Hardening Wireless LAN Connections Part 1 - Configuring NTP

Configuring Miscellaneous Services on the Cisco Aironet 1200

In addition to the previously mentioned services, the Cisco Aironet 1200 ships with a whole slew of additional services you need to be aware of. They can all be accessed at the Services screen, as shown next (in this case, the screen shows the default status of all the services after I disabled Telnet and permitted only SSH access, as previously recommended).

As you can see, many of the services are disabled by default. In general, you should disable any service you do not need. The Cisco Discovery Protocol (CDP) and Domain Name Service (DNS) are two specific services you should consider configuring.

Cisco Discovery Protocol As previously discussed, CDP is used by Cisco to locate other Cisco devices. Unless you are using a network management system that takes advantage of CDP, you should disable it. If you do require CDP, you should consider whether you need the CDP broadcasts to be sent over the WLAN. If you do not, you should disable CDP on the Radio0-802.11B radio, as shown next. Click Apply when you are finished.

Domain Name Service DNS is used to allow the WAP to resolve names to IP addresses. It does not allow the WAP to operate as a DNS server. DNS is largely a service of convenience, allowing you to enter device names at various fields so that the WAP can automatically resolve and convert those names to IP addresses. Like all services, however, if you do not require this functionality, you should disable it. Remember, any running service is potentially vulnerable to current exploits as well as unknown future exploits.  

This is from Hardening Network Infrastructure, by Wesely Noonan (McGraw-Hill/Osborne, ISBN 0072255021). Check it out at your favorite bookstore today. Buy this book now.