SAFE: Wireless LAN Security in Depth. Table Of Contents. White Paper. Authors. Abstract. Audience. Caveats. Architecture Overview. Design Fundamentals. SAFE WLAN Axioms.
Wireless Networks Are Targets. Wireless Networks Are Weapons 8.
- AC Published: December 2006.
- AA Published May 2007.
- Vodafone MachineLink 3G Router - Technical Specifications Processor and storage. Powerful 450MHz ARM9 processor with 64MB DDR2 RAM; 256MB flash memory storage (120MB.
- Enable SSH and remove Telnet on a 3COM 4200G Switch Script. As any security nut knows, telnet is bad, I mean really bad. Why would you want to send unencrpyted clear.
Is Insecure. Security Extensions Are Required. Cisco LEAPEAP- TLSPEAPNetwork Availability Impacts Wireless.
WLAN User Differentiation. Design Approach. Standard WLAN Design Guidelines. Standard EAP with TKIP WLAN Design. EAP with TKIP Design Guidelines. Standard VPN WLAN Design. Standard VPN WLAN Design Guidelines. Large- Enterprise WLAN Design Design Guidelines.
Design Guidelines. Medium WLAN Design. Design Guidelines. Small WLAN Design. Design Guidelines. Remote WLAN Design.
Software VPN Remote WLAN Design. Hardware VPN Remote WLAN Design. Appendix A: Validation Lab.
3Com Switch 4200G Family 5 Command Reference cd Use the cd command to enter a specified directory on the Ethernet switch. User view cd Use the cd command to change. ABOUT THIS GUIDE This guide provides all the information you need to install and use a SuperStack. This guide is intended for use. Not the product you are looking for? If you cannot find your product on this site, go to HP Support Center - Hewlett Packard Enterprise. View and Download 3com Switch 4800G 24-Port configuration manual online. 3Com Switch 4800G Family. Switch 4800G 24-Port Switch pdf manual download.
Overall Guidelines. SAFE WLAN Standard Configuration for Access Points. VPN Access Point.
SAFE Wireless LAN Standard Configuration for Clients Large- Enterprise Design Module Configurations. Medium Network Configurations Small and Remote Office Configurations. Appendix B: Wireless Security Primer. The Need for Wireless. Types of Wireless Technology. Wireless Technology.
Wireless LAN Radio Frequency Methods. Wireless Security.
Appendix C—Rogue Access Point Additional Information. Create a Corporate WLAN Policy. Physical Security. Provide a Supported WLAN Infrastructure. Using IEEE 8. 02. X Using Layer 2 or 3 Switch Filters Limitations of Using Filters to Prevent Rogue Access Points from Connecting to the Enterprise Network. Detecting Rogue Access Points.
Detecting Rogue Access Points Wirelessly. Detecting Rogue Access Points from the Wired Network Using MAC Addresses Using Operating System Fingerprinting Using SNMP Detecting Rogue Access Points Physically. Wireless Analyzers. Known Access Point MAC Addresses. Appendix D—Network Availability. Dynamic Host Configuration Protocol.
RADIUSIP Security Protocol References. Cisco SAFE White Papers.
Partner Product References. Acknowledgments. Cisco SAFE: Wireless LAN Security in Depth. Sean Convery (CCIE #4.
Darrin Miller (CCIE #6. Sri Sundaralingam are the primary authors of this white paper. Mark Doering, Pej Roshan, Stacey Albert, Bruce Mc. Murdo, and Jason Halpern provided significant contributions to this paper and are the lead architects of Cisco's reference implementation in San Jose, California, USA.
All are network architects who focus on wireless LAN, VPN, or security issues. All SAFE white papers are available at the SAFE Web site. These documents were written to provide best- practice information on network security and virtual- private- network (VPN) designs. Although you can read this document without having read either of the two primary security design documents, it is recommended that you read either . SAFE represents a system- based approach to security and VPN design. This type of approach focuses on overall design goals and translates those goals into specific configurations and topologies.
In the context of wireless, Cisco recommends that you also consider network design elements such as mobility and quality of service (Qo. S) when deciding on an overall WLAN design.
SAFE is based on Cisco products and those of its partners. Because this document revolves around two principal design variations, these designs are described first in a generic sense, and then are applied to SAFE. The following designs are covered in detail.
