1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID CISCO STRUCTURED WIRELESS- AWARE NETWORK A SOLUTIONS APPROACH TO WLAN.

Slides:



Advertisements
Similar presentations
Wireless Technology.
Advertisements

Agenda Product Overview Hardware Interfaces Software Features
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
USRobotics Professional Access Point  Yosi Rafael.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0— © 2003, Cisco Systems, Inc. All rights reserved.
Allied Telesyn Wireless LAN Solutions AT-WL2411 Access Point AT-WR2411 Wireless LAN PCMCIA Card.
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID Cisco Unified Wireless Network Webinar Commercial WLAN.
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN Configuring Cisco WLAN Clients BCMSN Module 6 Lesson 4.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN Configuring Wireless LANs BCMSN Module 6 Lesson 6.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—8-1 Security Olga Torstensson Halmstad University.
Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
D-Link Unified Access Point
Wi-Fi the Standard and Security. What is Wi-Fi? Short for wireless fidelity. It is a wireless technology that uses radio frequency to transmit.
Company LOGO WIRELESS DEPLOYMENT A successful solution to Campuswide role-based secure Wi-Fi deployment Andrea Di Fabio – Information Security Officer.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.
1 © 2004 Cisco Systems, Inc. All rights reserved. In-Building Wireless Conference – Feb.’04 “DUAL-MODE” WIRELESS TELEPHONY: THE CONVERGENCE OF VoIP + WI-FI.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
VPN Wireless Security at Penn State Rich Cropp Senior Systems Engineer Information Technology Services The Pennsylvania State University © All rights.
195Eg Ethernet Wired LAN 195Eg. Wireless Ethernet Setting IP Address Using Utility Programs Begin Programming Definition Selection Programming Modes of.
Agenda 10:00 11:00 Securing wireless networks 11:00 11:15 Break 11:15 12:00Patch Management in the Enterprise 12:00 1:00 Lunch 1:00 2:30 Network Isolation.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.
Wireless Security Techniques: An Overview Bhagyavati Wayne C. Summers Anthony DeJoie Columbus State University Columbus State University Telcordia Technologies,
Michal Rapco 05, 2005 Security issues in Wireless LANs.
Wireless Infrastructures Wireless. Wireless Infrastructures Wireless LAN Predominantly IEEE A, B, G, N Wireless MAN WiMax and its.
Dartmouth’s Wireless Network May 16, 2005 David W. Bourque.
High Performance, Easy to Deploy Wireless. Agenda Foundry Key Differentiators Business Value Product Overview Questions.
WIRELESS LAN SECURITY Using
Wireless Networking.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Mobile Business Solutions From Cisco and Nokia SE Presentation Mike.
QoS and Security Decisions in WiFi Telephony Jonathan Zarkower Director – Product Management The Intelligent Wireless Networking Choice.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Wireless LANs Configuring Cisco WLAN Clients. Cisco a/b/g WLAN Client Adapters a/b/g dual-band client adapters Supports all three current.
Center of Excellence Wireless and Information Technology CEWIT 2003 Keys To Secure Your Wireless Enterprise Toby Weiss SVP, eTrust Computer Associates.
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Wireless standards Unit objective Compare and contrast different wireless standards Install and configure a wireless network Implement appropriate wireless.
Securing your wireless LAN Paul DeBeasi VP Marketing
© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.
1 © 2004 Cisco Systems, Inc. All rights reserved. Rich Gore Case Study: Cisco Global Wireless LAN Software Migration Cisco Information.
© 2009 Cisco Systems, Inc. All rights reserved. UC500 Integration with Telrex Call Recording Server (CallRex) Cisco Small Business Communications System.
Wireless Hotspots: Current Challenges and Future Directions CNLAB at KAIST Presented by An Dong-hyeok Mobile Networks and Applications 2005.
Wireless Network Security Presented by: Prabhakaran Theertharaman.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
SECURE WIRELESS NETWORK IN IŞIK UNIVERSITY ŞİLE CAMPUS.
Wireless? A wireless LAN or WLAN is a wireless local area network that uses radio waves as its carrier. The last link with the users is wireless, to give.
WLAN Security Condensed Version. First generation wireless security Many WLANs used the Service Set Identifier (SSID) as a basic form of security. Some.
Cisco Aironet 350 Series: The Right Choice for the Enterprise.
IS3220 Information Technology Infrastructure Security
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Wireless Security.
Model: DS-600 5x 10/100/1000Mbps Ethernet Port Centralized WLAN management and Access Point Discovery Manages up to 50 APs with access setting control.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.
PRESENTED BY MUHAMMAD ZAMIR BIN ROSLAN. What Is a Wireless Gateway?  The wireless gateway is a device that allows a computer and other Internet-enabled.
PRESENTED BY MUHAMMAD ZAMIR BIN ROSLAN. Gateway for home Universal Dual Band WiFi Range Extender, 4-port WiFi Adapter (WN2500RP) UNIVERSAL WIFI.
 Two wireless gateways for home use that I choose are : - Linksys Wireless-G ADSL Home Gateway WAG354G - WAG160N Wireless-N ADSL2+ Gateway  The wireless.
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0— © 2003, Cisco Systems, Inc. All rights reserved.
Wireless Security - Encryption Joel Jaeggli For AIT Wireless and Security Workshop.
Case Study: Cisco Global Wireless LAN Software Migration
Chapter 4: Wireless LANs
On and Off Premise Secure Access
© 2003, Cisco Systems, Inc. All rights reserved.
Wireless LAN Security 4.3 Wireless LAN Security.
LM 5. Wireless Network Security
Presentation transcript:

