Cisco Tips & Tricks

June 16, 2006

WiFi Security Standards & Best Practices

Filed under: Router, security, wifi — ciscotips @ 2:20 pm

Ramneek Khurana sent me following post for Wifi Best practices.

Latest Wifi security standards WPA2

In 2004, the Wi-Fi Alliance introduced Wi-Fi Protected Access 2 (WPA2™), the second generation of WPA security. Like WPA, WPA2 provides enterprise and home Wi-Fi users with a high level of assurance that their data will remain protected and that only authorized users can access their wireless networks. WPA2 is based on the final IEEE 802.11i amendment to the 802.11 standard ratified in June 2004. WPA2 uses the Advanced Encryption Standard (AES) for data encryption and is eligible for FIPS (Federal Information Processing Standards) 140-2 compliance.WPA2 supports IEEE 802.1X/EAP authentication or PSK technology. It also includes a new advanced encryption mechanism using the Counter-Mode/CBC-MAC Protocol (CCMP) called the Advanced Encryption Standard (AES).

WPA2 Security Advantage

When compared with the IEEE 802.11 security standard using 40-bit WEP with no dynamic keying, TKIP and AES make it far more difficult-if not impossible-for a would-be intruder to break into a Wi-Fi network. By greatly expanding the size of keys and number of keys in use, creating an integrity checking mechanism, using a strong encryption cipher; and imposing replay protection, AES and TKIP greatly increase the strength and complexity of wireless encryption. Together with the IEEE 802.1X/EAP mutual authentication framework, TKIP and AES magnify the complexity and difficulty involved in decoding data on a Wi-Fi network—making the Wi-Fi network secure.

AP side configs for WPA2

!

interface Dot11Radio0

  !

encryption mode ciphers aes-ccm

Wifi Aps management security best practices

1.)     Disable the wifi management via radio interfaces, management should be allowed only via Ethernet interface on AP.

2.)     Apply VTY filters to make sure the management interfaces are accessible only via management VLANs
3.)     Disable the http/https service on AP.  

Advertisements

1 Comment »

  1. Nice read! Just thought to give a swift comment in regard to the sound topic and hints!

    Comment by Protection measures — May 18, 2010 @ 12:38 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: