7609 ROUTER ENHANCED 9-SLOT CHASSIS

CISCO AIRONET 1130AG SERIES IEEE A/B/G ACCESS POINT

CONNECT TO COMPREHENSIVE NETWORK SECURITY SOLUTIONS WITH THE CISCO IP NETWORK DEFENDER PROGRAM.

Reporting practices for domestic and total debt securities

DATA SHEET. GigaStack GBIC THE CISCO SYSTEMS GIGASTACK GIGABIT INTERFACE CONVERTER (GBIC) IS A VERSATILE, LOW-COST,

CISCO SMARTNET SUPPORT AND CISCO SMARTNET ONSITE

Cisco PIX Device Manager v3.0

Cisco Unified IP Conference Station 7936

Transcription:

Q&A CISCO WIRELESS SECURITY SUITE OVERVIEW What is the Cisco Wireless Security Suite? The Cisco Wireless Security Suite is an enterprise-ready, standards-based, wireless LAN (WLAN) security solution for Cisco Aironet wireless products and Cisco Compatible Extensions client devices. This solution provides network managers with robust wireless security services that offer freedom and mobility to end users while maintaining a secure network environment. Does the Cisco Wireless Security Suite support the Cisco Structured Wireless-Aware Network (SWAN)? Yes. The Cisco Wireless Security Suite fully supports Cisco SWAN. Cisco SWAN provides the framework to integrate and extend wired and wireless networks to deliver the lowest possible total cost of ownership for companies deploying WLANs. Cisco SWAN extends wireless awareness into important elements of the network infrastructure, providing the same level of security, scalability, reliability, ease of deployment, and management for wireless LANs that organizations have come to expect from their wired LANs. Cisco SWAN allows enterprise and service provider network managers to deploy, operate, manage, and secure several, hundreds, or thousands of access points across numerous industries or deployment scenarios. For more information about Cisco SWAN, visit: http://www.cisco.com/go/swan FEATURES AND BENEFITS What benefits does the Cisco Wireless Security Suite provide? The Cisco Wireless Security Suite provides scalable, centralized security management that closely parallels the security available in a wired LAN. This enterprise-class solution mitigates sophisticated passive and active WLAN attacks and supports dynamic encryption keys to protect the privacy of transmitted data. Quality of service (QoS) and mobility are integrated into the Cisco Wireless Security Suite framework to enable a rich set of enterprise applications. What are the features of the Cisco Wireless Security Suite? Features of the Cisco Wireless Security Suite include: Strong, mutual authentication and dynamic per-user, per-session, encryption key management via support for IEEE 802.1X Data encryption using Temporal Key Integrity Protocol (TKIP), Wired Equivalent Privacy (WEP) and, in 2004, Advanced Encryption Standard (AES) Strong TKIP encryption enhancements such as message integrity check (MIC), per-packet keys via initialization vector hashing, and broadcast key rotation Support for the broadest range of 802.1X authentication types, client devices, and client operating systems on the market Mitigation of network attacks Full support for the Wi-Fi Alliance security standard Wi-Fi Protected Access (WPA) All contents are Copyright 1992 2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement. Page 1 of 1

