Home > Articles > Home & Office Computing > Microsoft Windows Desktop

  • Print
  • + Share This
This chapter is from the book

Secure the Wireless Connection with 802.1x Authentication

Because the nature of wireless networking is such that packets are just sent out into the air, it is very easy to have those packets intercepted. What's disturbing about this for some is that user names and passwords, as well as other sensitive information, are just as likely to be intercepted.

One of the technologies to combat this is 802.1x authentication. 802.1x authentication can help ensure that wireless communication between client and access point is encrypted, and it also prevents unauthorized users from accessing the network.

Encrypted data—a.k.a. cipher text—has been rearranged into a secret code, and it can only be decoded by the holder of the decryption key. Encryption keys and encrypted messages have been around for several thousand years, ranging from simple letter substitution schemes, such as those employed by "secret decoder rings," to the German's Enigma machine in WWII, which was cracked once the Allies figured out the key, to incredibly complex mathematical functions that are used to encrypt a single file and then are discarded. That way, even if someone were to spend the hours or days or years necessary to crack the key for one message, it wouldn't do them any good on the next message.

At any rate, here's how you set up encryption on the wireless client:

  1. From the Wireless Networks tab, choose the network for which you want to enable or disable IEEE 802.1x authentication, and then click Properties.
  2. On the Association tab, select WEP from the Data Encryption drop-down box. WEP is an abbreviation for Wired Equivalent Privacy, and it provides a level of data encryption by itself. You could stop here if you want, and the date sent to and from the wireless access point would be encrypted. 802.1x authentication is more secure, however. To enable it, keep going.
  3. Click the Authentication tab. On the Authentication tab, select "Enable IEEE 802.1x authentication" for this network check box, as shown in Figure 10-12. You have two choices here:
    • Protected Extensible Authentication Protocol (PEAP). PEAP is a wireless security protocol developed jointly by Microsoft, RSA Security, and Cisco. It transmits authentication data and passwords over wireless networks.
    • Smart Card or other Certificate. These use either physical cards that store user credentials or digital IDs that do roughly the same.
    10fig12.jpg

    Figure 10-12 Using a smart card for 802.1x authentication.

Note that if you select either of these 802.1x authentication methods, you will have additional configuration to do, such as specifying the type of certificate used. You can do this configuration by choosing Properties.

To disable IEEE 802.1x authentication for this connection, clear the "Network access control using IEEE 802.1X" check box.

When connecting to a wireless network, the client does so using the highest level of security that the network is capable of. Therefore, enabling 802.1x authentication for one connection still allows connections to other, non-secure networks where this authentication is not in place. In other words, leaving 802.1x authentication enabled for one network will not adversely affect your ability to use the computer in a wide variety of wireless networks.

That said, a full discussion of the wireless encryption protocols is beyond the scope of this book.

  • + Share This
  • 🔖 Save To Your Account