Guidelines For Designing Security Using 802.ix

By Author: Jasmine
Total Articles: 286
Comment this article

802.lx provides many security advantages over microsoft exams used alone. Follow these guidelines when designing security for 802.lx:
Use Group Policy to set client settings. Using Group Policy will provide uniformity and ensure the wireless access policy is being followed.
Set network to Access Point (Infrastructure) Networks Only.
Do not select the Automatically Connect To Non-Preferred Networks check box.
Use SSL or SSH when remotely managing wireless access points. This "will prevent capture of configuration data.
Use IAS remote access policies to control connection authorization. Provide fulltime staff with authenticated unrestricted access; provide contractors and business partners with authenticated, restricted access to specific networks and applications; and provide visiting guests access to the Internet, VPN access back to their own organizations, or both.
Use IAS remote access policies to control session specifications, encryption strength, IP packet filters, and static routes.
Use IAS connection policies to validate APs and ...
... restrict their access.
Use Active Directory and a wireless network policy to leverage automatic configuration of networking clients. (A different policy can be configured for each GPO.)
Mitigate the threat of WEP attacks by increasing the frequency of session key change. A lot of data must be captured by the attacker before he can deduce the
keys. If the keys are changed before he obtains enough information, he will have to start all over again.
Use the "Guidelines for Designing Authentication Using 70-270 Exam" section that follows.
Specifying smart card or other certificate properties to ensure connectivity and to designate the trusted root certificate servers whose certificates can be used
If Use My Smart Card or Use A Certificate On This Computer is chosen, the dialog box allows you to determine which will be used. When a certificate on the computer choice is made, the additional Use Simple Certificate Selection (Recommended) check box is provided. Choosing the simple certificate selec?tion allows Windows XP to determine the correct computer certificate to use by the certificate properties.
If PEAP is chosen, a further authentication method is chosen in the Select Authentication Method box (shown in Figure 12-13), either Secure Password (EAP-MSCHAPv2) or Smart Card Or Other Certificate. If EAP-MSCHAPv2 is selected, clicking the Configure button presents the opportunity to select Automatically Use My Windows Logon Name And Password (And Domain Name If Any). (See Figure 12-14.) Be sure to click OK to verify, and be sure to return to the dialog box shown in Figure 12-12 to continue exploring Free Network+ study guides the other selections described below.