1 © 2003 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID CISCO STRUCTURED WIRELESS- AWARE NETWORK A SOLUTIONS APPROACH TO WLAN KOEN JACOBS – SYSTEMS ENGINEER –

222 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID CISCO WLAN EXTENDS THE MULTISERVICE NETWORK 222 © 2003, Cisco Systems, Inc. All rights reserved. Presentation_ID

333 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Bringing Intelligent Services to WLAN Security QoS VLANs … interface Dot11Radio0 no ip address no ip route-cache encryption key 1 size 40bit F25A0AB8 transmit-key encryption mode wep mandatory ! ssid tsunami authentication open guest-mode ! End-to-End IOS = End-to-End Intelligence!

444 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Security in WLANs Still the number 1 concern! Wardriving & Warchalking Getting a lot of press Still many poorly protected WLANs SSID != Security MAC Filters Standard WEP Credit: KNTV San Jose

555 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Wireless Security Suite Security in the Enterprise No WEP and Broadcast Mode Public Access No Security Wi-Fi 40-bit, 128-bit, and Static WEP Telecommuter and Small Business Basic Security Dynamic Key Management System, Mutual Authentication, and 802.1x via EAP Mid-Market and Enterprise Enhanced Security

666 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Wireless Security Suite Wireless LAN Security consists of three components I.The Authentication Framework IEEE 802.1x authentication framework supports many authentication types & the link layer II.The Authentication Algorithm EAP Cisco Wireless (LEAP) and EAP-FAST support centralized, user-based authentication with the ability to generate dynamic WEP keys Idem for PEAP *, but also supports OTPs III.The Encryption Algorithm = WEP for Cisco was the first to augment WEP encryption through TKIP * (Temporal Key Integrity Protocol) - same functionality now part of WPA, under the name CKIP Message Integrity Check (MIC) mitigates man-in-the-middle attacks Per-Packet Keying mitigates WEP key derivation attacks e.g. AirSnort Broadcast Key Rotation * i draft

777 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Wireless Security Suite The Complete Picture – Cisco Compatible Extensions WPA Wi-Fi Protected Access CCX Cisco Compatible eXtensions CCX WPA CCX Built on Standards Optimized for Enterprise Broad Adoption Tested for Interoperability TKIP Temporal Key Integrity Protocol AES Advanced Encryption Standard 802.1X Authentication TKIP or AES Encryption

888 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID SSID: Voice VLAN: 3 SSID: Private VLAN: Q VLAN trunk to wired network SSID: Public VLAN: 2 Static VLAN mapping via SSID, or dynamic VLAN assignment via policy server (RADIUS) Up to 16 VLANs Each VLAN can e.g. have a different security policy, in- line with the user-profile Support for 802.1p/Q VLANs for end-to-end integration VLANs – Segmenting the WLAN Supports any CCX client!!

