Securing Wireless LANs with PEAP and Passwords
Updated: April 3, 2004
Download This Accelerator
Click here to download Securing Wireless LANs with PEAP and Passwords from the Microsoft Download Center.
About this Accelerator
Securing Wireless LANs with PEAP and Passwords is designed to guide you through the complete life cycle of planning, deploying, testing, and managing a wireless security solution.
This solution is based on the Institute of Electrical and Electronic Engineers (IEEE) 802.1X authentication protocol, and was built and tested using Microsoft Windows XP clients, Microsoft Pocket PC 2003 clients, and computers running Microsoft Windows Server 2003
Securing Wireless LANs with PEAP and Passwords is a companion guide to another Microsoft Solution Accelerator for WLANs: Securing Wireless LANs with Certificate Services, which is intended for large organizations. This Accelerator is considerably simpler and easier to deploy, and is designed for small and medium–sized organizations. The primary technological difference between the two Accelerators is that one uses public key certificates to authenticate users and computers to the WLAN whereas the other uses user name and password authentication. Other distinguishing features of this solution are that it uses existing (rather than new) server hardware, employs a simpler administrative delegation model, and automates many more of the configuration tasks using scripts and predefined settings.
In More Detail
This guide consists of the following chapters:
Chapter 1: Choosing a Strategy for Wireless LAN Security
The chapter helps you to decide on the most suitable method of securing WLANs in your organization. To do this, the chapter includes four main topics:
- The arguments for wireless LANs (and the security concerns associated with them)
- Using secure WLAN standards
- Alternative strategies such as VPN and Internet Protocol security (IPsec)
- Selecting the right WLAN options
Chapter 2: Planning a Wireless LAN Security Implementation
This chapter describes the architectural design of the wireless LAN security solution. It covers the following topics:
- How a WLAN solution based on 802.1X and Protected Extensible Authentication Protocol (PEAP) works.
- A description of the target organization for this solution and the key design criteria for the solution.
- Developing a WLAN security solution design based on the requirements of the target organization.
- Describing how this basic design can be scaled for much larger organizations.
- Discussing variations on the design to accommodate requirements outside the core solution such as introducing VPN or wired 802.1X networking.
The chapter concentrates on the design of a RADIUS infrastructure (using IAS, the RADIUS implementation included with Windows Server) to provide strong authentication and key management services. The chapter also includes a discussion of the wireless clients supported by the solution and the certificate requirements.
Chapter 3: Preparing Your Environment
This chapter focuses on the underlying IT infrastructure needed to support this WLAN solution. It describes the preparation of Active Directory Domain Services, Dynamic Host Configuration Protocol (DHCP), DNS, and underlying network requirements. It also includes procedures to apply security settings and install required security updates to the servers used in the solution.
Chapter 4: Building the Network Certification Authority
This chapter describes how to install a simple certification authority (CA) on a domain controller to provide certificates for the IAS servers. The procedures to do this are largely automated using scripts included with the guidance. The CA built for this solution is dedicated to the specific task of issuing certificates to the IAS servers and, as such, requires little or no ongoing maintenance.
Chapter 5: Building the Wireless LAN Security Infrastructure
This chapter gives instructions on how to deploy your WLAN security components, the IAS servers and the wireless access points (AP). It includes step-by-step guidance on installing IAS on a domain controller (or member server), configuring IAS settings and policies, setting up wireless APs to use the IAS servers, and replicating IAS settings between the IAS servers.
Chapter 6: Configuring the Wireless LAN Clients
This chapter contains the procedures to configure the clients supported by the solution. The three main sections of the chapter focus on controlling user and computer access to the WLAN, configuring the group policy settings for Windows XP WLAN clients, and manually configuring WLAN settings for Pocket PC 2003 clients.
Chapter 7: Testing the Secure Wireless LAN Solution
This chapter is derived from the test plan used by the Microsoft team when testing this solution. The build chapters (3 to 6) contain regular verification procedures used throughout the build process to verify that things are progressing correctly. This chapter supplements those procedures with a set of extra tests that you should carry out prior to deploying the solution in production.
Chapter 8: Maintaining the Secure Wireless LAN Solution
This chapter focuses on keeping the WLAN security infrastructure running properly. The first part of the chapter includes the key operational tasks that you need to maintain the system. These tasks are divided into different categories: everyday maintenance tasks, monitoring and alerting; introducing changes into the environment; optimizing performance; and resolving problems. The final troubleshooting section includes a series of troubleshooting flowcharts, tables, and procedures along with detailed descriptions of a number of troubleshooting tools and techniques that you can use to help you diagnose and fix problems.
Included in this Download
Securing Wireless LANs with PEAP and Passwords includes the following components:
- Securing Wireless LANs with PEAP and Passwords.pdf
- Choosing a Strategy for Wireless LAN Security.pdf
- Tools and Templates
You might also find the following resources helpful
- See other Solution Accelerators that focus on security at the Security Solution Accelerators site on Microsoft TechNet.
- For information about IEEE Wireless Standards, see the IEEE Web site.
- For information about the Wi-Fi Alliance, see the Wi-Fi Alliance Web site.
Community and Feedback
- Want to know what’s coming up next? Check out our Security Guidance Blog.
- E-mail your feedback to the following address: SecWish@microsoft.com
- If you’ve used a Solution Accelerator within your organization, please share your experience with us by completing this short survey (less than ten minutes long).
About Solution Accelerators
Solution Accelerators are authoritative resources that help IT professionals plan, deliver, operate, and manage IT systems that address real-world scenarios. Solution Accelerators provide free prescriptive guidance and automation to accelerate cross-product integration, core infrastructure development, and other enhancements.
Register to receive the Solution Accelerator Notifications newsletter so that you can stay informed about new Solution Accelerator releases and updates. The newsletter covers such areas of interest as
- Communication & Collaboration
- Security, Data Protection, & Recovery
- Operations & Management
Download This Accelerator
Click here for to download Securing Wireless LANs with PEAP and Passwords from the Microsoft Download Center.