Partager via


How to Set Up a Wireless Network with a Security Infrastructure

Due to the nature of wireless LAN networks, implementing a security infrastructure that monitors physical access to the network is difficult. Unlike a wired network where a physical connection is required, anyone within range of a wireless access point can conceivably send and receive frames as well as listen for other frames being sent.

IEEE 802.11 defines a set of standards and protocols you can implement to minimize the security risks to your wireless network. This document provides step-by-step instructions on how to set up a wireless network using the following security standards:

  • 802.1x
  • Wi-Fi Protected Access

802.1x authentication provides authenticated access to 802.11 wireless networks and to wired Ethernet networks. 802.1x minimizes wireless network security risks by providing user and computer identification, centralized authentication, and encryption services based on the Wired Equivalent Privacy (WEP) algorithm. 802.1x supports the Extensible Authentication Protocol (EAP). With EAP, you can use different authentication methods, such as smart cards, and certificates.

WPA is an implementation that is based on a subset of the IEEE 802.11i standard. WPA, when used with the Temporal Key Integrity Protocol (TKIP) and the Michael message integrity check (MIC) algorithm, provides enhanced security for wireless networks.

For more information about 802.1x, WPA, and wireless technology, visit this Microsoft Web site for a list of links to related technical articles.

Note   To successfully complete the steps in the following procedure, you must have extensive knowledge of Windows server administration and networking.

Microsoft used Microsoft Windows Server 2003 for testing purposes. Most of the following steps refer to Windows Server 2003-related procedures. To obtain additional information about any of these steps, see Windows Server 2003 Help.

If you use a different server operating system (OS) to set up your wireless network, refer to the product-specific documentation.

Hardware and Software Requirements

This document makes the following assumptions:

If you encounter problems with any of the steps, refer to the Troubleshooting: Setting up a Wireless Network with a Security Infrastructure.

To track your progress in the following table, select the check box next to each step.

  Step Topic
1. Familiarize yourself with the requirements for how to set up the networking and security infrastructure, and connect the different devices on your wireless network using the network topology. Wireless Network with Security Infrastructure Lab Requirements
2. Install Microsoft Windows Server 2003.

For information about how to install Windows Server 2003, see the Windows Server 2003 Getting Started guide.

Installation Settings for a Wireless Network Using Windows Server 2003
3. Create a domain controller.

For information about how to create a domain controller, in the Windows Server 2003 product Help, see "Domain controller role: Configuring a domain controller," and select the Creating a domain controller for a new forest option.

Domain Settings for a Wireless Network
4. Remove the Internet Explorer Enhanced Security Configuration Component to facilitate accessing the Web-based configuration pages for your access points.

For information about how to remove this component, in the Windows Server 2003 product Help, see "Apply Windows 2000 default Internet Explorer security settings".

Not applicable.
5. Configure the Dynamic Host Configuration Protocol (DHCP) Server, create and authorize a scope.

For information about how to configure DHCP Server, in the Windows Server 2003 product Help, see "DHCP server role: Configuring a DHCP server."

DHCP Server Settings for a Wireless Network
6. Use DHCP to reserve static IP addresses for your wireless access points.

For information about how to reserve static IP addresses using DHCP server, open DHCP from Administrative Tools, and from the Help menu choose Help Topics. In the DHCP Server help, search for "Add a client reservation."

Static IP Address Settings for the Wireless Access Points
7. Configure Microsoft Active Directory for users and groups.

For information about how to create user accounts in Active Directory, from Administrative Tools open Active Directory Users and Computers, and from the Help menu choose Help Topics. In the Active Directory Help, search for "Manage Users, Groups, and Computers."

Configuring Active Directory for a Wireless Network
8. Familiarize yourself with certificate infrastructure. Certificate Infrastructure for a Wireless Network
9. Install and configure application services.

For information about how to install application services, see "Application server role: Configuring an application server" in the Windows Server 2003 product Help.

When you configure the Application server, select the Enable ASP.NET option on the Application Server Options page of the Configure Your Server Wizard

Not applicable.
10. Install certificate services. Installing Certificate Services and IAS on Windows Server 2003
11. Configure certificate server templates. Configuring Certificate Server Templates with Windows Server 2003
12. Create the IAS clients.

For more information about how to create IAS clients, from Administrative Tools open Internet Authentication Service, and from the Help menu choose Help Topics. In the Internet Authentication Service Help, search for "Add RADIUS clients."

IAS Client Settings for Windows Server 2003
13. Create remote access policies. Configuring Remote Access Policies with Windows Server 2003
14. Configure both wireless access points.

Choose a topic based on the access point you want to configure. For more information, see Configuring the Wireless Access Points for a Network with a Security Infrastructure.

Configuring the WPA-Enabled Wireless Access Point

Configuring the 802.1x Wireless Access Point

15. Create a wireless configuration and download it to your CEPC. Creating a Wireless Configuration for a CEPC
16. Install wireless certificates on your CEPC. Enrolling the CEPC for a Certificate
17. Test wireless connectivity on your CEPC.

Choose a topic based on the aspect of wireless connectivity you want to test. For more information, see Testing Wireless Connectivity.

Testing Wireless Connectivity Using Certificates

Testing Wireless Connectivity Using EAP-PEAP

Testing Wireless Connectivity Using WPA-PSK

**The non-Microsoft software and hardware referenced in this document are included for illustrative purposes only. Illustrations that use such third party software and hardware as examples are not intended to be an endorsement or recommendation of any of these products. We provide this information only as a convenience for our customers for purposes of explaining a practical application and do not provide warranties of any kind, whether express, implied or statutory, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

See Also

Communications and Security How-to Topics | Windows CE .NET Wireless Technology Overview

Last updated on Wednesday, April 13, 2005

© 2005 Microsoft Corporation. All rights reserved.