When you set up your wireless infrastructure, you want to use 802.1x authentication, which beefs up the poor security...
available in the 802.1b protocol. Fortunately, you can get this authentication easily in your Windows XP clients. This tip, excerpted from InformIT, tells you just how to set up 803.1x authentication to make your wireless (and your wired, for that matter) network more secure.
802.1x authentication adds an extra level of security to the weak and vulnerable 802.11b authentication used by most wireless networks on the market today. Due to weaknesses in the Wired Equivalent Privacy (WEP) algorithm and issues surrounding misconfigured settings, sophisticated hackers or script kiddies with the right programs can gain access to a network in a few minutes. With the release of Windows XP, Microsoft puts added security in every user's grasp, with the one requirement that they have administrator permission. To set up the 802.1x security on a connection:
- Go to Start
- Right click on My Network Places and select Properties from the menu
- Right-click the Wireless Network Connection and select Properties
The ability to use 802.1x is available for all network connections, not just the Wireless Network Connection.
- Click the Authentication tab:
- Check the Network access control using IEEE 802.1X check box to enable 802.1x authentication (enabled by default)
- Clear the Network access control using IEEE 802.1X check box to disable 802.1x authentication
- Under EAP type, select the Extensible Authentication protocol you wish to use with the connection. If you use Smart Card or other Certificate, other options are available by clicking Properties and adjusting the Smart Card or other Certificate Properties.
- To use the authentication provided by the certificate on your smart card, click Use my smart card.
- To use the authentication provided by the certificate stored on your computer, click Use a certificate on this computer
- If using a certificate on the local computer:
- Check the Validate server certificate box
- Select Connect only if server name ends with, enter domain name, and select the Trusted root certificate authority from the drop down menu.
- Select Use a different user name for the connection if the smart card or local certificate does not contain proper information for the connection
- To enable a computer to attempt authentication if the user is not logged on, select the Authenticate as computer when computer information is available check box.
- To indicate that the computer should attempt authentication if authentication information is not available, check the Authenticate as guest when user or computer information is unavailable check box.
To read the entire article from which this tip comes, click over to InformIT. You don't have to register or jump through any hoops. All you do is get the info you want.
You can read InformIT's security guide, also by this author.