RE: Securing a Aironet 350 [7:44152]
What is the best way to secure a Aironet 350 from hackers? ***Keep it unplugged. ***Seriously though, LEAP is a good option if you want ease of use and pretty good security. It can be brute-forced if there isn't a user lock-out policy though. (You also need a Cisco ACS server or LEAP-compatible RADIUS server available.) The Cisco safe whitepaper mentioned earlier is an excellent reference. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44295&t=44152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Securing a Aironet 350 [7:44152]
I think the only way to secure a wlan is to require vpn authentication through the bridge. (Which means some hand held clients would not be able to authenticate.) The client should have the vpn software loaded on their machine/laptop, connect to a bridge residing on a vlan that has no connectivty to anythign other than the vpn concentrator. Establish an authenticated session and then be allowed on the network. At this point your data is also encrypted in a means other than wep! my $.02 -Patrick >>> "C restion" 05/14/02 09:04AM >>> Btwthere's a great article on Wireless security on http://www.networkcomputing.com/1303/1303ws2.html This article also shows the importance of finding the right balance between risk assessment, cost and convenience. > Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. ("WellStar") and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44227&t=44152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Securing a Aironet 350 [7:44152]
True not everyone needs Fort Knox, but I just wanted make sure you didn't believe that WEP is secure. That's been my mantra the past month - to inform people to the dangers of relying on WEP. ""C restion"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Steven, > > Way off Hmmmthe only thing I indeed forgot to mention is the > directional antenna-danger, but to say I'm way off...that's a strong > statement. > > First of all let me clarify myself. My final comment, "Again, which solution > to go for depends on your security needs and how much you're willing to > spend." basically says it all. As much as we techies would love to be in the > ideal networking world where everything came free, this is NOT reality. > Networking is here to support business and not the other way around. > > If in this case the signal stays within the building and our friend is the > only one with a wireless card, basic WEP and access-control are all you > need. There is no business need or potential risk whatsoever to justify > purchasing expensive VPN-equipment. Again, you are right about the > directional antenna danger, but if the AP is placed on the 48th floor of a > building withouth any adjacent buildings even those won't help you too much. > > So you're right about WEP not being safe, I never claimed it to be safe. WEP > does exactly what it's designed to do, namely provide minimum level security > to get the efforts off getting on a Wireless network about as high as the > efforts to get on a wired network. The rule that additonal security is > required applies to both the wired as the wireless network. > > To summarise: ideally you would use all the security measures available to > secure your wireless network. In reality you decide what measures to take > based upon business needs (i.e. what costs are justifyable). > > Rgds, > R Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44221&t=44152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Securing a Aironet 350 [7:44152]
Btwthere's a great article on Wireless security on http://www.networkcomputing.com/1303/1303ws2.html This article also shows the importance of finding the right balance between risk assessment, cost and convenience. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44219&t=44152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Securing a Aironet 350 [7:44152]
Steven, Way off Hmmmthe only thing I indeed forgot to mention is the directional antenna-danger, but to say I'm way off...that's a strong statement. First of all let me clarify myself. My final comment, "Again, which solution to go for depends on your security needs and how much you're willing to spend." basically says it all. As much as we techies would love to be in the ideal networking world where everything came free, this is NOT reality. Networking is here to support business and not the other way around. If in this case the signal stays within the building and our friend is the only one with a wireless card, basic WEP and access-control are all you need. There is no business need or potential risk whatsoever to justify purchasing expensive VPN-equipment. Again, you are right about the directional antenna danger, but if the AP is placed on the 48th floor of a building withouth any adjacent buildings even those won't help you too much. So you're right about WEP not being safe, I never claimed it to be safe. WEP does exactly what it's designed to do, namely provide minimum level security to get the efforts off getting on a Wireless network about as high as the efforts to get on a wired network. The rule that additonal security is required applies to both the wired as the wireless network. To summarise: ideally you would use all the security measures available to secure your wireless network. In reality you decide what measures to take based upon business needs (i.e. what costs are justifyable). Rgds, R Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44214&t=44152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Securing a Aironet 350 [7:44152]
I don't usually contradict what somene says but when they're way off, I need to. First off; WEP IS UNSECURE! It dosen't matter if it's 64 or 128 bit, they ar both just as easy to hack (air snort). Second, MAC address security isn't secure, as you can spoof them. Third, even if you can't pick up signal outside a building with a regualr card or AP, you acn use a directional or Yagi antenna to get the signal. Physical secutity worked for switches because you could truly hide them behing locked doors. With wireless you can't do the same thing. You are correct with the VPN, as it's the most secure way to protect the airwaves for a PC. Other tactics are LEAP, and the soon to be released PEAP (one-time password authentication), 802.1x and the basic SAFE stuff, especially the wireless SAFE. -- RFC 1149 Compliant. Get in my head: http://sar.dynu.com ""C restion"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi Rich, > > First thing to do is to trace the signal. I.e. what are the physical limits > of the RF. Special wireless tools (like the Sniffer Wireless) are available > to help you with this, but the software delivered with your Aironet can tell > you a lot as well. > If the signal stays within the building, 128-bits WEP and an access-control > list (i.e. which MAC-addresses are allowed and which not) should be > sufficient. > If the signal spreads to for example the car-park, additional security > measures are advisable. Depending on how much you're willing to spend, > several options are available. A firewall behind the AP, VPN-tunnels, etc. > are all expensive, but secure solutions. Again, which solution to go for > depends on your security needs and how much you're willing to spend. > > Hth, > Remmert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44206&t=44152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Securing a Aironet 350 [7:44152]
Hi Rich, First thing to do is to trace the signal. I.e. what are the physical limits of the RF. Special wireless tools (like the Sniffer Wireless) are available to help you with this, but the software delivered with your Aironet can tell you a lot as well. If the signal stays within the building, 128-bits WEP and an access-control list (i.e. which MAC-addresses are allowed and which not) should be sufficient. If the signal spreads to for example the car-park, additional security measures are advisable. Depending on how much you're willing to spend, several options are available. A firewall behind the AP, VPN-tunnels, etc. are all expensive, but secure solutions. Again, which solution to go for depends on your security needs and how much you're willing to spend. Hth, Remmert Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44201&t=44152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Securing a Aironet 350 [7:44152]
Have a look at the following paper. http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safwl_wp.htm Tim CCIE 9015 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Johnson, Richard (NY Int) Sent: Tuesday, May 14, 2002 3:12 AM To: [EMAIL PROTECTED] Subject: Securing a Aironet 350 [7:44152] Hi there, What is the best way to secure a Aironet 350 from hackers? It is only local in my office. Thanks, Rich Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=44181&t=44152 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]