Metro |
campus wireless accessEmergence utilizes the Cisco Aironet 1200 Series access points deliver the security, manageability, upgradability and reliability to create high-performance, enterprise-class wireless LANs. With simultaneous support for both 2.4 GHz and 5 GHz radios, the Cisco Aironet 1200 Series preserves existing IEEE 802.11b investments and provides a migration path to future IEEE 802.11a and IEEE 802.11g technologies. Its modular design supports single- and dual-band configuration, plus the field upgradability to change these configurations as requirements change and technologies evolve. Investment protection is further provided by large storage capacity and support for Cisco management tools, delivering the capacity and means to upgrade firmware and deliver new features as they become available. 802.11b SecurityThere have been a number of articles in the press lately exposing security flaws within the IEEE 802.11b protocol. At emergence, we take security seriously and we want you to know how we address these problems. The weaknesses have arisen from the use of the wired equivalent privacy (WEP) protocol, which has been historically difficult to maintain and support and has inevitably led to weaknesses that can be exploited. Overleaf we describe how we resolve these issues by using the Lightweight Extensible Authentication Protocol (LEAP) algorithm. Cisco has supported 802.1x authentication for 802.11 LANs since November 2000 with the introduction of the Lightweight Extensible Authentication Protocol (LEAP) algorithm. Cisco 802.1x/LEAP provides user-based, centralized authentication, as well as per-user wired equivalent privacy (WEP) session keys. Wireless LAN network administrators have been taking advantage of the simplified user and security administration that LEAP provides. Cisco support for 802.1x includes support for most EAP authentication types. With the introduction of Windows XP, Cisco also supports the Transport Layer Security (TLS) EAP subtype and EAP-TLS, as well. As wireless LANs become more prevalent in enterprise networks, they are also extending into the enterprise branch office. We understand that when operating across a Wide Area Network, authentication requests can be sent across the WAN which if experiencing latency at the time could result in packet drops, which leads to user frustration. Here is how we address the problem. Cisco Aironet® deployments in the branch office may send authentication requests back to the authentication server (access control server [ACS] or Remote Access Dial-In User Service [RADIUS] server) across a WAN link. The 802.1x framework uses RADIUS messages for communications between the access point and the authentication server. RADIUS messages use User Datagram Protocol (UDP) and are connectionless, so it is possible during WAN link congestion for RADIUS packets to be delayed or dropped. This can cause delays or authentication timeouts to users attempting to authenticate to an access point, or when roaming to a different access point. This issue is overcome by giving the RADIUS packets priority on transmissions both from the access point to the RADIUS server and from the RADIUS server to the access point. When priority is given to the RADIUS packets, the WAN routers service them before lower-priority traffic. The end result is that LEAP clients can authenticate successfully during times of WAN link congestion. Emergence would like its customers to know that all of its wireless solutions are totally secure. Part of the installation process involves the security team of our professional services group evaluating the overall security of the system that we deploy on the customers behalf, if it does not meet the security teams exacting standards (as defined by the United States Department of Defense), we will not commission the link until it does. We want to ensure all of our customers that all precautions are taken when securing your data and you can take that to the bank, we guarantee it. |
||||
Products | Coverage | About Us | Contact Us | Search | Home
|