Wireless Security for Windows XP Professional
Lehigh is in the process of
implementing a secure wireless networking environment wherein everyone will be
required to log in to obtain access to wireless resources. For connectivity
throughout the campus during the transition to this secure environment, it will
be necessary to set up two wireless
connections for each device - one using the original non-secure settings
(with a Service Set Identifier [SSID] of lehigh) and the other with the
secure settings (with an SSID of lu). Upon completion of this transition, only devices which
conform to the IEEE 802.1x protocol utilizing PEAP (Protected Extensible
Authentication Protocol) will have access to wireless networking.
This document explains:
- Configuring a Secure lu Wireless Connection
- Establishing a Secure Connection
- Changing/Disassociating a Wireless Password (must be done whenever a password changes)
The initial configuration of a secure connection only needs to be done once for any given device. The first time the computer comes in contact with the secure wireless network, it will prompt you for your user name and password which, within Windows XP Professional, it will remember as an encrypted entrée in the registry; establishing future connections to the secure network will occur automatically utilizing this registry key. To change your password, or to disassociate your password with a given computer so that someone else may use it, the registry key must be removed as described in the last section of this document. Once the registry key has been removed, whoever is using that system will be prompted to enter his or her username and password the next time the system comes in contact with the secure wireless network.
Configuring a Secure lu Wireless Connection
1. From the Start button, select the Control Panel
- Click on Network and Internet Connections
- Click on Network Connections
- Right-click on the name of your wireless connection (e.g., Wireless Network Connection) and select Properties
2. From the Wireless Network Connection Properties window
- Click on the Advanced tab; if necessary, check the Internet Connection Firewall box.
- Click
on the Wireless Networks tab
- Click
on the Add button under Preferred
networks
- From the Wireless network properties window, Association tab
- For the Network name (SSID), enter lu
- From the Data encryption dropdown, select WEP
- Select
the Authentication tab
- Check the box to Enable IEEE 802.1x authentication for this network
- From the EAP type: dropdown, select Protected EAP (PEAP)
- Uncheck the box for Authenticate as computer…
- Uncheck the box for Authenticate as guest…
- Click
on Properties
- On the Protected EAP Properties window
- Uncheck the Validate server certificate box
- Under Select Authentication Method: pick Secured password (EAP-MSCHAP v2)
- Click
on Configure; uncheck the box for Automatically use my Windows logon...
and click OK
- Click on OK
- Click on OK for the Wireless Network Properties window
- Click on OK for the Wireless Network Connection Properties window
Establishing a Secure
Connection
1. When connecting, the first attempt after configuring will take about a minute and result in a balloon from the wireless network icon stating One or more wireless networks are available...; click on Connect
2. Click the icon when the balloon states Click here to select a certificate...
3. When prompted to Enter
Credentials, enter
your username and password; leave Logon Domain blank.
Changing/Disassociating
a Wireless Password
(Note that this must be done whenever your password is changed.)
A program is currently being developed to automate the following process; in the interim, these steps can be done manually.
1. To run the Registry Editor, click on the Start button, click on Run..., and enter regedit into the Open: field.
2. Expand HKEY_CURRENT_USER by clicking on the + beside it.
3. Expand the Software key by clicking on the + beside it.
4. Expand the Microsoft key by clicking on the + beside it.
5. Expand the EAPOL key by clicking on the + beside it.
6. Expand the UserEapInfo key by clicking on the + beside it.
7. Click on the final key to select it and hit the Delete key.
8. Exit the Registry Editor by clicking on File and then on Exit.