Wireless Security

Posted on 2006-11-02
Medium Priority
Last Modified: 2010-04-11
I need to make security recommendations for the following wireless-setup.  

ACS Server: Cisco Secure ACS 3.3
Access Point: Cisco AP 1242 AG
Controller: WCS 4400

Please let me know what is the most secure settings including encrytion etc for the above scenario. The compnay is looking to move towards RSA tokens for authnetication and already has Novell LDAP Directory server in place for authnetication.  these 2 pieces can be made part of the security solution.  

any related security advice and links to deploy secure wireless infrastructure will be much appreciated.

Question by:net-geek
LVL 13

Accepted Solution

mrroonie earned 100 total points
ID: 17865970

Assisted Solution

Smacky311 earned 100 total points
ID: 17866158
Heres the notes I took for my Security+ related to wireless..may help some.

Passive attacks on wireless simply view the data going through it (Sniffing or wardriving).  NetStumbler, a wireless network detector find networks then they are captured with Microsoft's network monitor or Linux's TCPDump.  Radio frequency spectrum analyzers can detect networks with hidden SSIDs then sniffers like Wild Packet's AiroPeek can decode and capture packets.  Active attacks generally have a militious intent.  Attackers can setup a rogue AP with a strong antenna and this can be used to discover the secret key being used for authentication.  NetStumbler and AiroPeek can be used to find rogue APs.

WLAN site surveys test wireless setups to make sure they work.  Site survey forms grab address of site, coverage required, type of existing WLAN, ceiling heights, usage of other radio technologies, availability of ladders and other access equipment.  You walk around a building after setting up AP's and measure signal strength and achieveable data rate.  Different antenna may help.  Mark coverage area on floor plan of building.  AP's should operate on different channels.  WLAN surveys should be done during normal business hours.  Even opening/closing doors affects signals.  You should be able to mount and power AP's w/o the need to depend on existing building services.  Your report should be very detailed and include antenna position.  

Expert Comment

ID: 17877530
Before anything else, make sure to check some 802.1x solutions!

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

It's not just another paperwork submission. Serious planning and rigour to managing the whole thought processes need to be put in place. The intent is not on drilling into the details, but to share tips in getting the first thing right to kick-start…
An Incident response plan is an organized approach to addressing and managing an incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

619 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question