Hello, my name Avril Salter and what we’re going to do today is take a look at how you set up your WI FI security settings on your Windows 7 client.
I am going to select this Network Icon at the bottom of my screen and you can see that I can hear Avril’s Network, but I am currently not connected. I am going to right click this and select Properties and this will bring up my Security Tab. Now, if I take a look at the Security types that are available I can have No Authentication, and what that means is that I am going to use the older WEP standard and this is not recommended because it’s not secure. But, one of the things that you have to bear in mind when your setting up your security systems on the client is they have to match with the security settings on your access point so if you have an older access point that only supports WEP then you would need to select this option on your client.
Now, the other options you have is WPA-Personal and WPA-Enterprise and you’ll see here there is a WPA-Personal and a WPA2-Personal and the difference between those is that WPA2 is a later release and again look on your access point. If you can support WPA2 this would be recommended if you are at home or small business. Now, your options are, and you have to set up your security key and let’s set this up as I love my WIFI network. You also have two options on the encryption side you can use TKIP or AES. AES is a stronger encryption than TKIP so this one would be recommended if your access point supports it.
Now, the Advanced Settings is just, you’d want to select that if you are working with the US Federal Government and needed to be FIPS compliant. Now, let’s take a look at our last one, which is WPA2-Enterprise and again you’d want to use this one if you were a large enterprise. One of the things that is does is it allows you to set up PEAP. PEAP is the ability to set up a secure tunnel before you go ahead and do your authentication. So, let’s go ahead and take a look at the settings.
So here you’d want to select Validate Server Certificate. If you were wanting to interconnect with your own RADIUS server on your wired network, then you would select this one and type in the name of the RADIUS server that you have in your network. If you were wanting to use a Trusted Root Certificate Authority then you would come down here and actually select the Certificate Authority that was issuing your server certificate. So let’s come down here and perhaps select VeriSign as our preferred Certificate Authority. Selecting this option, Do not prompt user to authorize new servers or trusted certification authorities, this one would improve security and perhaps give you a better user experience because the user would experience less pop-ups to validate different certificates if they are connecting to different web sites.
Down here you can configure your secure Password. Here there is an option to set up MSCHAP or to set up a Smart Card or other options for connecting. Down here you have some options to enable a fast reconnect if you are roaming between access points. There’s also additional options here including health checks through the network, network access protection, or to ensure you got crypto binding between the EAP mechanism and the secure tunnel that you’re setting up with PEAP. And also what you can do is if you want to hide your identity before you actually verified that you are connecting to the right network, you can type in an identity that will be used in the interim messaging just here.
The other thing I want to show you is this the Advanced Settings, so when your setting up WPA-Enterprise or WPA2-Enterprise they’re designed to be used in conjunction with 802.1X and so here you want to be able to select your Authentication Mode. Typically we would recommend that you select User or Computer authentication but there are other options you might want to use and by selecting this option you can actually allow a single sign on for the user. Which it can improve the user experience, however, a lot of enterprises like to use a different password for connecting to the network than is used for signing on to the Windows 7 client.
The other tab here is 802.11 settings and here you can see I have some options for fast roaming. Now, I have the option to use Pairwise Master Key Caching and this is where I cache the results of my 802 .1X authentication so that when I am roaming around I can quickly move back to access points that I was already authenticated with. Here I am going to leave them as my default settings and I can also select here the option that the network uses pre-authentication so this is when the client performs an 802.1X authentication with other access points that it anticipates it will roam to in the future. And so it is authenticating ahead of time in the assumption that it will move to it. The last thing here, of course, is the FIPS compliance should I want to do that. Thank you for listening I hope you found this useful.