Team LiB
Previous Section Next Section

SAFE WLAN Design Techniques and Considerations

The SAFE WLAN design is part of the overall SAFE design guide, which was briefly discussed in Chapter 6, "Secure Design." The SAFE blueprint from Cisco for network security offers a defense-in-depth, modular approach to security that can evolve and change to meet the needs of businesses.

This section of the chapter integrates the previously discussed weaknesses with mitigation techniques, which are then applied to a variety of different networks. The size and security concerns of a specific design dictate the mitigation techniques that are applied to a WLAN design.

For instance, in standard WLAN designs, it is assumed that all WLAN devices are connected to a unique IP subnet to enable end user mobility throughout various designs. The designs are based on the assumption that most services available to the wired network are also available to the wireless network addition. All designs include the following WLAN security recommendations. The list differentiates between recommendations for access points and stations.

NOTE

The following list is just an example. For a complete list, please refer to the document "Cisco SAFE: WLAN Security in Depth," which covers the standard WLAN design guidelines. You can find the document at the following website: http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutions_white_paper09186a008009c8b3.shtml.


Access point recommendations:

  • Enable centralized user authentication (RADIUS, TACACS+) for the management interface.

  • Consider using Simple Network Management Protocol (SNMP) Read Only if your management infrastructure allows it.

  • Enable wireless frame encryption where available.

  • Physically secure the access point.

Station recommendations:

  • Enable wireless frame encryption where available.

  • Use password protection for all your wireless devices.

NOTE

More information on the SAFE WLAN design guide can be found at http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns128/networking_solutions_white_paper09186a008009c8b3.shtml.

In this document, the reader can notice that distinctions are made for the following types of WLAN design: large network, medium network, small network, and remote user.


    Team LiB
    Previous Section Next Section