Version 4.1 - 6.4 Wireless Security
Much of this topic was covered in previous sections. Wireless technology was covered in section 1.8. WEP, WPA and WPA2 was covered in section 2.0. And wireless attacks were covered in section 4.1.g. So let's see what else we can pull up related to wireless without rehashing the previous subjects.
In the Design Guides, there is a Wireless and Network Security Integration Solution Overview.
The Solution Components were previously discussed, but the guide is good for seeing the components put together into a solution. Especially interesting is Figure 2 - Cisco Unified Wireless Architecture Overview.
Wireless, due its over the air transmission, has unique security requirements. The primary security concerns for a wireless network are:
•Rogue access points and clients that can create backdoor access to the company's network.
•Hacker access points, such as evil twins and honeypots, that try to lure your users into connecting to them for purposes of network profiling or stealing proprietary information.
•Denial of service that disrupts or disables the wireless network.
•Over the air network reconnaissance, eavesdropping, and traffic cracking. This is now primarily a legacy issue as the wireless industry has done a good job creating standard approaches to user authentication and traffic encryption via 802.11i and WPA.
•Controlling the networks wireless users connect to, especially when they are outside of the office.
•Wireless security for guest users.
One thing that I haven't seen much of in the Study Guides relates to the WSM - Cisco Aironet Access Point Wireless Security Module.
Another thing that I haven't seen mentioned that may pop up relates to the Cisco CleanAir Technology.
Cisco CleanAir is a spectrum intelligence solution designed to proactively manage the challenges of a shared wireless spectrum. It allows you to see all of the users of the shared spectrum (both native devices and foreign interferers). It also enables you or your network to act upon this information. For example, you could manually remove the interfering device, or the system could automatically change the channel away from the interference. CleanAir provides spectrum management and RF visibility. A Cisco CleanAir system consists of CleanAir-enabled access points, Cisco Wireless LAN Controllers, and Cisco Prime Infrastructure.
With "wireless" being on so many sections, you're likely to get a good handful of questions on it. Know all aspects of the technology and its security.