999 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Quality of Service Pre-standard implementation: downstream QoS Using EDCF – Enhanced Distributed Coordination Frame e will deliver upstream & downstream

10 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID CISCO SWAN © 2003, Cisco Systems, Inc. All rights reserved. Presentation_ID

11 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Providing Superior Wireless Security, Deployment, Management, and Mobility by INTEGRATING and EXTENDING Wireless Awareness into Key Elements of the Network Infrastructure - Servers, Switches, Routers, APs, and Clients 11 © 2003, Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Structured Wireless-Aware Network

12 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID 12 Cisco SWAN – Three Elements 3 Cisco switches and routers with wireless-aware Cisco IOS ® Software 1 WLSE 2.7 Aironet 1100/1200/1300 Radios: b/g/a Wi-Fi client adapters 802.1X AAA Server Fast Secure L3 Mobility Centralized Policies High Availability Expanded security options Granular Site Surveys Simplified Deployment/Mgmt Rogue AP Detection and Suppression2 Cisco Aironet clients Cisco Compatible (CCX) clients

13 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco SWAN Minimizes WLAN TCO Cisco warranties and support services; Cisco partnerships like CCX program Optimized deployment of high-performance APs: Assisted Site Survey, “live” RF* readings WPA for access control/authentication and data privacy, integrated WLAN IDS functionality, including rogue AP detection and suppression Support Deployment Security * RF = radio frequency = data transmissions in the air Automated operations of APs (configs, FW, etc.) and RF* (coverage, interference, etc.) Management Future switch/router enhancements for scalability, familiar interface, and fast secure L3 roaming Flexibility

14 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco SWAN Components WLSE Cisco Secure ACS Access Points WDS-mode Infrastructure-mode Client Cards Cisco Clients CCX v2

15 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Wireless Domain Services Provides centralized software services on behalf of a L2 subnet (WLAN clients and APs) Currently supported on AP 1100/1200 & Bridge/AP 1300 Catalyst 6500 WLSM – more switches/routers to follow Minimizes traffic across LAN/WAN WDS AP supports up to 30 infrastructure APs 60 infrastructure APs in dedicated mode Features that leverage WDS Fast Secure Roaming Radio Management/Monitoring - Rogue AP detection / Interference / … Local authentication

16 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID An Example – Rogue AP Detection Network Core Distribution Access WDS Rogue AP in coverage areas of trusted APs RM Rogue AP outside coverage areas of trusted APs

17 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID An Example – Rogue AP Detection Network Core Distribution Access Rogue AP RM-Agg RM WDS Rogue AP 1.Radio measurements (RMs) are sent to WDS 2.WDS aggregates and condenses RMs 3.WDS forwards RM aggregation to WLSE 4.WLSE generates reports, alerts, etc.

18 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Catalyst 6500 WLSM Wireless LAN Services Module Provide seamless layer 3 mobility across an entire campus No client hardware or software requirements Supports low latency roams for Voice Simplify Cisco SWAN deployment and configuration Reduce the number of Wireless Domain Services (WDS) needed Simplify Deployments No changes necessary to existing network infrastructure Provides a single interface per-SSID for the application of security and QoS policy

19 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Enterprise Campus Roaming and Aggregation Cisco SWAN enables Fast Secure Scalable Wireless Networking Single Point of Ingress/Egress Fast Secure Roaming Simple Configuration Non-Stop Forwarding / Stateful Switchover Scalability Integrated Security Services Seamless Layer 3 Roaming Across Subnets Existing Network CiscoWorks WLSE 2.7 Fast Secure Roaming Tunnels WDS

20 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID PSTN Voice Catalyst 6500 Series with WLSM VPN Services Firewall Core Intrusion Detection Firewall Internet Guests Guest Employee Phone WLAN traffic tunneled to mGRE interface Mobility Groups Enable Secure Segmentation

