Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
709
Views
0
Helpful
5
Replies

Wireless Security recommendations

rbinc
Level 1
Level 1

‎05-25-2004 08:43 AM - edited ‎07-04-2021 09:39 AM

Hi All.

Just bought the Cisco 1100 and configuring security device. I am wondering if anyone can recommend a security that is the most secure in a business environment? IE: Cipher - tkip, etc.

I currently do not have a radius server but welcome suggestions on that as well.

Thanks in advance!

J

Labels:
0 Helpful
5 Replies 5

minie
Level 4
Level 4

‎05-25-2004 07:00 PM

There are several white papers talking about wireless security.

WPA's TKIP+MIC is secure enough in most business enviornment and it does not require radius server. If you would like to be more secure, go with LEAP. LEAP is a very secure wireless solution. The only problem with it is it's vulnerable to dictionary attack. But a strong password policy will avoid it.

http://www.cisco.com/en/US/partner/products/hw/wireless/ps430/prod_white_papers_list.html

0 Helpful

rbinc
Level 1
Level 1
In response to minie

‎05-26-2004 05:36 AM

So, with this device should i set wep encryption with MIC enabled or should I change the cipher to tkip?

0 Helpful

plemieux72
Level 1
Level 1
In response to rbinc

‎05-26-2004 12:59 PM

There is no reason to use WEP. I would suggest WPA and LEAP... that is until the 802.11i standard gets ratified and Cisco implements it into a new IOS release.

With WPA and LEAP together, you must use TKIP and a RADIUS implementation. Either use an ACS server or the local RADIUS implementation in the AP. This would one of the most secure configuration right now as it does not suffer from WEP vulnerabilities.

0 Helpful

jlacis
Level 1
Level 1

‎05-27-2004 12:22 AM

I would suggest to consider running VPN (3DES, AES) above the WLAN connection.

0 Helpful

robertcrabbe
Level 1
Level 1

‎06-22-2004 03:57 PM

If you have a ACS/RADIUS server and all your clients are Windows XP, I would consider PEAP authentication with WPA and TKIP.

Windows XP clients support WPA, provided the WPA patch has been applied and your network drivers are fairly recent. Windows 2000 clients don't support WPA and TKIP. Microsoft hasn't released a supplicant for Windows 2000.

Once it is released, Windows XP SP 2 will have added support for WPA and 802.1x beyond what the WPA patch offers.

With regard to the local RADIUS server and EAP for Aironet, only LEAP authentication is supported. Not all adapters support LEAP and the Windows XP supplicant doesn't support LEAP.

If you have a small network, you can use WPA-PSK, or Wi-Fi Protected Access Pre Shared Key. Againt, all the supplicants have to be Windows XP because 2000 doesn't support WPA-PSK. You could configure several VLANs, some with WEP, and some with WPA-PSK.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card