Operating System Software - Cisco SD2008T-NA Configuration Manual

Operating System Security
Operating System Security
Operating system security bundles Layer 1, Layer 2, and Layer 3 security components into a simple,
Cisco WLAN Solution-wide policy manager that creates independent security policies for each of up to
16 wireless LANs. (Refer to the
The 802.11 Static WEP weaknesses can be overcome using robust industry-standard security solutions,
such as:
•
•
•
•
•
•
The WEP problem can be further solved using industry-standard Layer 3 security solutions, such as:
•
•
•
•
These and other security features use industry-standard authorization and authentication methods to
ensure the highest possible security for your business-critical wireless LAN traffic.
Cisco WLAN Solution Wired Security
Many traditional access point vendors concentrate on security for the Wireless interface similar to that
described in the
LAN Controller Service Interfaces, Cisco Wireless LAN Controller to access point, and inter-Cisco
Wireless LAN Controller communications during device servicing and client roaming, the operating
system includes built-in security.
Each Cisco Wireless LAN Controller and Cisco 1000 series lightweight access point is manufactured
with a unique, signed X.509 certificate. These signed certificates are used to verify downloaded code
before it is loaded, ensuring that hackers do not download malicious code into any Cisco Wireless LAN
Controller or Cisco 1000 series lightweight access point.
Cisco Wireless LAN Controller Configuration Guide
1-6
802.1X dynamic keys with extensible authentication protocol (EAP).
Wi-Fi protected access (WPA) dynamic keys. The Cisco WLAN Solution WPA implementation
includes:
– Temporal key integrity protocol (TKIP) + message integrity code checksum (Michael) dynamic
keys, or
WEP keys, with or without Pre-Shared key Passphrase.
–
RSN with or without Pre-Shared key.
Cranite FIPS140-2 compliant passthrough.
Fortress FIPS140-2 compliant passthrough.
Optional MAC Filtering.
Passthrough VPNs
The Cisco Wireless LAN Solution supports local and RADIUS MAC Address filtering.
The Cisco Wireless LAN Solution supports local and RADIUS user/password authentication.
The Cisco Wireless LAN Solution also uses manual and automated Disabling to block access to
network services. In manual Disabling, the operator blocks access using client MAC addresses. In
automated Disabling, which is always active, the operating system software automatically blocks
access to network services for an operator-defined period of time when a client fails to authenticate
for a fixed number of consecutive attempts. This can be used to deter brute-force login attacks.
"Operating System Security" section on page
"Cisco UWN Solution WLANs" section on page
Chapter 1
1-12.)
1-6. However, for secure Cisco Wireless
Overview
OL-9141-03