| < Day Day Up > |
|
Wireless networks have a high potential for abuse because potential attackers can access the network without physically entering a building.
WEP provides authentication and encryption. However, because of a weakness in the way static WEP uses encryption keys, it is vulnerable to attacks that can compromise the privacy and integrity of network communications.
802.1X authentication can be used to overcome static WEP’s most significant security vulnerability by forcing wireless clients to reauthenticate to a RADIUS service on a regular basis, thereby generating a new shared secret. When WEP is forced to automatically generate a new shared secret on a regular basis, it is called dynamic WEP.
To authenticate wireless users by using a user name and password pair, use PEAP authentication. To authenticate users with public key certificates, use EAP-TLS.
WPA provides stronger encryption than WEP but is not as widely supported.
You should publish policies defining how wireless networks can be used and how they should be configured in your organization.
The most efficient way to assign authorization rights for wireless clients is to create groups specifically for wireless users and computers in Active Directory.
You can use Certificate Services to enroll certificates for the IAS server and, if you use EAP-TLS authentication, the wireless clients.
If you use WEP encryption, you can configure Windows XP and Windows Server 2003 wireless clients by using a GPO.
| < Day Day Up > |
|