Help with security on two 1300's

laneclark · ‎06-20-2005

I have two 1300's pointed at each other. I one as the root and the other as the non-root. They are moving traffic fine. Now what is the best way to secure the data passing over this link? Can I use WPA or is mac authentication fine?

smalkeric · ‎06-24-2005

The Cisco Aironet 1300 Series supports the Cisco Wireless Security Suite, including support for Wi-Fi Protected Access (WPA) 802.1x mutual authentication with Cisco Extensible Authentication Protocol (LEAP), strong encryption with Temporal Key Integrity Protocol (TKIP), and Message Integrity Check (MIC) support. At FCS, the hardware will be Advanced Encryption Standard (AES)-capable and will only require a future software upgrade to support AES.

http://www.cisco.com/en/US/products/ps5861/products_qanda_item0900aecd801e3e59.shtml

scottmac · ‎06-25-2005

Use WPA. MAC filtering is very easy to defeat (by spoofing the MAC address). MAC filtering does not encrypt the traffic.

If you use WPA-PSK (pre-shared Key), use a strong key.

A strong key uses a combination of letters (uppear and lower case), numbers, and some punctuation. The idea is reduce the chances of a successful "dictionary" attack - break up words with numbers and punctuation: Instead of "I Like Cisco" you might use something like "I-LiKe_Ci3sc0!!"

Some people like to use a randomly generated strings. Either way, it forces the attacker to have to "brute force" the attacks where they have to match every possible combination of letters, numbers, and punctuation in your key (still possible, so longer keys are better than shorter keys).

Good Luck

Scott