Cisco Fortifies WLAN SecurityBy Carmen Nobel | Print
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
The company is pumping AES support into its line of WLAN access points, via an 802.11a radio module.
Cisco Systems Inc. is preparing to introduce products to its WLAN line that add support for AES, among other security and management features.
While Cisco is not the first wireless LAN provider to embrace Advanced Encryption Standard, its support will bring peace of mind to many IT managers who have standardized on the leading enterprise WLAN provider's technologyespecially those required to offer government-caliber security for their wireless networks.
By year's end, Cisco will introduce "Kodiak," an 802.11a radio module for the popular Aironet AP1200 access point, according to sources familiar with the San Jose, Calif., company's plans. Kodiak supports the IEEE 802.11i security protocol, ratified last month, which is based largely on AES.
There will be two versions of the module, one with an integrated antenna and one with connectors for remote antennas, the sources said. Cisco also will introduce software that supports AES for Kodiak and for its 802.11g AP1100 and AP1200 access points.
AES is a federally approved encryption standard based on 128-bit keys generated by the Rijndael algorithm, resulting in stronger encryption than either TKIP (Temporal Key Integrity Protocol) or the more common WEP (Wired Equivalent Privacy).
But there is a downside. AES can be difficult to implement on an existing WLAN, especially for campuses with hundreds of access points.
"The cost to AES is that you can't do it in software and get the computational throughput you need, so you have to put in hardware," said Kevin Baradet, chief technology officer of the Johnson School of Management at Cornell University, in Ithaca, N.Y., and an eWEEK Corporate Partner. "It depends on the value of the data that you're shooting around. If the data is sufficiently valuable, you're going to deploy AES to secure it."
Beyond standard security protocol support, Cisco plans to add EAP-FAST (Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling) security across its line of enterprise access points by the end of the year, sources said. EAP-FAST is a proprietary Cisco protocol that uses protected access credentials to establish an authenticated tunnel between a client and a server.
Cisco also by year's end plans to offer better support for multiple BSSIDs (basic service set identifiers) for IT administrators looking to maintain several applications with differing security requirements on a single access point, for example.
Cisco also will introduce Version 3 of its CCX (Cisco Compatible Extensions) software licensing program, which lets other vendors' WLAN clients work with Cisco geareven with Cisco's proprietary technology. CCX 3 will include several other upgrades, sources said.
Other enhancements for the Cisco Aironet line include the addition of IP redirects, which allow administrators to control policies for user connections, as well as support for Wireless Media Extensions, the Wi-Fi Alliance's interim QOS (quality-of-service) protocol. An IEEE QOS protocol dubbed 802.11e is in the works but likely won't be ratified until next year.
Cisco officials declined to comment on unannounced products.