The concept of modules is addressed in the SAFE security white papers. Appendix B is a primer on WLAN. If you are unfamiliar with basic WLAN concepts, you should read this section before the rest of the document. Appendix C provides more details on rogue access point detection and prevention techniques. Finally, Appendix D discusses high availability design criteria for services such as RADIUS and DHCP in order to secure WLANs. A network manager, for example, can read the introductory sections in each area to obtain a good overview of security design strategies and consideration for WLAN networks. A network engineer or designer can read this document in its entirety and gain design information and threat analysis details, which are supported by actual configuration snapshots for the devices involved.
Because this document covers a wide range of WLAN deployments, it may be helpful to read the introductory sections of the paper first and then skip right to the type of WLAN you are interested in deploying. Cisco Systems does not recommend deploying WLANs—or any networking technology—without an associated security policy. Although network security fundamentals are mentioned in this document, they are not described in detail. Security within this document is always mentioned as it pertains to WLANs.
Following the guidelines in this document does not guarantee a secure WLAN environment, nor does it guarantee that you will prevent all penetrations. By following the guidelines, you will mitigate WLAN security risks as much as possible. In particular, the document does not address wireless bridges, personal digital assistants (PDAs), or non- 8. WLAN technology. In addition, it does not provide specific best practices on general WLAN deployment and design issues that are not security related. Specific configuration snapshots from the lab are included in Appendix A, .
Implementation decisions varied, depending on the network functionality required. However, the following design objectives, listed in order of priority, guided the decision- making process. As a connectivity option, WLAN access must adhere to an organization's security policy as closely as possible. In addition, it must provide this access as securely as possible while recognizing the need to maintain as many of the characteristics of a traditional wired LAN as possible. Finally, WLANs must integrate with existing network designs based on the SAFE security architecture. Organizations today are deploying wireless technology at a rapid rate, often without considering all security aspects.
This rapid deployment is due, in part, to the low cost of the devices, ease of deployment, and the large productivity gains. Because WLAN devices ship with all security features disabled, increasing WLAN deployments have attracted the attention of the hacker community. Several Web sites document freely available wireless connections throughout the United States.
Unlike a wired network, a WLAN sends data over the air and may be accessible outside the physical boundary of an organization. When WLAN data is not encrypted, the packets can be viewed by anyone within radio frequency range. For example, a person with a Linux laptop, a WLAN adapter, and a program such as TCPDUMP can receive, view, and store all packets circulating on a given WLAN.
A simple jamming transmitter can make communications impossible. For example, consistently hammering an access point with access requests, whether successful or not, will eventually exhaust its available radio frequency spectrum and knock it off the network. Other wireless services in the same frequency range as a WLAN can reduce the range and usable bandwidth of the WLAN. Some WLANs require that the cards be registered before the wireless services can be used. The access point then identifies the card by the user, but this scenario is complex because every access point needs to have access to this list. Even if it were implemented, it cannot account for hackers who use WLAN cards that can be loaded with firmware that does not use the built- in MAC address, but a randomly chosen, or deliberately spoofed, address. Using this spoofed address, a hacker can attempt to inject network traffic or spoof legitimate users.
You can, however, deploy WLAN technology in a way that forms an independent peer- to- peer network, which is more commonly called an ad hoc WLAN. In an ad hoc WLAN, laptop or desktop computers that are equipped with compatible WLAN adapters and are within range of one another can share files directly, without the use of an access point. The range varies, depending on the type of WLAN system. Laptop and desktop computers equipped with 8. WLAN cards can create ad hoc networks if they are within at least 5.
Many wireless cards, including some shipped as a default item by PC manufacturers, support ad hoc mode. When adapters use ad hoc mode, any hacker with an adapter configured for ad hoc mode and using the same settings as the other adapters may gain unauthorized access to clients. Without authenticating these management messages, denial- of- service (Do. S) attacks are possible. An example of this type of Do. S attack has been demonstrated with open source tools such as wlan- jack.
Most rogue access points are installed by employees for which IT is not providing WLAN access. A typical rogue access point, then, is an inexpensive one that an employee purchases and installs by plugging it into an available switch port, often with no security measures enabled. A hacker, even one outside the physical boundaries of an organization's facilities, can gain access to the trusted network simply by associating with a rogue access point. Another type of rogue access point is one that masquerades as a trusted access point and tricks WLAN users into associating with it, thereby enabling a hacker to manipulate wireless frames as they cross the access point. The following components are required in order to mitigate the threat of rogue access points. A detailed discussion of these points can be found in Appendix C, . Traditional 8. 02.
WLAN security includes the use of open or shared- key authentication and static wired equivalent privacy (WEP) keys. This combination offers a rudimentary level of access control and privacy, but each element can be compromised. The following sections describe these elements and the challenges of their use in enterprise environments.
Open authentication involves little more than supplying the correct service set ID (SSID).