{"id":882,"date":"2012-10-10T17:20:09","date_gmt":"2012-10-10T17:20:09","guid":{"rendered":"http:\/\/microsoftgeek.com\/?p=882"},"modified":"2012-10-10T17:20:09","modified_gmt":"2012-10-10T17:20:09","slug":"securing-wireless-network-traffic-part-8","status":"publish","type":"post","link":"https:\/\/microsoftgeek.com\/?p=882","title":{"rendered":"Securing Wireless Network Traffic (Part 8)"},"content":{"rendered":"<h2>Configuring the Network Policy Server<\/h2>\n<p>The first step in the  configuration process is to make the Network Policy Server aware of your  wireless access point. To do so, make sure that the NPS (Local)  container is still selected and then choose the RADIUS Server for 802.1x  Wireless or Wired Connections option from the drop down menu, as shown  in Figure A.<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/www.windowsnetworking.com\/img\/upl\/image0021307043056539.jpg\" border=\"0\" alt=\"\" hspace=\"0\" align=\"bottom\" \/><br \/>\n<strong>Figure A: <\/strong>Choose the RADIUS Server for 802.1x Wireless or Wired Connections option from the drop down menu.<\/p>\n<p>Now, click the Configure 802.1x button. The following screen will ask  you to provide the type of 802.1x connections that you want to use.  Select the Secure Wireless Connections option and then provide a name  for the policies that will be created, as shown in Figure B.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.windowsnetworking.com\/img\/upl\/image0031307043072289.jpg\" alt=\"\" width=\"561\" height=\"557\" \/><br \/>\n<strong>Figure B: <\/strong>Provide a name for the policies that you are creating.<\/p>\n<p>Click Next, and the wizard will ask you to provide a list of RADIUS  clients. In this case the RADIUS client is going to be your wireless  access point. Therefore, click the Add button and then provide a  friendly name and the IP address of your access point, as shown in  Figure C.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.windowsnetworking.com\/img\/upl\/image0041307043108132.jpg\" alt=\"\" width=\"457\" height=\"554\" \/><br \/>\n<strong>Figure C: <\/strong>Provide a friendly name for your wireless access point.<\/p>\n<p>Now, enter your wireless access point\u2019s IP address (or DNS name) into  the space provided and click the Verify button. If you enter an IP  address you will see a dialog box asking you to verify the address. To  verify the address simply double check to make sure that you have typed  the address correctly and then click the Resolve button. When the IP  address is resolved, select the address from the list of addresses in  the lower portion of the dialog box and click OK.<\/p>\n<p>Now, you must provide Windows with a shared secret for your access  point. If your access point is already configured with a shared secret  you should choose the Manual option as shown in the figure above and  then enter and confirm your shared secret. Otherwise, you can choose to  have Windows to automatically generate a shared secret for you.<\/p>\n<p>If Windows generates the shared secret then you will need to enter  the shared secret into the wireless access point. The easiest way to do  this is to copy and paste the shared secret from Windows directly into  the access point\u2019s Web interface. As I mentioned at the end of the  previous article however, Windows can sometimes generate a shared secret  that exceeds the maximum length that is supported by an access point.  Therefore, it is critical that you verify the maximum shared secret  length that is supported by your access point and make any necessary  adjustments. Regardless of whether you enter a shared secret manually or  have Windows to generate a shared secret for you, it is important to  remember that shared secrets are case sensitive.<\/p>\n<p>Click OK and you should see your access point\u2019s friendly name added  to the list of RADIUS clients. Click Next, and Windows will prompt you  to specify the EAP type for the policy that you are creating. Choose the  Microsoft Protected EAP (PEAP) option from the list, as shown in Figure  D.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.windowsnetworking.com\/img\/upl\/image0051307043138507.jpg\" alt=\"\" width=\"560\" height=\"556\" \/><br \/>\n<strong>Figure D: <\/strong>Configure the policy to use Microsoft Protected EAP (PEAP).<\/p>\n<p>Now, click the Configure button that is shown in the figure above. If  you receive an error message then make sure that you have performed the  certificate enrollment correctly. Certificate enrollment was covered in  the previous article.<\/p>\n<p>You should now see the Edit Protected EAP Properties dialog box,  which is shown in Figure E. Take a moment to make sure that the  Certificate Issued drop down list is displaying the correct certificate.  You should also make sure that Enable Fast Reconnect is enabled and  that the EAP Types list only contains Secured Password (EAP-MSCHAP V2).<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.windowsnetworking.com\/img\/upl\/image0061307043138507.jpg\" alt=\"\" width=\"436\" height=\"384\" \/><br \/>\n<strong>Figure E: <\/strong>Make sure that the correct certificate is being used.<\/p>\n<p>Click OK, followed by Next. You will now see a screen asking you to  select the groups that you want to associate with this policy. Although  the dialog box text is a bit vague, it is essentially asking who you  want to allow to access the network through the wireless connection. You  will need to specify both the users and the computers to whom you want  to provide access. You can create specialized groups if you like, or if  you prefer to open the connection up to all Active Directory members you  can use the Domain Users group and the Domain Computers group as shown  in Figure F.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.windowsnetworking.com\/img\/upl\/image0071307043165195.jpg\" alt=\"\" width=\"560\" height=\"556\" \/><br \/>\n<strong>Figure F: <\/strong>Specify the groups that should be allowed to use the wireless connection.<\/p>\n<p>The next screen asks you if your wireless access point uses traffic  controls. If you want to configure traffic controls then you can do so  by clicking the Configure button. Otherwise, just click Next.<\/p>\n<p>You should now see a screen telling you that you have successfully  created the wireless access policy and configured the RADIUS client  (which again, is your wireless access point). Take just a moment to  review the information that is presented on this screen to ensure that  everything is correct, and then click Finish.<\/p>\n<h2>Configuring Your Wireless Access Point<\/h2>\n<p>Now that you have  configured the Network Policy Server, the next step in the process is to  configure your wireless access point to interact with the newly created  Network Policy Server. Unfortunately, I can\u2019t give you specific step by  step instructions for this part of the procedure because every make and  model of wireless access point is different. I will however, try to  give you a general idea of what needs to be done.<\/p>\n<p>Assuming that you are using a brand new wireless access point that  has not yet been configured, the first thing that you will need to do  after connecting to the access point\u2019s Web interface is to set the  access point\u2019s IP address to match the address that you provided to the  network policy server (unless you set the network policy server to use  the access point\u2019s default address).<\/p>\n<p>Next, specify an SSID for your wireless access point (assuming that  you want to use one). When you are done, it is time to enable  encryption. You should set the access point to use AES encryption with a  shared secret (this is sometimes referred to as AES Enterprise).  Finally, set the access point to use the same shared secret as the  Network Policy Server.<\/p>\n<h2>Conclusion<\/h2>\n<p>Now that the Network Policy Server is configured, we need to configure  our wireless client computers to use it. In Part 9, I will conclude the  series by discussing client connectivity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Configuring the Network Policy Server The first step in the configuration process is to make the Network Policy Server aware of your wireless access point. To do so, make sure that the NPS (Local) container is still selected and then choose the RADIUS Server for 802.1x Wireless or Wired Connections option from the drop down [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[44],"tags":[],"class_list":["post-882","post","type-post","status-publish","format-standard","hentry","category-wireless-security"],"_links":{"self":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/882","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=882"}],"version-history":[{"count":1,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/882\/revisions"}],"predecessor-version":[{"id":883,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/882\/revisions\/883"}],"wp:attachment":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=882"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=882"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=882"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}