A Complete Explanation of Win XP Wireless Network Technology
[Copy link]
802.1x wireless network, it sounds very complicated, to know what it is, we must first understand what wireless network is. The term wireless network has only become popular in recent years, and it is involved in a wide range of fields, such as mobile communications, so what is a wireless network?
Overview of Wireless Networks
Wireless network technology covers a wide range, from global voice and data networks that allow users to establish long-distance wireless connections to infrared and radio frequency technologies optimized for short-distance wireless connections. Devices commonly used in wireless networks include portable computers, desktop computers, handheld computers, personal digital devices (PDAs), mobile phones, pen computers and pagers. Wireless technology is used for a variety of practical purposes. For example, mobile phone users can use mobile phones to access e-mail. Travelers using portable computers can connect to the Internet through base stations installed in airports, stations and other public places. At home, users can connect desktop devices to synchronize data and send files.
1. Defining Standards
To reduce costs, ensure interoperability, and increase widespread adoption of wireless technology, several major standardization efforts are being undertaken by organizations such as the Institute of Electrical and Electronics Engineers (IEEE), the Internet Engineering Task Force (IETF), the Wireless Ethernet Compatibility Alliance (WECA), and the International Telecommunication Union (ITU). For example, IEEE working groups are defining how information is transmitted from one device to another (whether using radio waves or infrared light waves), and how and when to use the transmission medium for communication. In developing wireless network standards, some organizations such as the IEEE focus on power management, bandwidth, security, and other items that are characteristic of wireless networks.
II. Types of Wireless Networks
Like wired networks, wireless networks can be divided into several different types based on the distance over which data can be sent.
1. Wireless Wide Area Networks (WWANs)
WWAN technology enables users to establish wireless network connections over long-range public or private networks. These connections can cover large geographic areas, such as many cities or countries, using a number of antenna base stations or satellite systems maintained by wireless service providers. Current WWAN technology is known as second generation (2G) systems. The main 2G systems include Global System for Mobile Phones (GSM), CDPD, and Code Division Multiple Access (CDMA). Efforts are underway to transition from 2G networks, some of which have limited roaming capabilities and incompatible features, to third generation (3G) technologies that will implement global standards and provide global roaming capabilities. The ITU is actively promoting the development of 3G global standards.
2. Wireless Metropolitan Area Networks (WMANs)
WMAN technology allows users to create wireless connections between multiple locations in a major urban area (for example , between office buildings in a city and a university campus) without the expensive installation of fiber optic cables, cables, and leased lines. In addition, WMANs can be used as a backup network for wired networks if the primary leased lines of the wired network are unavailable. WMANs can use both radio waves and infrared light waves to transmit data. There is an increasing demand for wireless access network bandwidth to provide users with high-speed access to the Internet. Although a variety of different technologies are currently in use, such as Multi-channel Multipoint Distribution Service (MMDS) and Local Multipoint Distribution Service (LMDS), the IEEE 802.16 Broadband Wireless Access Standards Working Group is still developing specifications to standardize the development of these technologies.
3. Wireless Local Area Networks (WLANs)
WLAN technology enables users to create wireless connections locally (for example, in a company or campus building, or in public places such as airports). WLANs can be used in temporary offices or other places where cable installation is limited, or to enhance existing LANs so that users can work in different parts of the office building at different times. WLANs can operate in two different ways. In basic WLANs, wireless stations ( devices with radio wave network cards or external modems) connect to wireless access points, which act as a bridge between the wireless stations and the existing network backbone. For ad hoc WLANS, a temporary network can be established without the use of an access point among several users in a limited area (such as a conference room) when access to network resources is not required.
The IEEE approved the 802.11 WLANs standard in 1997, which specifies data transfer speeds of 1 to 2 megabytes per second (Mbps). In 802.11b, which is becoming the new dominant standard, the maximum data transfer speed is 11 Mbps over the 2.4 gigahertz (GHz) band. Another newer standard is 802.11a, which specifies a maximum data transfer speed of 54 Mbps over the 5 GHz band.
4. Wireless Personal Area Networks (WPANs)
WPAN technology enables users to create special wireless communications for devices such as PDAs, mobile phones, and laptops for use in a personal operating space (POS). The POS is the space around a person, within a distance of 10 meters. Currently, the two main WPAN technologies are Bluetooth and infrared light waves. Bluetooth is an alternative technology that can use radio waves to transmit data within 30 feet. Bluetooth data transmission can penetrate walls, pockets, and briefcases. Bluetooth technology is led by the Bluetooth Special Interest Group (SIG). The group released version 1.0 of the Bluetooth specification in 1999. However, to connect devices at close range (within one meter), users can also create infrared links.
