show toc
OverviewPublished: November 10, 2004 | Updated: November 24, 2004 Securing Wireless LANs with Certificate ServicesSecuring Wireless LANs withCertificate Services is a prescriptive guide that addresses vulnerabilities in today’s wireless networks. Many organizations have tried to use wireless LANs (WLANs), but they often shy away from large deployments or ban them altogether. Despite the many productivity and technology benefits that WLANs offer, insufficient security has prevented a number of organizations from deploying them. Other organizations have implemented 802.11 WLANs using either the limited built-in security features or no security at all. This guidance was updated to improve usability and provide more detailed information about the pros and cons of different wireless security approaches. It provides a Planning Guide for organizations that are considering implementing a wireless infrastructure and a Build Guide that provides implementation details. An Operations Guide that provides details on maintaining a secure wireless environment is also included, and a Test Guide provides the testing strategy that was used to verify the documentation content. The Test Guide also provides guidance to users about how to validate their implementation. Like the Securing Wireless LANs with PEAP and Passwords guidance that was released earlier this year, this guidance addresses vulnerabilities in today’s wireless networks and is for organizations that want to deploy WLAN technology with a high degree of confidence in its security. However, this guidance is intended for organizations from several hundred to many thousands of wireless network users. It is based on the WLAN deployment at Microsoft. This guidance provides information for IT Professionals about how to design, implement, and operate a wireless security infrastructure built with 802.1X and WLAN encryption, RADIUS, and a public key infrastructure (PKI). For business planners and IT architects, the guidance presents a discussion of wireless networking vulnerabilities and an assessment of the different security options that are available. The guidance also provides a detailed design of an overall solution and its various components. For IT implementers and operations managers, the guide offers detailed instructions and companion scripts to successfully deploy and manage a wireless security infrastructure. Solution ContentSecuring Wireless LANswith Certificate Services is organized into a series of guides — Planning, Build, Operations, and Test — for each of the different life-cycle phases of implementing a WLAN security solution. (A delivery guide outline also is included in an appendix.) A set of tools accompanies the documentation, including sample project and risk plans; scripts and configuration files for automating implementation and operations tasks; and a detailed set of test cases that you can use to verify the functionality of the solution as you build it in your own environment. Planning GuideThe Planning Guide provides the following information for IT architects:
In addition, the design chapters include extended discussions of technical topics and other background information to help you customize the design if required. Build GuideThe Build Guide provides IT implementers with step-by-step instructions for implementing all of the components of the solution: a PKI based on Microsoft Windows Server™ 2003 Certificate Services, a RADIUS infrastructure based on Microsoft Internet Authentication Service (IAS), and information about how to configure wireless access points (AP) and clients. Each chapter contains detailed procedures for installing and securing the operating system, configuring software components, and then integrating them into the solution. All major steps are linked to verification procedures to help minimize errors. Operations GuideThe Operations Guide outlines procedures for the long-term maintenance of the solution components. Based on Microsoft Solutions for Management (MSM), this guide provides a comprehensive set of tasks and instructions for operating, monitoring, changing, and supporting the Certificate Services and IAS components. Information is included about setup tasks to implement the management system and daily and weekly operations tasks. Health-checking and monitoring scripts, backup and recovery procedures, and troubleshooting techniques and tools are also provided. Test GuideThe Test Guide explains the overall test strategy that Microsoft used to validate this solution and describes the primary test cases that you can use to validate the solution in your own labs. The complete set of test cases for the guidance is included with the solution. DownloadThis solution and its associated tools and templates are available for download on the Microsoft Download Center. SupportFor more information about support for the Microsoft Windows Server 2003 components in this solution (including escalation paths, support offerings, resources, and support levels), see the Welcome to Microsoft Help and Support Web page on Microsoft.com at http://support.microsoft.com/. Other ResourcesOther resources that you may find helpful include:
Read other security solutions from the Microsoft Solutions for Security and Compliance (MSSC) team. Give Us Your FeedbackThe Microsoft Solutions for Security and Compliance (MSSC) team would appreciate your thoughts about this and other security solutions. Have an opinion? Let us know on the Security Solutions Blog for the IT Professional. Or e-mail your feedback to the following address: SecWish@microsoft.com. We respond often to feedback that is sent to this mailbox. We look forward to hearing from you. CreditsAuthors: Ian Hellen and Stirling Goetz Contributors: Carsten Kinder and Andrew Hawkins Test Team: Mehul Mediwala and Jon Stone Editors: Wendy Cleary, John Cobb, and Steve Wacker Program Managers: Jeff Coon, Karl Grunwald, and Bomani Siwatu Release Manager: Flicka Crandell |
