Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1053
Views
0
Helpful
8
Replies

Wireless is only secure using VPN client on PC?

patrick.hurley
Level 3
Level 3

‎10-05-2001 08:16 PM - edited ‎07-05-2021 12:04 PM

I have heard that Cisco is telling its customers that because of the security issues associated with wireless that if they really want to be secure they need to use VPN client software and concentrators. That means putting all of the wireless access points in a vlan that is in the same subnet as the public interface of the VPN concentrator and using the VPN client to access the private interfaces subnets. Is this the short term strategy? Is the long term strategy to have IPSec be part of the wireless system?

Labels:
0 Helpful
8 Replies 8

william.ong
Level 1
Level 1

‎10-08-2001 05:09 AM

One "better than average" WLAN security technique is to use dynamic WEP key generation by using EAP. This can be done by installing Cisco Secure ACS server and enable EAP on the AP and client. This will generate dynamic WEP key to encrypt the session between the client and AP. This is pretty much like using VPN since all packets are encrypted but without the more robust and complexity of PKI and IPSec.

0 Helpful

patrick.hurley
Level 3
Level 3
In response to william.ong

‎10-08-2001 09:45 AM

I have heard that there are security issues associated even with this more robust technique. What have you heard?

0 Helpful

ksatam
Level 1
Level 1
In response to patrick.hurley

‎10-26-2001 07:44 AM

The advantage of VPN is to mix and match multi-vendor AP and cards. If you environment is pure CISCO and do not expect users to get their own cards, then LEAP with 128-bit WEP should be sufficient.

0 Helpful

kureshi.s
Level 1
Level 1
In response to ksatam

‎10-29-2001 12:02 AM

VPN may be the best solution to go today as with LEAP/Cisco Secure with dynamic WEP key, there are still possibilities to hack the keys in an 90 minutes interval time today.

0 Helpful

l.crowder
Level 1
Level 1
In response to kureshi.s

‎10-30-2001 02:46 PM

This is depressing as I just spent much time researching the security of Leap/Cisco Secure w/dynamic WEP. What is used to hack it within 90 minutes? My lastest search was targeted at Airsnort?

Thanks

0 Helpful

khauglan
Level 1
Level 1
In response to l.crowder

‎10-31-2001 12:20 PM

We are using LEAP with dynamic WEP. I set my ACS server to re-authenticate users at 10 minute intervals. This generates a new dynamic WEP key for each user. Even if someone is able to capture enough packets (1,000,000), from 1 user in this 10 minute period, the dynamic WEP key is already invalid by the time they can use it.

0 Helpful

l.crowder
Level 1
Level 1
In response to khauglan

‎10-31-2001 01:22 PM

Ah yes,I know this. I think I was reading into the question. I was reading WEP but thinking the CRC-32 Checksum vulnerability. I guess this is why the questioned wasn't answered on the Web cast this morning. I was asking the wrong question.

Thanks

0 Helpful

michael.arthur
Level 1
Level 1

‎11-04-2001 04:47 AM

You don't need to put all the AP's on the same VLAN. Put an inbound ACL on the router i/f that only permits traffic from to the IP address of the public i/f on the VPN concentrator(s). Also, use an IP-Helper statement on the router i/f to point users on that wireless network to a DHCP server. The user will then be forced to establish a VPN session in order to access network resources. This option is also pretty darn scalable because you can use a similar ACL on any other wireless subnet in your company.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card