SAFE WLAN Design Techniques and Considerations
The SAFE WLAN design is part of the overall SAFE design guide, which was briefly discussed in Chapter 6, "Secure Design." The SAFE blueprint from Cisco for network security offers a defense-in-depth, modular approach to security that can evolve and change to meet the needs of businesses.
This section of the chapter integrates the previously discussed weaknesses with mitigation techniques, which are then applied to a variety of different networks. The size and security concerns of a specific design dictate the mitigation techniques that are applied to a WLAN design.
For instance, in standard WLAN designs, it is assumed that all WLAN devices are connected to a unique IP subnet to enable end user mobility throughout various designs. The designs are based on the assumption that most services available to the wired network are also available to the wireless network addition. All designs include the following WLAN security recommendations. The list differentiates between recommendations for access points and stations.
The following list is just an example. For a complete list, please refer to the document "Cisco SAFE: WLAN Security in Depth," which covers the standard WLAN design guidelines. You can find the document at the following website: http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutions_white_paper09186a008009c8b3.shtml.
More information on the SAFE WLAN design guide can be found at http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutions_white_paper09186a008009c8b3.shtml.
In this document, the reader can notice that distinctions are made for the following types of WLAN design: large network, medium network, small network, and remote user.