Manuals

Manuals
Configure Advanced Network Security Settings in Windows XP: Intel(R) PROSet/Wireless User Guide


Back to Contents

Configure Advanced Network Security Settings in Microsoft(R) Windows XP: Intel(R) PRO/Wireless Network Connection User's Guide

Intel(R) PRO/Wireless 3945ABG Network Connection
Intel(R) PRO/Wireless 2915ABG Network Connection
Intel(R) PRO/Wireless 2200BG Network Connection

Configure an Ad Hoc Network with No Security
Configure an Ad Hoc Network with WEP Security
Configure a WPA-PSK Client with AES or TKIP Encryption
Configure a WPA-PSK Client with AES or TKIP Encryption and TLS or TTLS Authentication
Configure a WPA Client with AES or TKIP Encryption and PEAP Authentication
Configure a Client for TLS/TTLS Authentication

If you use Microsoft Windows 2000, click Configure Advanced Network Security Settings in Microsoft Windows 2000 for instructions about how to configure advanced security settings for your wireless adapter.

For general information about security settings, refer to Security Overview.

This section contains instructions about how to configure advanced security settings for your wireless adapter.This requires information about advanced security settings on your access point (for home users) or from a system administrator (corporate environment). Refer to Make a Basic Network Connection in Microsoft Windows XP for basic setup instructions.

NOTE: If you cannot view your network in Available Networks list, it may be because your network does not broadcast or is in silent mode. Click Add and enter the name of the SSID of the network you are trying to associate with to add it to the list of Preferred Networks. For further configuration, select the added network and click Configure to edit security settings. Refer to the Troubleshooting section for further instructions on how to configure networks with silent SSIDs.
NOTE: If you are using Microsoft Windows XP (Service Pack 1), some of the windows shown in the following examples may appear different from those on your screen.
NOTE: To switch from Category View to Classic view, click Start > Control Panel and on the navigation bar click Switch to Classic View.

Configure an Ad Hoc Network with No Security

In peer-to-peer (ad hoc) mode, you can send and receive information to other computers without using an AP. Each computer in a peer-to-peer network is called a peer. To create an ad hoc network requires more than one computer with a wireless adapter. All systems on the ad hoc network must be configured identically. You can use peer-to-peer mode to network computers in a home or small office, or to set up a temporary wireless network for a meeting.

To configure an ad hoc network connection with no security:

  1. Click Start > Control Panel.
  2. Double-click Network Connections.
  3. Right-click Wireless Network Connection.
  4. Click Properties.
  5. Select the Wireless Networks tab on the Wireless Network Connection Properties.
  6. Verify that Use Windows to configure my wireless network settings is selected. If it is not, select it. The correct setting is shown in the following illustration:

  1. Click Add. The Wireless Network Connection Properties window opens.
NOTE: The names of wireless networks that your computer can see are listed under View Wireless Networks.
  1. Network name (SSID): Enter the name of the network that you want to add.
  2. Network Authentication: Select Open (default setting).
  3. Data encryption: Select Disabled.
  4. Select This is a computer-to-computer (ad hoc) network; wireless access points are not used. These settings display in the following illustration:

;

  1. Click OK. You are returned to the Wireless Network tab. The new network name appears in the Preferred networks list.
NOTE: Internet connection and firewall settings under Microsoft Windows XP (Service Pack 2) may affect the ability of your network configuration. For information about connection status, refer to View the Status of your Wireless Network Connection.
  1. Click OK to close the Wireless Network Connection Properties

Ad Hoc connection options

Name

Description

Network Authentication

Open: No authentication used. Open authentication allows a wireless device access to the network without 802.11 authentication. The access point allows any request for authentication. If no encryption is enabled on the network, any wireless device with the correct network name (SSID) can associate with the access point and gain access to the network.

Shared: Shared authentication is accomplished with a pre-configured WEP key. Use this mode for 802.11 authentication. This mode can work with the following data encryption options: None, WEP (64-bit or 128-bit).

WPA-None: No authentication is used on a Wi-Fi Protected Access (WPA) client. This works with TKIP and AES data encryption in an ad hoc connection.

Data Encryption

Disabled: No data encryption is used.

WEP: WEP data encryption can be configured with 64-bit or 128-bit. WEP settings can be used with all Network Authentication protocols.

