Wireless Security

I need to make security recommendations for the following wireless-setup.  

ACS Server: Cisco Secure ACS 3.3
Access Point: Cisco AP 1242 AG
Controller: WCS 4400

Please let me know what is the most secure settings including encrytion etc for the above scenario. The compnay is looking to move towards RSA tokens for authnetication and already has Novell LDAP Directory server in place for authnetication.  these 2 pieces can be made part of the security solution.  

any related security advice and links to deploy secure wireless infrastructure will be much appreciated.

Thanks,
Net-Geek
net-geekAsked:
Who is Participating?
 
Smacky311Connect With a Mentor Commented:
Heres the notes I took for my Security+ related to wireless..may help some.

Passive attacks on wireless simply view the data going through it (Sniffing or wardriving).  NetStumbler, a wireless network detector find networks then they are captured with Microsoft's network monitor or Linux's TCPDump.  Radio frequency spectrum analyzers can detect networks with hidden SSIDs then sniffers like Wild Packet's AiroPeek can decode and capture packets.  Active attacks generally have a militious intent.  Attackers can setup a rogue AP with a strong antenna and this can be used to discover the secret key being used for authentication.  NetStumbler and AiroPeek can be used to find rogue APs.

WLAN site surveys test wireless setups to make sure they work.  Site survey forms grab address of site, coverage required, type of existing WLAN, ceiling heights, usage of other radio technologies, availability of ladders and other access equipment.  You walk around a building after setting up AP's and measure signal strength and achieveable data rate.  Different antenna may help.  Mark coverage area on floor plan of building.  AP's should operate on different channels.  WLAN surveys should be done during normal business hours.  Even opening/closing doors affects signals.  You should be able to mount and power AP's w/o the need to depend on existing building services.  Your report should be very detailed and include antenna position.  
0
 
paradoxengineCommented:
Before anything else, make sure to check some 802.1x solutions!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.