Hardening Windows XP Wireless Clients


Configuring your wireless connections on the WAP is only half the battle. You also need to properly configure the wireless NIC to allow the client to connect to the WAP. As with your WAP, you have three connection methods to configure:

  • WEP

  • WPA using pre-shared keys

  • WPA using RADIUS/802.1x

Hardening with WEP

To configure WEP on a wireless NIC, open your network connections, right-click the wireless NIC, and select Properties. Then click the Wireless Networks tab, shown here:

click to expand
start sidebar
One Step Further

Notice that an available network is already listed. This is a WAP that belongs to one of my neighbors and is broadcasting its SSID. It's really just that easy to locate an open WAP. To illustrate how easy it is to connect to an open WAP, I have personally pulled over on the side of the road near a residential area to access the Internet and send an instant message to a buddy of mine when my cell phone battery died. You absolutely have to harden your wireless network if you are going to use wireless in your environment.

end sidebar
 

At the Wireless Networks tab, click Add to add a new wireless network. At the Wireless Network Properties dialog box, enter the SSID of the WAP to which you want to connect. These values must be the same on both the wireless client and the WAP. Select Shared for the Network Authentication field and WEP for the Data Encryption field. Uncheck the box The key Is Provided for Me Automatically and enter the appropriate WEP key, as shown next . When you re finished, click OK to close the Wireless Network Properties dialog box. Then click OK again to close the Wireless Network Connection Properties dialog box. In a few moments, the wireless NIC will authenticate with and connect to the WAP.

click to expand

Hardening with WPA Using Pre-shared Keys

To configure WPA with pre-shared keys, you need to return to the Wireless Network Properties dialog box, as previously detailed. From the Network Authentication drop-down list, select WPA-PSK. From the Data Encryption drop-down list, select TKIP or AES, as required by your WAP configuration. Enter the pre-shared key, as shown here, and click OK to close the Wireless Network Properties dialog box. Then click OK to close the Wireless Network Connection Properties dialog box. In a few moments, the wireless NIC will authenticate with and connect to the WAP.

click to expand

Hardening with WPA Using RADIUS/802.1x

To configure WPA using Radius/802.1x, you need to return to the Wireless Network Properties dialog box, as previously detailed. From the Network Authentication drop-down list, select WPA. From the Data Encryption drop-down list, select TKIP, as shown at right.

click to expand
click to expand

Next, click the Authentication tab to specify the EAP method, as shown at left. For the EAP type, select Protected EAP (PEAP). This will cause the wireless client to use WPA and PEAP as the 802.1x authentication method to connect to the WAP. The WAP then encapsulates the user authentication passed using MS-CHAP-v2 into a RADIUS datagram and sends the authentication request to the RADIUS server. The RADIUS server responds with the authentication response, and the WAP either permits the connection, if the user was authenticated, or denies the connection, if the user was not authenticated.

start sidebar
Heads Up

You need to obtain the WPA Wireless Security Update for Windows XP (Microsoft Knowledge Base Article 815485) at http://support.microsoft.com/?kbid=815485.

end sidebar
 

Using the Funk Odyssey Client Version 2.28.0.798 to  Support  WPA  and  RADIUS/802.1x

Once you have installed the Odyssey client, select the Odyssey Client Manager from the Start menu. This will cause the Odyssey Client Manager to open, as shown here.

click to expand

In the column on the left, select Networks and then click Add. Enter the appropriate SSID and select WPA for the association mode and TKIP for the encryption method, as shown at left. In the Authentication section, select the profile to use. When you are finished, click OK.

click to expand

The next step is to configure the profile you specified in the network s configuration. Select Profiles and click Properties to edit the initial profile. Select the Authentication tab and click Add to add EAP/PEAP, as shown at right. When you are finished, click OK.

click to expand

The last step is to click Connection and select the network you configured from the drop-down list, as shown at left. As soon as you do this, the client will begin authenticating.

click to expand

When the authentication has successfully completed, your screen should look something like this:

click to expand



Hardening Network Infrastructure. Bulletproof Your Systems Before You Are Hacked.
Hardening Network Infrastructure. Bulletproof Your Systems Before You Are Hacked.
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 125

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net