WLAN Security

Version 1
WLAN&3G Product Team
1.1.1 .................................................................. 3
1.1.1.1 ............................................................................................... 5
1.1.1.2 ....................................................................................... 6
1.1.1.3 MFP....................................................................... 8
1.1.1.4 2-7 IPSIDS .............................. 8
1.1.1.5 AP .. 11
1.1.1.6 NAC ........................................................................ 13
1.1.1.7 Mesh ....................................................................... 14
1.1.1.8 CCKM ................................................. 14
1.1.1.9 ......................................................................................... 14
1.1.1.10 ....................................................................................... 16
1.1.1
802.11
802.11WLAN
802.11
802.1x/EAP802.11iWPA/WPA2 802.11w
Cisco 802.1x/EAP
WLAN WLAN
WLAN
WLAN
WLAN
AP
AP
/ AP
802.11w
802.11w
CCX MFP
Mesh 802.11a Backhaul
11a
WEPTKIPAES
MFP
2-7 IPSIDS
AP
NAC
Mesh
CCKM
Cisco
Security
Agent
Public
Untrusted
Secure Wireless Solution Architecture

Endpoint Protection
Host intrusion prevention
Endpoint malware mitigation
Internet
ASA 5500 w/
IPS Module
NAC
Manager
Traffic and Access Control

WCS
Enterprise
CSA
Server
Wireless
Trusted
Wired
Guest Anchor
Controller
NAC
Appliance
CS-MARS
Device posture assessment

Dynamic, role-based network access
and managed connectivity
WLAN threat mitigation with IPS/IDS
WLAN Security Fundamentals

802.1X
SSC
WPA2
MFP
Guest
Strong user authentication

Strong transport encryption
RF Monitoring
Secure Guest Access
1.1.1.1
WLAN 802.1X-EAPTKIP
AES
IV
AirSnort
LEAPEAP
FASTEAP-TLS
PEAP
WEP
WEP
LEAPEAP-FAST
EAP-TLS PEAP
TKIP/MICAES
TKIP/AES
TKIP WEP 1 WEP
(MIC) 2 WEP

MIC 802.11 Integrity check function (ICV)
MIC AP
MIC MIC
WEP WEP
802.1X WEP
802.11i WEP WEP
Cisco WLAN
AES TKIP WEP RC4 AES

TKIP WEPAES
2 120 AES
AES
WEP AES AES

128192 256 AES 128 WPA2/802.11i
128 WAP2/802.11i AES WPA2/802.11i
10
AES Counter-Mode/CBC-Mac (CCM)
CCM Counter CTR AES AES
CBC-MAC CTR CBC-MAC
NIST 800-38CIETF RFC-3610
CCM 48 IV TKIP AES IV WEP
CCM IV
IV 48 IV
WEP TKIP RC4 RC4

TKIP TKIP
WEP
AES
AES AES
AES AES
1.1.1.2
X.509
Campus Network
AAA/DHCP
Authorized
Users/Devices
AP -AP 802.1x
AP 802.1x
AP 802.1x AAA
AP AP
1.1.1.3 MFP
AP
MIC
MFP AP
MFP
MFP Protected
MFP Protected
FUTURE- CCXv5
1.1.1.4 2-7 IPSIDS

2
WIDS
IP
Web
2 IPS 7 IPS
27 2-7 IDS
IDS 2-7
IDS IDS
IDS 6500 IDS

IDS 2-7
IDS
AP/Mesh
L2 IDS
Controller
Client shun
L3-7 IDS
Wired IDS
1.1.1.5 AP
APAd-Hoc
AP APAd-Hoc
Network
Core
Si
Si
NMS
Si
Wireless Control
System (WCS)
Distribution
Wireless
LAN
Controller
Access
Auto-RRM
RLDP
ARP Sniffing
Rogue
AP
Rogue
AP
Rogue
Detector
Rogue
AP
AP
1. AP
()
2. AP
( ...)
3. AP
4.
AP
AP AP
AP AP
AP AP
AP AP
AP Monitor
AP AP+Monitor AP
AP AP
AP AP
AP AP
AP
AP AP
WCS
Rogue AP
L2 Switched Network
AP AP
AP
AP
AP
1.1.1.6 NAC
NAC
Radius
1.1.1.7 Mesh
Mesh Mesh
Mesh
AES
AES Mesh
1.1.1.8 CCKM
CCKM (Cisco Centralized Key Management)
1.1.1.9
Internet
Corporate
Network
DMZ
Isolated
Guest
Traffic
802.1Q
Trunk
Guest
SSID
Corporate
SSID
Corporate
SSID
Guest
SSID
DMZ
Guest Traffic
tunneled to DMZ
via Ethernet over
IP Tunnel
Corporate
SSID
Guest
SSID
Internet
Corporate
Network
Corporate
SSID
Guest
SSID
DMZ
1.1.1.10
Log

WLAN Security

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

WLAN Security

Uploaded by

Copyright:

Available Formats

Version 1

WLAN&3G Product Team

Secure Wireless Solution Architecture

Traffic and Access Control

Device posture assessment

WLAN Security Fundamentals

Strong user authentication

AES TKIP WEP RC4 AES

WEP AES AES

WEP TKIP RC4 RC4

1.1.1.4 2-7 IPSIDS

IDS 6500 IDS

CCKM (Cisco Centralized Key Management)

You might also like