Operating System Security - Cisco 2100 Series Configuration Manual

Chapter 1 Overview

Operating System Security

Operating system security bundles Layer 1, Layer 2, and Layer 3 security components into a simple,
Cisco WLAN Solution-wide policy manager that creates independent security policies for each of up to
16 wireless LANs. (Refer to the
The 802.11 Static WEP weaknesses can be overcome using robust industry-standard security solutions,
such as:
•
•
•
•
The WEP problem can be further solved using industry-standard Layer 3 security solutions, such as:
•
•
•
•
These and other security features use industry-standard authorization and authentication methods to
ensure the highest possible security for your business-critical wireless LAN traffic.
Cisco WLAN Solution Wired Security
Many traditional access point vendors concentrate on security for the Wireless interface similar to that
described in the
LAN Controller Service Interfaces, Cisco Wireless LAN Controller to access point, and inter-Cisco
Wireless LAN Controller communications during device servicing and client roaming, the operating
system includes built-in security.
Each Cisco Wireless LAN Controller and lightweight access point is manufactured with a unique, signed
X.509 certificate. These signed certificates are used to verify downloaded code before it is loaded,
ensuring that hackers do not download malicious code into any Cisco Wireless LAN Controller or
lightweight access point.
Cisco Wireless LAN Controllers and lightweight access points also use the signed certificates to verify
downloaded code before it is loaded, ensuring that hackers do not download malicious code into any
Cisco Wireless LAN Controller or lightweight access point.
OL-17037-01
802.1X dynamic keys with extensible authentication protocol (EAP).
Wi-Fi protected access (WPA) dynamic keys. The Cisco WLAN Solution WPA implementation
includes:
– Temporal key integrity protocol (TKIP) + message integrity code checksum (Michael) dynamic
keys, or
WEP keys, with or without Pre-Shared key Passphrase.
–
RSN with or without Pre-Shared key.
Optional MAC filtering.
Passthrough VPNs
The Cisco Wireless LAN Solution supports local and RADIUS MAC address filtering.
The Cisco Wireless LAN Solution supports local and RADIUS user/password authentication.
The Cisco Wireless LAN Solution also uses manual and automated disabling to block access to
network services. In manual disabling, the operator blocks access using client MAC addresses. In
automated disabling, which is always active, the operating system software automatically blocks
access to network services for an operator-defined period of time when a client fails to authenticate
for a fixed number of consecutive attempts. This can be used to deter brute-force login attacks.
"Operating System Security" section on page
"Cisco UWN Solution WLANs" section on page
Cisco Wireless LAN Controller Configuration Guide
Operating System Security
1-13.)
1-5. However, for secure Cisco Wireless
1-5