Download the Complete Solution
Securing Wireless LANs with Certificate Services
Many organizations have tried to use wireless LANs (WLANs), but they often shy away from large deployments or ban them altogether. Despite the many productivity and technology benefits that WLANs offer, insufficient security has prevented a number of organizations from deploying them. Other organizations have implemented 802.11 WLANs using either the limited built-in security features or no security at all.
This guidance was updated to improve usability and provide more detailed information about the pros and cons of different wireless security approaches. It provides a Planning Guide for organizations that are considering implementing a wireless infrastructure and a Build Guide that provides implementation details. An Operations Guide that provides details on maintaining a secure wireless environment is also included, and a Test Guide provides the testing strategy that was used to verify the documentation content. The Test Guide also provides guidance to users about how to validate their implementation.
Like the Securing Wireless LANs with PEAP and Passwords guidance that was released earlier this year, this guidance addresses vulnerabilities in today’s wireless networks and is for organizations that want to deploy WLAN technology with a high degree of confidence in its security. However, this guidance is intended for organizations from several hundred to many thousands of wireless network users. It is based on the WLAN deployment at Microsoft.
This guidance provides information for IT Professionals about how to design, implement, and operate a wireless security infrastructure built with 802.1X and WLAN encryption, RADIUS, and a public key infrastructure (PKI). For business planners and IT architects, the guidance presents a discussion of wireless networking vulnerabilities and an assessment of the different security options that are available. The guidance also provides a detailed design of an overall solution and its various components. For IT implementers and operations managers, the guide offers detailed instructions and companion scripts to successfully deploy and manage a wireless security infrastructure.
Figure 1: Overview of Securing Wireless LANs with Certificate Services
Solution Content
Securing Wireless LANs with Certificate Services is organized into a series of guides — Planning, Build, Operations, and Test — for each of the different life-cycle phases of implementing a WLAN security solution. (A delivery guide outline also is included in an appendix.) A set of tools accompanies the documentation, including sample project and risk plans; scripts and configuration files for automating implementation and operations tasks; and a detailed set of test cases that you can use to verify the functionality of the solution as you build it in your own environment.
Planning Guide
The Planning Guide provides the following information for IT architects:
| |
| |
|
In addition, the design chapters include extended discussions of technical topics and other background information to help you customize the design if required.
Build Guide
The Build Guide provides IT implementers with step-by-step instructions for implementing all of the components of the solution: a PKI based on Microsoft® Windows Server™ 2003 Certificate Services, a RADIUS infrastructure based on Microsoft Internet Authentication Service (IAS), and information about how to configure wireless access points (AP) and clients. Each chapter contains detailed procedures for installing and securing the operating system, configuring software components, and then integrating them into the solution. All major steps are linked to verification procedures to help minimize errors.
Operations Guide
The Operations Guide outlines procedures for the long-term maintenance of the solution components. Based on Microsoft Solutions for Management (MSM), this guide provides a comprehensive set of tasks and instructions for operating, monitoring, changing, and supporting the Certificate Services and IAS components. Information is included about setup tasks to implement the management system and daily and weekly operations tasks. Health-checking and monitoring scripts, backup and recovery procedures, and troubleshooting techniques and tools are also provided.
Test Guide
The Test Guide explains the overall test strategy that Microsoft used to validate this solution and describes the primary test cases that you can use to validate the solution in your own labs. The complete set of test cases for the guidance is included with the solution.
Download
This solution and its associated tools and templates are available for download on the Microsoft Download Center.
Support
For more information about support for the Microsoft Windows Server 2003 components in this solution (including escalation paths, support offerings, resources, and support levels), see the Welcome to Microsoft Help and Support Web page on Microsoft.com at http://support.microsoft.com/.
Other Resources
Other resources that you may find helpful include:
| |
| |
| |
| |
|
Credits
Release Manager: Flicka Crandell
Authors: Ian Hellen and Stirling Goetz
Contributors: Carsten Kinder and Andrew Hawkins
Test Team: Mehul Mediwala and Jon Stone
Editors: Wendy Cleary, John Cobb, and Steve Wacker
Program Managers: Jeff Coon, Karl Grunwald, and Bomani Siwatu
Release Manager: Flicka Crandell