Cisco Fortifies WLAN Security

 
 
By Carmen Nobel  |  Posted 2004-07-19 Email Print this article Print
 
 
 
 
 
 
 

The company is pumping AES support into its line of WLAN access points, via an 802.11a radio module.

Cisco Systems Inc. is preparing to introduce products to its WLAN line that add support for AES, among other security and management features.

While Cisco is not the first wireless LAN provider to embrace Advanced Encryption Standard, its support will bring peace of mind to many IT managers who have standardized on the leading enterprise WLAN providers technology—especially those required to offer government-caliber security for their wireless networks.

By years end, Cisco will introduce "Kodiak," an 802.11a radio module for the popular Aironet AP1200 access point, according to sources familiar with the San Jose, Calif., companys plans. Kodiak supports the IEEE 802.11i security protocol, ratified last month, which is based largely on AES.

There will be two versions of the module, one with an integrated antenna and one with connectors for remote antennas, the sources said. Cisco also will introduce software that supports AES for Kodiak and for its 802.11g AP1100 and AP1200 access points.

AES is a federally approved encryption standard based on 128-bit keys generated by the Rijndael algorithm, resulting in stronger encryption than either TKIP (Temporal Key Integrity Protocol) or the more common WEP (Wired Equivalent Privacy).

But there is a downside. AES can be difficult to implement on an existing WLAN, especially for campuses with hundreds of access points.

Click here to read eWEEK.com Mobile & Wireless Center Editor Carol Ellisons take on the price of 802.11i security. "The cost to AES is that you cant do it in software and get the computational throughput you need, so you have to put in hardware," said Kevin Baradet, chief technology officer of the Johnson School of Management at Cornell University, in Ithaca, N.Y., and an eWEEK Corporate Partner. "It depends on the value of the data that youre shooting around. If the data is sufficiently valuable, youre going to deploy AES to secure it."

Beyond standard security protocol support, Cisco plans to add EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling) security across its line of enterprise access points by the end of the year, sources said. EAP-FAST is a proprietary Cisco protocol that uses protected access credentials to establish an authenticated tunnel between a client and a server.

Cisco also by years end plans to offer better support for multiple BSSIDs (basic service set identifiers) for IT administrators looking to maintain several applications with differing security requirements on a single access point, for example.

Cisco also will introduce Version 3 of its CCX (Cisco Compatible Extensions) software licensing program, which lets other vendors WLAN clients work with Cisco gear—even with Ciscos proprietary technology. CCX 3 will include several other upgrades, sources said.

Other enhancements for the Cisco Aironet line include the addition of IP redirects, which allow administrators to control policies for user connections, as well as support for Wireless Media Extensions, the Wi-Fi Alliances interim QOS (quality-of-service) protocol. An IEEE QOS protocol dubbed 802.11e is in the works but likely wont be ratified until next year.

Cisco officials declined to comment on unannounced products.

Check out eWEEK.coms Mobile & Wireless Center at http://wireless.eweek.com for the latest news, reviews and analysis.

Be sure to add our eWEEK.com mobile and wireless news feed to your RSS newsreader or My Yahoo page

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel