Coverage extending beyond the facility Two way verification
One of the main concerns with implementing WLAN technology into networks is that WLANs "put my ports" on the outside of the facility, meaning that the wireless signal extends beyond the building, to the parking lot for example. Without any form of security an intruder could potentially use any 802.11 compliant card to access the network. And even when using WEP security, it might be possible for an intruder to capture network traffic outside the building and learn the system WEP keys. Because wireless traffic is broadcasted, and not directed to an individual, anyone with a wireless card could potentially get into the system.
Using the security features on the Cisco Aironet products allows for two-way verification. With RADIUS server support, the client verifies that the access point is an allowed access point while at the same time the access point verifies that the client is allowed. This means a secure channel and secures transmissions.
A user may associate to an access point but would not be granted access to network resources until the user performed a network logon. All attempts to gain access to the network resources will be blocked until the network logon is performed. And because all data is encrypted, a user trying to capture data outside the facility would not be able to use the data.
One of the biggest benefits of 802.1X is that it provides very strong authentication. Stealing or deriving a WEP key or spoofing a MAC address is no longer sufficient for gaining access to the WLAN.
Was this article helpful?