The goal was to work to integrate products not just from [Cisco] but with third parties. The security implication is that we can have an environment where products are tested together and some of the different security scenarios can be looked at, taking the burden off of the integrator and off of the customers themselves. What are some specific wireless security procedures Cisco advocates?
We believe a secure architecture is based on three components, in addition to best practices that must be followed by the enterprise such as strong password rules and enforcement policies. First, with the wireless and LAN-based solutions, one of the key things is ensuring the security back to the network from the client device is of the highest level possible. For that we recommend standards like IEEE (Institute of Electrical and Electronic Engineers) 802.11i and WPA2 (the Wi-Fi Alliance certification program for products that implement IEEE 802.11i security enhancements). If someone is using a wireless network outside the enterprise, we highly recommend they use a VPN when they need to connect back to the corporate network from the outside. The second component is protecting the device itself and ensuring that as more and more devices come with embedded wireless cards that you protect that device from nefarious activity in an untrusted environment like an airport or cafe. The third component is that when a device comes back inside the enterprise network that the network is protected from the accidental introduction of malware. What is Cisco is doing to bolster security?
We've taken steps to integrate the NAC (network access control) appliance and framework with our wireless LAN infrastructure so no matter how the device connects back into the enterprise, whether it's through a wired connection or a wireless LAN connection, the same security enforcement policies are applied and the enterprise network -- wired and wireless -- is protected.
Absolutely correct. All of Cisco's enterprise-class products are up to the 802.11i standard and have been for some time. Cisco's wireless LAN equipment is part of the Wi-Fi Alliance's test bed, which shows how well the equipment performs. It's what all other technology is tested against. Cisco CEO John Chambers has really played up the concept of the Self-Defending Network in recent years. Explain how Cisco's latest work on the mobile front ties into the concept.
What we've done on the mobile side ties in quite well with the Self-Defending Network. We have integrated the Cisco NAC framework and appliance with the Cisco Unified Wireless Network so the same policies for protecting the network have now been introduced into the wireless networking infrastructure, in a way where the IT departments still manage only one set of policies that are applied equally to wired and wireless no matter how the device is being connected to the network. Another security issue that has been raised in the past is how well -- or not -- different vendors work together, even if they are competitors in certain areas, to ensure compatibility with other pieces of the IT infrastructure. One example is Cisco working with Microsoft to bridge the NAC-NAP gap. Talk about what you are doing on the wireless side to ensure compatibility with other infrastructure products that might be part of a company's network.
A large part of this is still within our NAC initiative. Clearly, the convergence trend of devices having multiple types of connections is accelerating and so the types of partnerships we have with other companies works to solve some of the security issues that have traditionally occurred with clients on the wired side that are now on the wireless side. [Meanwhile], we continue to be a strong supporter of the testing being done by the Wi-Fi Alliance to ensure there's a good baseline of interoperability.
IT Decision Center
IT Decision Center