WPA2 and WSP IE for Windows XP SP2

If you use wireless networking in your environment, you'll be interested to learn that Microsoft has released an update to improve wireless network security for users of Windows XP with Service Pack 2 (SP2). The update enhances the XP wireless client software with support for Wi-Fi Protected Access 2 (WPA2), which according to the Wi-Fi Alliance "is based on the final IEEE 802.11i amendment to the 802.11 standard and is eligible for FIPS 140-2 compliance."

http://support.microsoft.com/?id=893357

WPA2 offers much stronger security than Wireless Equivalent Privacy (WEP) or Wi-Fi Protected Access (WPA). WEP has long been known to be vulnerable. I've read at least one account in which a WEP connection was cracked in only a few minutes. The successor to WEP, WPA, isn't as easy to crack as WPA, and the new WPA2 standard offers even better security. The Wi-Fi Alliance said the primary difference between WPA and WPA2 is that WPA2 uses the Advanced Encryption Standard (AES) to encrypt network traffic and WPA uses the Rivest Cipher 4 (RC-4) algorithm.

WPA2 Personal supports preshared keys, and WPA2 Enterprise uses 802.1x authentication with the Extensible Authentication Protocol (EAP). Like WPA, WPA2 facilitates roaming access between wireless Access Points (APs). Several manufacturers already make WPA2-certified APs and wireless NICs, and many provide WPA2 hardware and drivers that work with several versions of Windows. For example, Broadcom, Cisco Systems, Devicescape Software (formerly Instant802 Networks), Intel, and Realtek Semiconductor all make WPA2-enabled products that can be used on almost any Windows platform. Other vendors make products based on Atheros Communications chipsets, which are also WPA2-certified.

Wireless Provisioning Services Information Element (WPS IE) is also included in the update. Some wireless ISPs are moving from unsecured to secured networks by implementing 802.1x. As the transitions take place, ISPs can configure their APs to broadcast one Service Set Identifier (SSID) for the unsecured network and another SSID for the secure network. The SSIDs for the secured networks aren't visible on systems that don't support WPS IE because of the way some APs broadcast Beacon and Probe Request frames. WPS IE helps computers recognize both types of wireless AP SSIDs.

You can learn more about the new update at the link above. You can also learn more about creating secure wireless hotspots in the MSDN Library article "Securing Public Wi-Fi Hotspots" at

http://msdn.microsoft.com/library/en-us/randz/protocol/securing_public_wi-fi_hotspots.asp

Microsoft TechNet also has a new Cable Guy column, "Wi-Fi Protected Access 2 (WPA2) Overview." The column explains WPA2 in a fair amount of detail, including key caching, fast roaming, pre-authentication, and more.

http://www.microsoft.com/technet/community/columns/cableguy/default.mspx

In addition, Microsoft maintains links to numerous other wireless-related articles on its Windows Server 2003 Wi-Fi Web site.

http://www.microsoft.com/windowsserver2003/technologies/networking/wifi/default.mspx

A new white paper, "Deploying Wi-Fi Protected Access (WPA) and WPA2 in the Enterprise," is available in PDF format at The Wi-Fi Alliance's Web site (first URL below). A 60-minute presentation, "Wi-Fi Protected Access: Locking Down the Link," by Michael Disabato of the Burton Group, reviews WEP, WPA, WPA2, implementation, and more and is also available at the Wi-Fi Alliance Web site (second URL below).

http://www.wi-fi.org/OpenSection/pdf/WFA_02_27_05_WPA_WPA2_White_Paper.pdf http://www.wi-fi.org/OpenSection/protected_access_archive.asp

====

In the Web chat "Reality Check: What to Expect with Windows Server 2003 Service Pack 1," Michael Otey will answer your questions about Windows Firewall, Data Execution Prevention (DEP), boot-time protection, the Security Configuration Wizard (SCW), and much more. Thursday, May 12, 12:00 noon Eastern (9:00 A.M. Pacific).

http://ad.doubleclick.net/clk;15179132;6134865;j?http://www.microsoft.com/communities/chats/default.mspx#05_May12_TN_RC