To provide better security for wireless LANs and in particular to improve the security of WEP, a number of existing technologies used on wired networks were adapted for this purpose, including:

• Remote Authentication and Dial-In User Service (RADIUS) Provides for centralized authentication and accounting.

• 802.1X Provides a method of port-based authentication to local area network (LAN) ports in a switched network environment.

These two services are used in combination with other security mechanisms, such as those provided by the Extensible Authentication Protocol (EAP), to further enhance the protection of wireless networks. Like MAC filtering, 802.1X is implemented at Layer 2 of the Open System Interconnection (OSI) model: It will prevent communication on the network using higher layers of the OSI model if authentication fails at the MAC layer. However, unlike MAC filtering, 802.1X is very secure, since it relies on mechanisms that are much harder to compromise than MAC address filters, which can be easily compromised through spoofed MAC addresses.

Although a number of vendors implement their own RADIUS servers, security mechanisms, and protocols for securing networks through 802.1X, such as Cisco s LEAP and Funk Software s EAP-TTLS, this section focuses on implementing 802.1X on a Microsoft network using Internet Authentication Services (IAS) and Microsoft s Certificate Services. Keep in mind, however, that wireless security standards are a moving target, and standards other than those discussed here, such as the PEAP, are being developed and might be available by the time this book is...