Is the Cisco Wireless Security Suite a component of the Cisco Self-Defending Network? Yes. The Cisco Wireless Security Suite is a component of the Cisco Self-Defending Network. The Cisco Self-Defending Network strategy describes the Cisco vision for security systems. The Cisco strategy of the Self-Defending Network brings together Secure Connectivity, Threat Defense, and Trust and Identity Management with the capability of infection containment and rogue device isolation in a single solution. For more information about the Cisco Self-Defending Network, visit: http://www.cisco.com/en/us/netsol/ns340/ns394/ns171/ns413/networking_solutions_package.html WPA What are WPA and the Wi-Fi Alliance? WPA was introduced in 2003 by the Wi-Fi Alliance, a nonprofit international association that certifies interoperability of WLAN products based on IEEE 802.11 specifications. WPA provides enhanced, interoperable, standards-based security for WLANs. WPA includes portions of the proposed IEEE 802.11i security standard that can be installed as a software and firmware upgrade on existing Wi-Fi Compliant IEEE 802.11 hardware. WPA was designed to be forward-compatible with the IEEE 802.11i standard. It includes support for IEEE 802.1X and the IEEE 802.11i version of TKIP, which Cisco refers to as WPA TKIP to differentiate it from Cisco TKIP. Does the Cisco Wireless Security Suite support WPA? Yes. The Cisco Wireless Security Suite provides full support for WPA. Will the Cisco Wireless Security Suite support IEEE 802.11i, WPA2, and AES? Yes. In 2004, the Cisco Wireless Security Suite will also support IEEE 802.11i and WPA2. IEEE 802.11i is the IEEE standard for WLAN security that was ratified in June 2004. WPA2 is the successor to WPA. Both 802.11i and WPA2 include AES as an alternative to TKIP. Should I use Cisco TKIP or WPA TKIP on my client devices and access points? Some client devices and adapters, such as Cisco Compatible devices and Cisco Aironet client adapters, support both Cisco TKIP and WPA TKIP. Other client devices and adapters support only WPA TKIP. Some legacy Cisco Aironet adapters may support only Cisco TKIP. With the Cisco Wireless Security Suite, both Cisco TKIP and WPA TKIP algorithms are available on Cisco Aironet access points and Cisco and Cisco Compatible WLAN client devices. Although Cisco TKIP and WPA TKIP do not interoperate, Cisco Aironet access points can run Cisco TKIP and WPA TKIP simultaneously when using multiple VLANs. System administrators will need to choose one set of TKIP algorithms to activate on enterprise client devices, because clients cannot simultaneously support both sets of TKIP algorithms. Cisco recommends that WPA TKIP be used for client devices and access points wherever possible. COMPONENTS What are the components of the Cisco Wireless Security Suite? The Cisco Wireless Security Suite is included with all Cisco Aironet wireless products and Cisco Compatible Extensions client devices. IEEE 802.1X mutual authentication requires a RADIUS or authentication, authorization, and accounting (AAA) server and Extensible Authentication Protocol (EAP) types. The Cisco Secure Access Control Server (ACS) or Cisco CNS Access Registrar is recommended. The Cisco Wireless Security Suite supports several EAP types, including Cisco EAP (LEAP), EAP-Flexible Authentication via Secure Tunneling (EAP-FAST), EAP- Transport Layer Security (EAP-TLS), Protected EAP (PEAP), EAP-Tunneled TLS (EAP-TTLS), and EAP-Subscriber Identity Module (EAP-SIM). What is IEEE 802.1X? IEEE 802.1X is a port-based security standard (set by the IEEE 802.1 Working Group) for network access control. IEEE 802.1X for IEEE 802.11 takes advantage of standard protocols such as EAP and RADIUS to provide centralized user identification, authentication, dynamic key management, and accounting. This protocol is compatible with wireless roaming technologies, and works between supplicants and authenticators. Authentication and authorization are achieved with back-end communication to an authentication server, such as Cisco Secure ACS. Page 2 of 6

What is EAP? EAP is a flexible authentication protocol (specified in RFC 2284) that typically rides on top of another protocol such as IEEE 802.1X, RADIUS, or TACACS+. EAP enables the support of new, advanced user authentication methods that allow the authenticator (an Ethernet solution such as a switch, or a WLAN infrastructure device such as an access point) to serve as the user authentication carrier between the client supplicant (software on the client device that is trying to connect to the network) and the authentication server (such as a RADIUS server that supports the appropriate EAP type). Examples of EAP types include: Cisco LEAP 802.1X EAP authentication type developed by Cisco Systems to provide dynamic per-user, per-session encryption keys. EAP-FAST Publicly accessible IEEE 802.1X EAP type developed by Cisco Systems to support customers who cannot enforce a strong password policy and wish to deploy an 802.1X EAP type that does not require digital certificates. EAP-FAST supports several user and password database types, supports password expiration and change, and is flexible, easy to deploy, and easy to manage. PEAP 802.1X EAP authentication type that takes advantage of server-side EAP-TLS and supports several different authentication methods, including logon passwords and one-time passwords (OTPs). EAP-TLS 802.1X EAP authentication algorithm based on the TLS protocol (RFC 2246). TLS uses mutual authentication based on X.509 certificates. EAP-Message Digest 5 (MD5) User name and password method that incorporates MD5 hashing for more secure authentication. EAP-Generic Token Card (GTC) One of the defined EAP types in RFC 2284, supports authentication using OTPs and other criteria. DEPLOYMENT What is the deployment advantage of the Cisco Wireless Security Suite? In order to deploy large-scale enterprise WLANs, network administrators need scalable, problem-free security administration that does not increase the burden on the IT staff. The Cisco Wireless Security Suite easily integrates with an existing network, and is available on easy-to-install Cisco Aironet products. With the Cisco Wireless Security Suite s security features properly configured and activated, network administrators can feel confident that company data will remain private and secure. Who can deploy the Cisco Wireless Security Suite? Small businesses to large-scale enterprise multinational companies can deploy the Cisco Wireless Security Suite within any Cisco Aironet deployment. Is the Cisco Wireless Security Suite available today? Yes. The Cisco Wireless Security Suite with IEEE 802.1X and TKIP has been available from Cisco since November 2001, with support for Cisco LEAP available since December 2000. Network managers can implement the Cisco Wireless Security Suite solution to meet their specific network configuration requirements using an EAP type of their choice. Where can I learn more about deploying the Cisco Wireless Security Suite? Several Cisco Wireless Security Suite deployment guides are available. Please visit the Cisco Aironet Technical References website to view these documents. Where can I learn more about deploying secure WLANs? Read the following documents to learn more about deploying secure WLANs: SAFE: Wireless LAN Security in Depth Version 2 Wireless LAN Security White Paper Cisco Aironet Technical References Page 3 of 6

