On This PageIntroductionSecuring Wireless LANs with PEAP and Passwords is the second security solution guide for WLANs from Microsoft. The solution is designed to guide you though the complete life cycle of planning, deploying, testing, and managing a wireless security solution. It uses a flexible architecture that is adaptable for organizations ranging in size from less than 50 users to those with several thousand users. The solution is based on the Institute of Electrical and Electronic Engineers (IEEE) 802.1X authentication protocol, and was built and tested using Microsoft Windows XP clients, Microsoft Pocket PC 2003 clients, and computers running Microsoft Windows Server™ 2003. This solution guide is a companion to the first WLAN security solution from Microsoft, Securing Wireless LANs - a Windows Server 2003 Certificate Services Solution. Whereas the first solution was aimed at large organizations, this solution is simpler and is designed for small and medium–sized organizations to easily deploy it. Another key difference is that Securing Wireless LANs with PEAP and Passwords solution employs user names and passwords to authenticate users and computers to the WLAN, instead of digital certificates that were used in the first solution. Other distinguishing features of this solution are that it uses existing server hardware (rather than requiring new purchases), employs a simpler administration model, and uses scripts and predefined settings to automate many more configuration tasks than in the previous solution. This solution guide has two important characteristics that distinguish it from the Windows product documentation and many of the technical white papers available from Microsoft. First, it is solution-based rather than product-based guidance; the guide is focused on delivering a wireless LAN security infrastructure rather than describing product functionality details. The guide comprises an end–to–end solution that encompasses the complete life cycle of planning, building, testing, and managing the solution. Second, it is prescriptive guidance; the solution design choices were based on best practices and knowledge gained from WLAN deployments at Microsoft and its customers. The solution described in the guidance was also built and tested in Microsoft labs to ensure that it works as intended. Solution OverviewThis guidance is divided into four sections, each corresponding to a phase in the life cycle of the solution that includes planning, implementing, testing, and operating.  Figure 1.1 Overview of the solution for Securing Wireless LANs with PEAP and Passwords
See full-sized image The planning section consists of an introduction, "Choosing a Strategy for Wireless LAN Security”, and Chapter 2, "Planning a Wireless LAN Security Implementation.” The next four chapters make up the build and deploy section of the guide. These chapters provide instructions for implementing the Remote Authentication Dial–In User Service (RADIUS) servers using Windows Server 2003 Internet Authentication Service (IAS), and deploying the wireless clients and supporting infrastructure. Each chapter provides detailed procedures on installing and configuring the software components and then integrating them into a solution you can use for your organization. The chapters also include verification procedures to help minimizes errors. The testing section covers one chapter that explains how to verify that the solution is working correctly before you deploy it. Maintaining the solution is covered in one chapter this explains how to operate, monitor, change, and troubleshoot all the solution components. Finally, a set of tools and scripts accompany the guidance you can use to automate many of the implementation and operations tasks. Solution DocumentationIntroduction: Choosing a Strategy for Wireless LAN Security Chapter 1: Securing Wireless LANs with PEAP and Passwords Chapter 2: Planning a Wireless LAN Security Implementation Chapter 3: Preparing Your Environment Chapter 4: Building the Network Certification Authority Chapter 5: Building the Wireless LAN Security Infrastructure Chapter 6: Configuring the Wireless LAN Clients Chapter 7: Testing the Secure Wireless LAN Solution Chapter 8: Maintaining the Secure Wireless LAN Solution Appendix A: Using PEAP in the Enterprise Appendix B: Using WPA in the Solution Appendix C: Supported OS Versions Appendix D: Scripts and Support Files SupportMore information about support for the Microsoft products in this solution, including escalation paths, support offerings, resources, and support levels can be found at http://support.microsoft.com/. Downloads and ResourcesDownload the solution at http://go.microsoft.com/fwlink/?LinkId=23481. You may also find the following resources helpful: | • | For information about security at Microsoft, see the Security — Trustworthy Computing for IT page on Microsoft TechNet at http://www.microsoft.com/technet/security/Default.mspx | | • | For information about Microsoft Windows Server™ 2003 and Wi–Fi, see the Wi Fi page on the Windows Server System Web site at http://www.microsoft.com/wifi. | | • | For information about IEEE Wireless Standards, see at the IEEE Web site at http://standards.ieee.org/wireless/. | | • | For information about the Wi–Fi Alliance, see the Wi-Fi Alliance Web site at http://www.wi-fialliance.org/. |
Read other security solutions from the Microsoft Solutions for Security and Compliance (MSSC) team. Give Us Your FeedbackThe Microsoft Solutions for Security and Compliance (MSSC) team would appreciate your thoughts about this and other security solutions. Have an opinion? Let us know on the Security Solutions Blog for the IT Professional. Or e-mail your feedback to the following address: SecWish@microsoft.com. We respond often to feedback that is sent to this mailbox. We look forward to hearing from you. CreditsAuthor: Ian Hellen Program Management: Bruce Lobree, Karl Grunwald, Jeff Coon Test: Mehul Mediwala Contributing Author: Stirling Goetz Editing: Vidyatech Reviewers: Drew Baron, David Cross, Joseph Davies, Stirling Goetz, Mike Greer, Jesper Johansson, Carsten Kinder, Ashwin Palekar, Steve Riley (SBU), Ray Sun, Laudon Williams, Shain Wray
| 
