SELECT LEARNING_CENTER_DOCUMENT.DOC_ID, LEARNING_CENTER_DOCUMENT.TITLE, DATE_FORMAT(LEARNING_CENTER_DOCUMENT.PUBLICATION_DATE, '%M %e, %Y') PUBLICATION_DATE, LEARNING_CENTER_DOCUMENT_TYPE.DESCRIPTION DOC_TYPE, LEARNING_CENTER_DOCUMENT_FORMAT.DESCRIPTION DOC_FORMAT, LEARNING_CENTER_DOCUMENT.TYPE DOC_TYPE_ID, LEARNING_CENTER_DOCUMENT.URL, LEARNING_CENTER_DOCUMENT.ABSTRACT, LEARNING_CENTER_DOCUMENT.COMPANY, LEARNING_CENTER_DOCUMENT.COMPANY_URL, LEARNING_CENTER_DOCUMENT.PAGES, LEARNING_CENTER_DOCUMENT.SIZE, LEARNING_CENTER_DOCUMENT.VENDOR_REGISTRATION_REQUIRED, LEARNING_CENTER_DOCUMENT.AUTHORS, LEARNING_CENTER_DOCUMENT.COMPANY_LOGO, LEARNING_CENTER_COMPANY_LOGO.IMAGE_PATH FROM LEARNING_CENTER_DOCUMENT LEFT JOIN LEARNING_CENTER_COMPANY_LOGO ON LEARNING_CENTER_DOCUMENT.COMPANY_LOGO = LEARNING_CENTER_COMPANY_LOGO.COMPANY_ID LEFT JOIN LEARNING_CENTER_DOCUMENT_TYPE ON LEARNING_CENTER_DOCUMENT.TYPE = LEARNING_CENTER_DOCUMENT_TYPE.TYPE LEFT JOIN LEARNING_CENTER_DOCUMENT_FORMAT ON LEARNING_CENTER_DOCUMENT.FORMAT = LEARNING_CENTER_DOCUMENT_FORMAT.TYPE WHERE DOC_ID = 'lFTla9Xo'

Cisco SAFE: Wireless LAN Security in Depth





Title:
Cisco SAFE: Wireless LAN Security in Depth
View this document 
Published: March 4, 2003
Published by: Cisco Systems, Inc.
View All Publisher's Documents 
Format: PDF
Type: White Paper
Length: 75 page(s)
Vendor
Registration:		 None

This paper provides best-practice information to interested parties for designing and implementing wireless LAN (WLAN) security in networks utilizing elements of the Cisco SAFE Blueprint for network security. All SAFE white papers are available at the SAFE Web site: http://www.cisco.com/go/safe

These documents were written to provide best-practice information on network security and virtual-private-network (VPN) designs. Although you can read this document without having read either of the two primary security design documents, it is recommended that you read either "SAFE Enterprise" or "SAFE Small, Midsize and Remote-User Networks" before continuing.

This paper frames the WLAN implementation within the context of the overall security design. SAFE represents a system-based approach to security and VPN design. This type of approach focuses on overall design goals and translates those goals into specific configurations and topologies. In the context of wireless, Cisco recommends that you also consider network design elements such as mobility and quality of service (QoS) when deciding on an overall WLAN design. SAFE is based on Cisco products and those of its partners.

This document begins with an overview of the architecture, and then details the specific designs under consideration. Because this document revolves around two principal design variations, these designs are described first in a generic sense, and then are applied to SAFE. The following designs are covered in detail:

  • Large-network WLAN design
  • Medium-network WLAN design
  • Small-network WLAN design
  • Remote-user WLAN design

Each design may have multiple modules that address different aspects of WLAN technology. The concept of modules is addressed in the SAFE security white papers.

Following the discussion of the specific designs, Appendix A details the validation lab for SAFE wireless and includes configuration snapshots. Appendix B is a primer on WLAN. If you are unfamiliar with basic WLAN concepts, you should read this section before the rest of the document. Appendix C provides more details on rogue access point detection and prevention techniques. Finally, Appendix D discusses high availability design criteria for services such as RADIUS and DHCP in order to secure WLANs.