When WEP encryption is enabled on an access point, the WEP key provides a way to verify access to the network. If the wireless device does not have the correct WEP key, even though authentication is successful, the device is unable to transmit data through the access point or decrypt data received from the access point.

AES:Advanced Encryption Standard (AES). An additional replacement for WEP encryption.

TKIP: To improve data encryption, Wi-Fi Protected Access utilizes its Temporal Key Integrity Protocol ( TKIP). TKIP provides important data encryption enhancements including a rekeying method.

Encryption Level

64-bit or 128-bit: Select 64-bit or 128-bit encryption.

Key Index

1,2,3,4: Select up to four passwords by changing the Key Index.

Wireless Security Password (WEP Key)

Type the wireless network password (WEP Key). The password is the same value used by the wireless access point or router. Contact your wireless network administrator for this password.

Configure an Ad Hoc Network with WEP Security

One configuration option for your ad hoc network is to set it up with no security (data encryption disabled). However, this allows anyone to access your wireless network. Another option is to use WEP encryption. Use WEP encryption to provide some level of security for your wireless network.

To configure your ad hoc network with WEP security:

  1. Click Start > Settings > Control Panel .
  2. Double-click Network Connections.
  3. Right-click Wireless Network Connection.
  4. Click Properties. The Wireless Network Connection Properties window opens.
  5. Wireless Network Connection Properties: Click the Wireless Networks tab.

  1. From the list of Preferred Networks, select the network and click Properties. The Network properties window opens.

    2. NOTE: Verify that This is a computer-to-computer (ad hoc) network; wireless access points are not used is selected on this window

  2. Network Authentication: Select Open.

NOTE: Earlier versions of Microsoft Windows XP software may not contain these menus. If you use one of these earlier versions, click Data encryption (WEP enabled) and continue with the next step.

  1. Data Encryption: Select WEP.
NOTE: If the wireless network does not require a network key (password), skip to step 10.
  1. If you need to provide a network key, clear The key is provided for me automatically.
  2. Network key: Enter the WEP network key. Your network key must exactly match the password (network key) used by other computers in the ad hoc network.
  3. Confirm network key: Reenter the key.
  4. To save your settings, click OK.
  5. To close the Wireless Network Connection Properties, click OK.

Your network configuration is now complete.For more information about the status of your connection, refer to View the Status of your Wireless Network Connection.

Ad hoc network connection with no network authentication (Open) with WEP data encryption

Name

Description

Network Authentication

Open: No authentication used. Open authentication allows a wireless device access to the network without 802.11 authentication. The access point allows any request for authentication. If no encryption is enabled on the network, any wireless device with the correct network name (SSID) can associate with the access point and gain access to the network.

Data Encryption

WEP: WEP can be configured with either 64-bit or 128-bit data encryption. WEP settings can be used with all network authentication protocols.

When WEP encryption is enabled on an access point, the WEP key is used to verify access to the network. If the wireless device does not have the correct WEP key, even though authentication is successful, the device is unable to transmit data through the access point or decrypt data received from the access point.

Encryption Level 64-bit or 128-bit: Select 64-bit or 128-bit encryption.

Key Index

1,2,3,4: Select up to four passwords by changing the Key Index.

Wireless Security Password (WEP Key)

Enter the wireless network password (WEP Key). The password is the same value used by the wireless access point or router. Contact your wireless administrator for this password.

Configure a WPA-PSK Client with AES or TKIP Encryption

This security level is available for Infrastructure networks.

To configure a WPA-PSK client:

  1. Click Start > Settings > Control Panel.
  2. Double-click Network Connections.
  3. Right-click Wireless Network Connection.
  4. Click Properties.
  5. On the Wireless Network Connection Properties, select the Wireless Networks tab.
  6. Verify that Use Windows to configure my wireless network settings is selected. If it is not, select it.
  7. From the Preferred Networks list, select the network and click Properties.
NOTE: If the wireless network access point is in silent mode (blank network name SSID) the network name is not displayed.You must first add the network name (SSID), then it appears in the list of available networks.
  1. Network Authentication: Select WPA-PSK (Wi-Fi Protected Access Pre-shared Key).
NOTE: Earlier versions of Microsoft Windows XP did not support WPA and WPA-PSK encryption modes. If you cannot view these options in the menu, please update Microsoft Windows XP to the latest service pack. If WPA is required, the Microsoft WPA supplicant must also be installed.
  1. Data Encryption: Select AES or TKIP. These settings are shown in the following illustration:

  1. Network Key: Enter the network key. The network key must be a pass phrase from 8 to 63 characters long or a hexadecimal key (0-9, A-F) exactly 64 characters long.
  2. Confirm Network Key: Reenter the Network Key.
NOTE: Refer to your access point or router settings (for home users) or, contact your system administrator for the data encryption type and network key (enterprise users).
  1. Click OK to save your settings.
  2. Click OK to close the Wireless Network Connection Properties window .

For more information about connection status, refer to View the Status of your Wireless Network Connection.

Configure a WPA Client with AES or TKIP Encryption and TLS or TTLS Authentication

Transport Layer Security (TLS) and Tunneled Transport Layer Security (TTLS) settings define the protocol and the credentials used to authenticate a user. TLS is a type of authentication method using Extensible Authentication Protocol (EAP) and a security protocol called Transport Layer Security. EAP-TLS uses certificates that require passwords. EAP-TLS authentication supports dynamic WEP key management. The TLS protocol is intended to secure and authenticate communications across a public network through data encryption. The TLS Handshake Protocol allows the server and client to provide mutual authentication and to negotiate an encryption algorithm and cryptographic keys before data is transmitted. In TTLS, the client uses EAP-TLS to validate the server and create a TLS-encrypted channel between the client and server. The client can use another authentication protocol, typically password-based protocols, for example, MD5 Challenge, over this encrypted channel to enable server validation. The challenge and response packets are sent over a non-exposed TLS encrypted channel. TTLS implementations today support all methods defined by EAP, as well as several older methods (PAP, CHAP, MS-CHAP and MS-CHAPv2). TTLS can easily be extended to work with new protocols by defining new attributes to support new protocols.

To configure this infrastructure network:

  1. Click Start > Settings > Control Panel.
  2. Double-click Network Connections.
  3. Right-click Wireless Network Connection Properties.
  4. Click Properties.
  5. When the Wireless Network Properties window opens, click Wireless Networks.
  6. Verify that Use Windows to configure my wireless network settings is selected. If it is not, select it.
  7. From the Preferred Networks list, select a network.
  8. Click Properties. The network properties window opens.
  9. For Network Authentication, select WPA (Wi-Fi Protected Access).
NOTE: Earlier versions of Microsoft Windows XP did not support WPA and WPA-PSK encryption modes. If you cannot view these options, please update Microsoft Windows XP to the latest service pack.
  1. Data Encryption: Select AES or TKIP. If you are not sure which data encryption type to use, contact your network administrator.
  2. Click the Authentication tab.
  3. Select Smart Card or other certificate for EAP Type, as shown in the following illustration:

  1. Click Properties
  2. Select Use a certificate on this computer.

  1. Select the appropriate certificate(s) from the Trusted Root Certification Authorities. Contact your network administrator if you cannot find the appropriate certificate or do not know which one to use.
  2. To close the Smart Card or other Certificate Properties window, click OK.
  3. To close the Wireless network properties, click OK.

To verify that your network connection has been made, refer to View the Status of your Wireless Network Connection.

For information about how to obtain a client certificate for TLS or TTLS authentication, contact your network administrator or, refer to Set up a client for TLS or TTLS authentication.

Configure a WPA Client with AES or TKIP Encryption and PEAP Authentication

Protected Extensible Authentication Protocol (PEAP) is an Internet Engineering Task Force (IETF) draft protocol sponsored by Microsoft, Cisco, and RSA Security. PEAP is designed to take advantage of server-side Extensible Authentication Protocol (EAP)-Transport Layer Security (TLS) and to support various authentication methods, including user passwords, one-time passwords, and Generic Token Cards (GTC).

To configure this infrastructure network with PEAP authentication:

  1. Click Start > Settings > Control Panel.
  2. Double-click Network Connections.
  3. Right-click Wireless Network Connection.
  4. Click Properties.
  5. On the Wireless Network Connection Properties, select Wireless Networks.
  6. Verify that Use Windows to configure my wireless network settings is selected. If it is not, select it.
  7. From the Preferred Networks list, select a network.
  8. Click Properties. The network properties window opens.
  9. Network Authentication: Select WPA.
  10. Data encryption: Select AES or TKIP.