Where can I learn more about WLAN security? Please read the Cisco Aironet WLAN Security brochure to learn more about WLAN security. ATTACK MITIGATION What network attacks are mitigated by the Cisco Wireless Security Suite? The Cisco Wireless Security Suite mitigates several network attacks, including man-in-the-middle, authentication forging, weak key attacks, packet forgery, and brute force attacks when PEAP, EAP-TLS, EAP-FAST, or Cisco LEAP are used with TKIP or AES. It is important to note that Cisco LEAP requires strong passwords. Where can I learn more about WLAN network attacks? Read the Cisco Aironet Wireless LAN Security Overview Temporal Key Integrity Protocol section as well as the WLAN deployment documents listed above. FOR MORE INFORMATION For more information about the Cisco Wireless Security Suite, visit: http://www.cisco.com/go/aironet/security For more information about Cisco SWAN, visit: http://www.cisco.com/go/swan For more information about Cisco Aironet products, visit: http://www.cisco.com/go/aironet For more information about Cisco Compatible client devices, visit: http://www.cisco.com/go/ciscocompatible/wireless For more information about Cisco Secure ACS, visit: http://www.cisco.com/go/acs For more information about Cisco CNS Access Registrar, visit: http://www.cisco.com/en/us/products/sw/netmgtsw/ps411/index.html Page 4 of 6

Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 European Headquarters Cisco Systems International BV Haarlerbergpark Haarlerbergweg 13-19 1101 CH Amsterdam The Netherlands www-europe.cisco.com Tel: 31 0 20 357 1000 Fax: 31 0 20 357 1100 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA www.cisco.com Tel: 408 526-7660 Fax: 408 527-0883 Asia Pacific Headquarters Cisco Systems, Inc. 168 Robinson Road #28-01 Capital Tower Singapore 068912 www.cisco.com Tel: +65 6317 7777 Fax: +65 6317 7799 Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on the Cisco Web site at www.cisco.com/go/offices. Argentina Australia Austria Belgium Brazil Bulgaria Canada Chile China PRC Colombia Costa Rica Croatia Cyprus Czech Republic Denmark Dubai, UAE Finland France Germany Greece Hong Kong SAR Hungary India Indonesia Ireland Israel Italy Japan Korea Luxembourg Malaysia Mexico The Netherlands New Zealand Norway Peru Philippines Poland Portugal Puerto Rico Romania Russia Saudi Arabia Scotland Singapore Slovakia Slovenia South Africa Spain Sweden Switzerland Taiwan Thailand Turkey Ukraine United Kingdom United States Venezuela Vietnam Zimbabwe Copyright 2004 Cisco Systems, Inc. All rights reserved. Cisco, Cisco Systems, the Cisco Systems logo, Aironet, and Network Registrar are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0402R) 204064_ETMG_SD_09.04 Printed in the USA Page 5 of 6

Page 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information