Checklist: Enhance Wireless Network Security by Requiring Certificates for Authentication and Encryption
Applies To: Windows Server 2008
Wireless networks make it possible for network users to access data and resources from multiple locations without relying on a physical connection to the network. The large number and variety of wireless clients and the potential security risks that they pose make it important for administrators to enhance data protection and to prevent unwanted clients from accessing the network. Certificates issued and supported by a Microsoft certification authority (CA) can enhance the security of a wireless network with strong certificate-based authentication and encrypted communication between clients and network servers.
Task | Reference |
---|---|
Set up additional subordinate CAs. (Optional) |
|
Install and configure certificate templates, including the RAS and IAS Server, Workstation Authentication, and User certificate templates. |
|
Configure certificate enrollment. |
|
Deploy RAS and IAS Server certificates. |
|
Configure 802.1X wireless clients by using Group Policy. |
Configure 802.1X Wireless Clients Running Windows Vista with Group Policy |
Configure 802.1X wireless access points as Remote Authentication Dial-In User Service (RADIUS) clients in Network Policy Server (NPS). |
|
If you want to perform authorization by group, create a user group in Active Directory Domain Services (AD DS) that contains the users who are allowed to access the network through the wireless access points. |
|
In NPS, configure one or more network policies for 802.1X wireless access. |