NOTE: Earlier versions of Microsoft Windows XP did not support WPA and WPA-PSK encryption modes. If you cannot view these options in the menu, please update Microsoft Windows XP to the latest service pack.
  1. Click Authentication.
  2. EAP type: Select Protected EAP (PEAP).

  1. Click Properties. The Protected EAP Properties window opens.
  2. Select Validate server certificate.
  3. Select the appropriate Trusted Root Certification Authority from the list.
  4. For the authentication method, select Secured password (EAP-MSCHAP v2).

  1. Click Configure. The following properties window opens:

  1. Verify that Automatically use my Windows logon name and password is selected.
  2. To return to the previous window, click OK.
  3. Click OK to save your settings on the Protected Access Point Properties window.
  4. Click OK to save your settings on the Authentication tab.
  5. Click OK to close the Wireless Network Connection Properties window .
To verify that your network connection has been made, refer to View the Status of your Wireless Network Connection.

For more information about PEAP authentication, refer to Security Overview.

Configure a Client for TLS or TTLS Authentication

The information in this section is intended for enterprise system administrators. For enterprise customers, contact your system administrator to obtain a client certificate for TLS or TTLS authentication. While obtaining a certificate for TLS or TTLS authentication, ensure strong private key protection is disabled. This is required for 802.1x authentication. EAP-TLS and EAP-TTLS authentication require client certificates in the local repository for the logged in users account and a trusted CA certificate in the root store. Certificates can be obtained from a corporate certificate authority located on a Microsoft Windows 2000 Server or using Internet Explorer’s certificate import wizard.

Obtain a certificate from Windows 2000 Server

  1. Launch Internet Explorer and browse to the Certificate Authority (CA) HTTP Service.
  2. Logon to the CA Authority with the user name and password of the user account created on the authentication server. This user name and password are not necessarily the same as your Windows user name and password.
  3. On the Welcome page, select request a certificate task.
  4. Submit the form.
  5. Choose request: Select Advanced request.
  6. Click Next.
  7. Advanced Request: Use a form to select Submit a certificate request to this CA.
  8. Click Next.
  9. Advanced Requests: Choose the user certificate template.
  10. Select Mark keys as exportable.
  11. Click Next.
  12. Certificate Issued: Select Install this certificate. If this is the first certificate you have installed, you are prompted to install a trusted CA certificate in the root store. Click Yes because you need this certificate for TLS and TTLS authentication.
  13. If your certificate was correctly installed, you see the message: Your new certificate has been successfully installed.
  14. To verify the installation, click Tools > Internet Options > Content > Certificates. The new certificate is installed in the personal folder.

Obtain a certificate from a file

  1. Right-click the Internet Explorer icon on the desktop.
  2. Select Properties.
  3. Select the Content tab
  4. Click Certificates. A list of installed certificates display.
  5. Click Import under the list of certificates. This starts the Certification Import Wizard.
  6. Select the certificate file.
  7. Click the password page.
  8. Enter the password for the file. Verify strong private key protection option is not selected.
  9. Certification Store: Select automatically select certificate store based on the type of certificate.
  10. Proceed to complete the certificate import and click Finish.

Back to Top

Back to Contents

Shop
Solutions
Services
Systems
Software & Peripherals
Support
Home Users
Small Businesses
Enterprise IT
Community
Join the Discussion
Share Your Ideas
Read our Blog
Ratings & Reviews
Community Home
Company Information
About Dell
Corporate Responsibility
Careers
Investors
Newsroom
My Account
Sign-in / Register
Order Status

Laptops | Desktops | Business Laptops | Business Desktops | Workstations | Servers | Storage | Services | Monitors | Printers | LCD TVs | Electronics
© 2012 Dell | About Dell | Terms & Conditions | Unresolved Issues | Privacy Statement | Ads and Emails | Dell Recycling | Contact | Site Map | Feedback
AT | AU | BE | BR | CA | CH | CL | CN | CO | DE | DK | ES | FR | HK | IE | IN | IT | JP | KR | ME | MX | MY | NL | NO | PA | PR | RU | SE | SG | UK | VE | ALL

Large Text
snEB14