Extensible Authentication Protocol (EAP): A standardized authentication framework defined by RFC 4187 that provides encapsulated transport for authentication parameters. EAP authentication types provide a potentially better means of securing the WLAN connection. Some of the most commonly deployed EAP authentication types include EAP-MD-5, EAP-TLS, EAP-PEAP, EAP-TTLS, EAP-Fast, and Cisco LEAP. EAPTTLS and PEAP requires server-side certificate where as EAP-TLS requires both client and server side certificates.
Web Authentication or Web Auth is a layer 3 security method that allow client to pass DHCP & DNS traffic only untill they have passed some form of authentication. This is greatly used in wireless guest access service where no client side configuration required.
WLC has four authentication policies.
1. Authentication
2. Passthrough
3. Conditional Web Redirect
4. Splash Page Web Redirect
Phase-shift keying (PSK) is a digital modulation process which conveys data by changing (modulating) the phase of a constant frequency reference signal (the carrier wave). A symmetric algorithm is one which uses the same key for encryption and decryption. Examples of symmetric algorithm are DES, 3DES, AES, and IDEA. An asymmetric algorithm is one which uses different keys for encryption and decryption. Examples of asymmetric algorithm are RSA, and Diffie-Hellman.
According to Cisco, security solutions for an organization may be broadly divided into three categories. These are:
A. Physical security: The following form physical security
B. Administrative security: the following form administrative security
C. Logical security
Endpoint security is an approach to secure computer networks and all client devices remotely bridged to the network. Endpoints are devices such as laptops, desktops, mobile phones, etc., that are connected across networks. These devices serve as entry points for cybercriminals looking to gain unauthorized access to sensitive assets and information.
An endpoint is a spot where two devices interact in a network. It includes a wide array of devices that employ remote connectivity. Some examples of endpoints that require security are:
NGFW: A next-generation firewall (NGFW) is a security appliance that processes network traffic and applies rules to block potentially dangerous traffic. NGFWs evolve and expand upon the capabilities of traditional firewalls. They do all that firewalls do, but more powerfully and with additional features.
Benefits of Next Generation Firewall
The differentiating features of next generation firewalls create unique benefits for the companies using them. NGFWs are able to block malware from entering a network, something that traditional firewalls would never be able to achieve. They are better equipped to address Advanced Persistent Threats (APTs). NGFWs can be a low-cost option for companies looking to improve their basic security because they can incorporate the work of antiviruses, firewalls, and other security applications into one solution. The features of this include application awareness, inspection services, as well as a protection system and awareness tool that benefit
TrustSec is a next-generation access control enforcement solution developed by Cisco, to address the growing operational challenges related to maintaining firewall rules and ACLs by using Security Group Tag (SGT) tags. TrustSec uses SGT tags to perform ingress tagging and egress filtering to enforce access control policy.
TrustSec configuration occurs in three phases:
The syntax for configuring a switch port to use 802.1x is:
Switch(config-if)# dot1x port-control [force-authorized | force-un-autorized | auto ]
Ports can be in one of three authorization modes. The first mode, force-authorized, and default mode. In first mode, a port is always authorized. Force-authorized mode is used when you do not want to run 802.1X on a particular port. This is typically the case when connecting to another switch, or a client PC that do not support 802.1X. The next mode, auto, is the normal 802.1X mode. A port in auto mode will not become authorized unless it receives a positive response from the authentication server. The final mode, force-unauthorized, prevents a port from becoming authorized even if the user has the appropriate credentials. This mode essentially disables the port from use by any user or device.