In order to standardize the development of WPAN technology, the IEEE has established the 802.15 working group. The working group is developing the WPAN standard based on version 1.0 of the Bluetooth specification. The main goals of the draft standard are low complexity, low energy consumption, strong interoperability and compatibility with 802.11 networks.
Wireless Network Configuration
The above is an overview of wireless networks. The wireless network function of WINXP is unprecedentedly powerful. So how do you configure wireless networks in WINXP?
1. Open "Network Connections" (To open "Network Connections", click "Start", point to "Settings", then double-click "Control Panel", click "Network and Internet Connections", and then click "Network Connections").
2. Right-click "Wireless Network Connection", and then click "Properties".
3. On the "Wireless Network" tab, do any of the following:
* To enable automatic wireless network configuration, select the "Use Windows to configure my wireless network settings" check box. This check box is selected by default.
* To disable automatic wireless network configuration, clear the "Use Windows to configure my wireless network settings" check box.
4. To connect to an existing wireless network, do one of the following:
* Access Point (Basic)
To connect to an existing access point (basic) network, click the network name under "Available Networks", and then click "Configure".
In Wireless Network Properties, specify the Wireless Network Key (WEP) settings, or if a network key was automatically provided to you (for example, the key was stored on the wireless network adapter that your administrator ), select the Automatically provide me with a key check box. If you are not sure whether a network key is required or which network key settings you need to enter, contact your network administrator or the manufacturer of your wireless network adapter . It is important to note that if a network does not broadcast its network name, it will not appear under Available Networks. To connect to an access point (infrastructure) network that you know is available but does not appear under Available Networks, under Preferred Networks, click Add. Under Wireless Network Properties, specify the network name (Service Set Identifier) and, if necessary, the Wireless Network Key settings. * Computer to Computer (Ad Hoc) To connect to an existing computer to computer (ad hoc) network, under Available Networks, click the network name, and then click Configure. In Wireless Network Properties, specify the Wireless Network Key (WEP) settings, or if a network key was automatically provided to you (for example, the key was stored on the wireless network adapter that your administrator gave you), select the Automatically provide me with a key check box. If you are not sure whether a key is required or which network key settings you need to enter, contact your network administrator or the manufacturer of your wireless network adapter. If you are connecting to a computer-to-computer (ad hoc) network and both a computer-to-computer network and an access point (infrastructure) network are within range of your computer, click Advanced, and then click Computer-to-computer (ad hoc) networks only. 5. To configure a new wireless network connection, click Add, and then do the following: * Under Wireless Network Properties, specify the network name (Service Set Identifier) and, if necessary, the wireless network key settings. * If the network connection you are configuring is to a computer-to-computer (ad hoc) network, select the This is a computer-to-computer (ad hoc) network, so a wireless access point is not used check box. 6. To change the order of connection attempts to access preferred networks, under Preferred Networks, click the wireless network that you want to move to a new position in the list, and then click Move Up or Move Down. 7. To change the wireless network connection settings listed in a Preferred Network, click the wireless network whose settings you want to change, click Properties, and then change the settings as needed. 8. To remove a wireless network from the preferred networks list, under Preferred networks, click the wireless network that you want to remove, and then click Remove. 9. To update the list of available networks within range of your computer, click Refresh. 10. To automatically connect to available networks that do not appear in the Preferred networks list, click Advanced, and then select the Automatically connect to non-preferred networks check box.
| There are a few points to note during the configuration:
1. When automatic wireless network configuration is enabled, you can connect to an existing wireless network, change wireless network connection settings, configure new wireless network connections, and specify preferred wireless networks. You will be notified when a new network is available. After selecting a wireless network, your wireless network adapter will automatically configure to match the settings of that network and will attempt to connect to the network.
2. To configure the settings on the Wireless Network tab, you mustlog on as an administrator manufacturer of your wireless network adapter .
3. If you are using third-party wireless network software, clear the Use Windows to configure my wireless network settings check box.
4. If you cannot connect to an existing wireless network and the name of the network you want to connect to appears under the Preferred Networks list, click the preferred network name, and then click Properties. In Wireless Network Properties, check the settings and make sure they are correct. If you are not sure whether the settings are correct, contact your network administrator or the manufacturer of your wireless network adapter.
5. If the "Preferred Networks" list contains both Access Point (Infrastructure) and Computer-to-Computer (Ad Hoc) networks, you cannot move the Computer-to-Computer network higher in the list than the Access Point network.
6. To enhance the security of 802.11 wireless networks and wired Ethernet networks, make IEEE 802.1x authentication enabled by default.