21 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Wireless LAN Solution Engine Key Features Turnkey operational tool for managing Cisco WLANs Manages up to 2500 Cisco APs and bridges, plus attached Cisco switches and routers and LEAP servers Template-based configuration of APs and bridges AP & bridge security misconfiguration detection and alerts Proactive fault and performance monitoring of APs, bridges Authentication server and attached switch/router monitoring AP/Bridge summary and utilization reports Current & historical client association tracking reports Upper-layer NMS/OSS integration via northbound trap, SYSLOG Secure HTML-based UI Role-based Access Control System & User Defined Device Grouping

22 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Managing the WLAN with WLSE Client Association Tracking and Reports Device Grouping LEAP Monitoring Fault/Performance Monitoring of APs & Bridges Template-based configuration of APs & Bridges Switch monitoring

23 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID CiscoWorks WLSE Rogue AP Detection Location Manager Assisted Site Survey

24 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID RM Example: Self Healing Radio Network Lost radio interface

25 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID CISCO AIRONET © 2003, Cisco Systems, Inc. All rights reserved. Presentation_ID

26 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Aironet 1200 Series Investment Protection and Future Proof Supports a/b/g IOS support 8MB of storage Performance & Flexibility Modularity In-line and regular power Unique security suite (LEAP, PEAP, …) Easy and integrated management Minimizes Total Cost of Ownership Plenum rated chassis Physical Security b/g a Dual- band

27 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Scalable Fully functional access point ideal for all enterprise deployments without expensive controllers b now – upgradeable to g Affordable Lowest priced upgradeable Cisco Aironet access point protects customer investment Enterprise-class features End-to-end intelligent networking extended to WLAN Secure Enterprise-class interoperable security for WLAN Easy-to-use Intuitive installation and set up for rapid deployment Cisco Aironet 1100 Series

28 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Multi Function Access Point Bridge Workgroup Bridge g 54 Mbps at 2.4 GHz Outdoor enclosure – IP56 Included in Cisco SWAN solution Aironet 1300 Outdoor AP/Bridge

29 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Wireless LAN Client Adapters a/b/g dual band client adapters 54 Mbps in 2.4 and 5 GHz bands b support provides investment protection CardBus and PCI form factors Windows XP/ a client adapters b client adapters PCMCIA and PCI form factors Broad OS support (MacOS, Linux, …) CCX-compliant adapters

30 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Compatible Extension Program Key Benefits Innovative Features Cisco Wireless Security Suite LEAP & pre-standard TKIP Cisco VLAN 40+ features in CCX v2.0 No cost licensing Innovative Features Cisco Wireless Security Suite LEAP & pre-standard TKIP Cisco VLAN 40+ features in CCX v2.0 No cost licensing Confidence to Deploy WLAN Tested Interoperability Leading security solution Ongoing feature development Wide variety of devices & OS’s Confidence to Deploy WLAN Tested Interoperability Leading security solution Ongoing feature development Wide variety of devices & OS’s Industry Standards Compliance Wi-Fi, WPA & Industry Standards Compliance Wi-Fi, WPA & Superset to industry standards Accelerate availability of enterprise features

31 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Compatible Extension Program Some of the partners… In total 95% of 3 rd party client NICs are covered!

32 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Cisco Wireless IP Phone 7920 Supports LEAP – Extending security to voice clients! IEEE b, Direct Sequence with Dynamic Rate Scaling at 1, 2, 5.5, 11 Mbps Pixel-based display 4 lines + soft keys + date/time/RF/battery + status indication High performance speaker supports CCM ring tones Visual message waiting, key lock, and vibration icon indicators Current HW version will go through 3 SW stages Automatic IEEE 802.1q (virtual LAN [VLAN]) configuration G.711a, G.711u, and G.729a audio-compression coder-decoders (codecs) SNMP manager DHCP or static configuration option Alternate TFTP support Range of accessories: cradle, casings, USB cable, … Features planned for future software release  XML services  Directory services (LDAP)  Extension mobility  WPA  Additional language support  450 character, two-way  Paging/messaging

33 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID Q and A 33 © 2003, Cisco Systems, Inc. All rights reserved. Presentation_ID

34 © 2003, Cisco Systems, Inc. All rights reserved. Presentation_ID

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.