Creating a WPA2 compliant network

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Wireless networking Why is my network adapter not working after a Vista Business upgrade? How many wireless base stations can connect to 802.11g access points? APs drop connection in WLAN configured as a wireless mesh network How does Wi-Fi ad-hoc mode react when 802.11n and legacy peers are present? Can wireless adapters operate as client access points to make SoftAPs? Will using a VPN protect me against fake wireless hotspots? WLAN QoS and SLA monitoring with 7/24 Wireless Quality Assurance costs How can I hide my WLAN's SSID in an Aruba AP-61? How radio frequency (RF) of microwaves alter wireless signal strength Stolen laptop recovery using remote access and wireless network SSIDs Troubleshooting Wireless Networks University tackles large-scale 802.11n wireless network management Why is my network adapter not working after a Vista Business upgrade? Meru reinvents wireless LAN troubleshooting and management APs drop connection in WLAN configured as a wireless mesh network How to plan for 802.11n wireless LAN upgrades Vendors strive to automate wireless LAN troubleshooting and management Fluke gets WLAN design, management, security cred with AirMagnet Wi-Fi RTLS for WLAN management, location-based security, asset tracking How radio frequency (RF) of microwaves alter wireless signal strength Distributed antenna systems and WLAN: A network management burden Troubleshooting Wireless Networks Research Wireless LAN Implementation University tackles large-scale 802.11n wireless network management Why is my network adapter not working after a Vista Business upgrade? How many wireless base stations can connect to 802.11g access points? 802.11n wireless APs bring IP video to sprawling Illinois high school No data cable? Wireless mesh networking the answer for Wi-Fi backhaul Integrated wireless and wired LAN: Brocade-Motorola deal ups the ante 802.11n WLAN architecture strategies: The 2.4 vs. 5 GHz band debate 802.11n upgrade: College ditches legacy network for new vendor 802.11n ratification will drive down wireless LAN prices How does Wi-Fi ad-hoc mode react when 802.11n and legacy peers are present?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary 802.11a  (SearchNetworking.com) home agent  (SearchNetworking.com) iDEN  (SearchNetworking.com) radio frequency  (SearchNetworking.com) repeater  (SearchNetworking.com) spectrum analyzer  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

WPA2 is available in two forms: WPA2-Personal for home and small office use, and WPA2-Enterprise for business use. Given your target application, you should use WPA2-Enterprise for strong, individual device authentication. You will require support WPA2-Enterprise support on your winCE.net devices and Netgear APs, and at least one RADIUS authentication server for 802.1X/EAP authentication.

Start with your mobile devices. Determine whether their Wi-Fi interfaces support WPA2-Enterprise; this may require installing driver upgrades. If WPA2 is not supported, use WPA instead. The Windows Mobile operating system supports 802.1X and several EAP types, but you'll need to choose an EAP type that meets your security needs and is supported by your devices as well. For example, Protected EAP (PEAP) would require configuring each mobile device with a username and password, while EAP-TLS would require installing a digital certificate on each device. If your mobile devices simply cannot support 802.1X, you may need to resort to WPA2-Personal in conjunction with MAC ACLs and a long, random PreShared Key.

Next, install, and configure a RADIUS authentication server to match the EAP type used by your mobile devices. You will need to create an account for each mobile device, either on the RADIUS server itself, or in a user database (e.g., Windows AD, LDAP database) that interfaces with your RADIUS server. The RADIUS server will be consulted each time a mobile device connects to the network, so give some consideration to where the RADIUS server should be placed, and if you really need more than one server for redundancy or performance. Depending on the EAP type, you will probably need to configure each authentication server with its own digital certificate.

The easiest component to configure will be your Netgear APs. In a WPA2-Enterprise network, APs serve as the middle man, relaying access requests from wireless clients to a RADIUS authentication server. WAG102 APs support WPA2-Enterprise, so just configure them with your authentication server's IP address and RADIUS shared secret. Beware that RADIUS protocol can expose sensitive information, so communication between APs and your authentication server(s) should be protected -- for example, using a site to site VPN to connect stores to a centrally-located server.

To learn more, read our Wireless LAN Security Lunchtime Learning Series tip about WPA2.