\r\n The Cisco Unified Wireless Network Solution: Wireless Local Area Network (WLAN) Access System with Integrated Wireless Intrusion Detection System (WIDS) evaluation included the following components 1. Cisco Aironet 1130 AG Series Access Point hardware and WLAN software image version 4.1.185.10 FIPS, Cisco Aironet 1230 AG Series Access Point hardware and WLAN software image version 4.1.185.10 FIPS, and Cisco Aironet 1240 AG Series Access Point hardware and WLAN software image version 4.1.185.10 FIPS; 2. Cisco 4400 Series Wireless LAN Controllers hardware and WLAN software image version 4.1.185.10 FIPS; 3. Cisco Catalyst 6500 Series Wireless Integrated Services Module (WiSM) (Version 4.1.185.10 FIPS), 720 Supervisor blade version 12.2(18)SXF15A and all software running on both cards; 4. Wireless Control System (WCS) Version 4.2.97.0 software distribution 5. Secure Access Control Server (ACS) Version 4.2.0.124.8 software distribution 6. Cisco Wireless Location Appliance series 2710 software version 3.1.38.0 7. Syslog, the Kiwi Syslog Daemon Version 8.3.30 software distribution or the Syslog-ng version 2.0.9 software distribution. The Cisco Unified Wireless Network & Wireless Intrusion Detection System is a Wireless LAN access system (WLAN) with an integrated Wireless Intrusions Detection System (WIDS). The Wireless LAN access system is multiple products operating together to provide secure wireless access to a wired and wireless network. The Wireless Intrusion Detection System (WIDS) are the WIDS capabilities including intrusion detection signatures, rogue AP and rogue device detection with location tracking, and 802.11 management frame protection (MFP). The Cisco Wireless LAN Access System provides end-to-end wireless encryption, centralized WLAN management, authentication, authorization, and accounting (AAA) policy enforcement, and wireless intrusion detection (WIDS) with location tracking.
\r\n The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Cisco WLAN TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 2 augmented with ACM_SCP.1, ALC_FLR.2, and AVA_MSU.1. The product, when delivered configured as identified in Cisco Wireless Local Area Network (WLAN) Access System with Integrated Wireless Intrusion Detection System (WIDS) Installation, Generation and Startup Documentation, Version 17.0, February 19, 2009
The logical boundaries of WLAN are realized in the security functions that it implements. These security functions are realized at the WLAN interfaces that service client and via the administrator commands. Each of these security functions is summarized below.
\r\n\r\n
Administration – The WLAN Administrator security functions provides security capabilities that guarantee all administrators are required to identify and authenticate to the product before any administrative or monitoring actions can be performed. WLAN only allows administration to occur from the wired network. The Management Security Capability provides administrator support functionality that enables a human user to configure and manage WLAN components.
\r\n\r\n
Security Audit – WLAN’s Audit security function supports audit record generation and selective audit record generation functionality. The audit data viewing capability provides administrator support functionality that enables administrators to view audit records and selective view audit records along with allowing them to selectively choose what events they want audited. WLAN monitors the wireless network traffic and performs analysis based on the information it has collected and generates events/alerts for potential intrusions that it has identified. WLAN has 17 standard Wireless Intrusion Detection Signatures (WIDS) which it uses to detect unauthorized or threatening WLAN activity
\r\n\r\n
Encryption - The WLAN wireless network Encryption security function ensures when an administrator has configured encryption that all network packet data payloads are encrypted with the scheme as defined by the administrator for those flows of information occurring in the RF domain. This allows for WLAN to provide end-to-end encryption capabilities between wireless clients, trusted APs and trusted nodes that reside within the WLAN.
\r\n\r\n
Identification & Authentication – WLAN provides identification and authentication (I&A) support of all wireless client hosts connecting to the trusted wired network from the wireless network along with providing I&A support to make sure all administrators are properly identified and authenticated before accessing the product.
\r\n\r\n
Information Flow Control – WLAN provides control of information by enforcing the encryption scheme that has been administratively configured.
\r\n\r\n
\r\n
TOE Protection - WLAN provides for non-bypassability and domain separation of functions within the TOE’s scope of control (TSC). The TOE controls actions carried out by a user by controlling a user session and the actions carried out during a user session. By maintaining and controlling a user session with itself, WLAN ensures that no security functions are bypassed and that there is a separate domain for the TOE that prevents it from being interfered or tampered with for those users that are within the TOE’s scope of control.
","features":[]}