Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1491
Views
12
Helpful
8
Replies

Wireless Security

Go to solution
Zohaib Khan
Level 1
Level 1

‎11-24-2013 01:36 AM - edited ‎07-04-2021 01:19 AM

Hi All,

I want a solution to scure my wireless Network any suggestion. Enabling WPA2 is not much scure anyone with little effort can break it I need most scure solution to protect Wireless LAN and please mention how much suggested solution is scure.

I am going for 802.1x but dont know how much scure it is

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎11-26-2013 03:57 AM

Any 802.1x is better than preshared key. Like George explained, if you have a PKI infrastructure, then EAP-TLS is the way to go. All 802.1x requires the use of a radius server and if your a Microsoft shop, then depending on the version of server you bring up, you can use Microsoft IAS or NPS as a radius server. For Cisco, you can use ACS for radius or if you want more features like profiling, you can look into Cisco's ISE. Many of these tie into active directory so if you don't have a PKI infrastructure, you can still use 802.1x with PEAP or even machine authentication if your devices are all joined to your domain.

Depending in what you choose, you should be able to search the web and find many various examples of how to setup the 802.1x you choose.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

8 Replies 8

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎11-24-2013 04:17 AM

HI Zohaib,

1. WPA2 with AES is the very secure way to protect WLAN.(Its very hard to brake this).- If u r using Pre shared key

2. You can use AAA method(Supplicant, Authenticator, Auth. server) - If u r using RADIUS server

EAP-TLS : both side u need certificate(Client and server side)

Regards

Go to solution
Zohaib Khan
Level 1
Level 1
In response to Sandeep Choudhary

‎11-26-2013 02:10 AM

Thanks Sandeep for yor response. I am going for cisco secure ACS can any one guide me about that, its will good choice for security

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to Zohaib Khan

‎11-26-2013 02:44 AM

Hi ,
I don't know what exactly ur requirements are. But still I will suggest u to check cisco ISE.

ISE is a policy management and control platform for wired/ wireless and VPN. It support guest access, BYOD and secure access.

Please check this and make ur decision accordingly.

Regards
Don't forget to rate helpful post.

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
rizaldiiii
Level 1
Level 1
In response to Sandeep Choudhary

‎11-26-2013 02:51 AM

Hi, as i know, hacker can break EAP-TLS, they can decrypt the certificate then spoof network.

i've ever read hackin9 magazine, in the magazine, they explain how to break the certificate.. i forgot the volume of magazine

i think you can use second option, use the AAA method (radius server) more secure than PSK

0 Helpful

Go to solution
Jeff Van Houten
Level 5
Level 5

‎11-24-2013 12:59 PM

How about eap-tls for authentication under wpa2 encryption. Then the only thing to connect to would be a VPN device forcing users to establish a connection using a different out-of-band authentication mechanism (phone factor??). I could go on all day but my fingers are tired.

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
Abha Jha
Cisco Employee
Cisco Employee

‎11-25-2013 01:23 PM

Hi,

If you have a radius server then its better to go for EAP-TLS or EAP-TTLS but do remember you will be needing certificate authentication for this.

But this is highly secure than any Pre shared KEY authentication.

0 Helpful

Go to solution
George Stefanick
VIP Alumni
VIP Alumni
In response to Abha Jha

‎11-25-2013 03:26 PM

Eap-TLS is the highest standard of authentication and when used with aes encryption is most secure. It involves the use of a PKI with client and server side certificates.

Eap-TTLS is really no different than Eap-PEAP. The difference between them is that TTLS allows for more internal protocols ..

Sent from Cisco Technical Support iPad App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎11-26-2013 03:57 AM

Any 802.1x is better than preshared key. Like George explained, if you have a PKI infrastructure, then EAP-TLS is the way to go. All 802.1x requires the use of a radius server and if your a Microsoft shop, then depending on the version of server you bring up, you can use Microsoft IAS or NPS as a radius server. For Cisco, you can use ACS for radius or if you want more features like profiling, you can look into Cisco's ISE. Many of these tie into active directory so if you don't have a PKI infrastructure, you can still use 802.1x with PEAP or even machine authentication if your devices are all joined to your domain.

Depending in what you choose, you should be able to search the web and find many various examples of how to setup the 802.1x you choose.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card