802.1x Authentication
After introducing wireless networks, let's start introducing 802.1x wireless networks. To understand 802.1x wireless networks, you must first understand what 802.1x authentication is. 802.1x Authentication IEEE 802.1x is a draft standard for port-based network access control that provides authenticated network access to 802.11 wireless networks and wired Ethernet networks. Port-based network access control uses the physical characteristics of the switched LAN infrastructure to authenticate devices connected to LAN ports and prevent access to the port where the authentication process has failed.
During the port-based network access control interaction, the LAN port takes one of two roles: authenticator or supplicant. In the authenticator role, a LAN port performs authentication before it allows users to access services accessible through that port. In the supplicant role, a LAN port requests access to services accessible through the authenticator's port. The authentication server, which can be a separate entity or co-located with the authenticator, checks the supplicant's credentials on behalf of the authenticator. The authentication server then responds to the authenticator, indicating whether the supplicant has authorization to access the authenticator's services.
The authenticator's port-based network access control defines two access points into the LAN through a physical LAN port. The first logical access point - the uncontrolled port - allows data to be exchanged between the authenticator and other computers on the LAN, regardless of the computer's authentication status. The second logical access point - the controlled port - allows data to be exchanged between authenticated LAN users and the authenticator.
IEEE 802.1x provides centralized user identification, authentication, dynamic key management, and accounting using standard security protocols such as RADIUS.
So what does 802.1x authentication do? To enhance security, you can enable IEEE 802.1x authentication. IEEE 802.1x authentication provides authenticated access to 802.11 wireless networks and to wired Ethernet networks. IEEE 802.1x minimizes wireless network security risks (for example, unauthorized access to network resources and eavesdropping) by providing user and computer identification, centralized authentication, and dynamic key management. IEEE 802.1x supports Internet Authentication Service (IAS), which implements the Remote Authentication Dial-In User Service (RADIUS) protocol. In this implementation, a wireless access point configured as a RADIUS client sends a connection request and accounting messages to a central RADIUS server. The central RADIUS server processes the request and either grants or denies the connection request. If the request is granted, the client is authenticated, and a unique key is generated for that session (from where the WEP key was generated), depending on the authentication method selected. IEEE 802.1x support for the Extensible Authentication Protocol (EAP) security type enables you to use authentication methods such as smart cards, certificates, and the Message Digest 5 (MD5) algorithm.
With IEEE 802.1x authentication, you can specify whether a computer attempts authentication to access a network resource if it requires access to the network resource regardless of whether the user is logged on to the network. For example, a data center operator who manages a remote management server can specify whether the server should attempt authentication to access network resources. You can also specify whether a computer attempts authentication to access the network if user or computer information is not available. For example, an ISP can use this authentication option to allow users to access free Internet services or Internet services that can be subscribed to. A company can grant limited guest access to visitors so that they can access the Internet but not confidential network resources. 802.11 security options include authentication services and encryption
services based on the WEP algorithm. WEP is a set of security services designed to protect 802.11 networks from unauthorized access, such as eavesdropping (capturing wireless network communications). With automatic wireless network configuration, you can specify a network key to use for authentication when entering the network. You can also specify which network password to use to encrypt data transmitted over the network. When data encryption is enabled, a secret shared encryption key is generated and used by the source and destination stations to alter frame bits, thereby preventing disclosure to an eavesdropper. 802.11 supports two subtypes of network authentication services: open system and shared key. Under "open authentication," any wireless station can request authentication. A station that needs to be authenticated by another wireless station sends out an authentication management frame containing the sending station. The receiving station then sends back a frame indicating whether it recognizes the identity of the sending station. Under "shared key" authentication, each wireless station is assumed to have a secret shared key for a secure channel that is independent of the 802.11 Wireless network communication channel. To use Shared Key authentication, you must have a network key. When you enable WEP, you can specify a network key to use for encryption. A network key can be automatically provided for you (for example, it may be provided on the wireless network adapter), or you can specify the key yourself by typing it. If you specify the key yourself, you can also specify the key length (40 bits or 104 bits), the key format (ASCII characters or hexadecimal numbers), and the key index (the location where a specific key is stored ). The longer the key length, the more secure the key. The number of possible keys doubles every time the key length increases by one bit.
Under 802.11, a wireless station can be configured with up to four keys (key index values 0, 1, 2, and 3). When an access point or wireless station transmits an encrypted message using a key stored at a particular key index, the transmitted message indicates the key index that was used to encrypt the message body. The receiving access point or wireless station can then retrieve the password stored at the key index and use it to decrypt the encrypted message body.
| Setting up 802.1x authentication
In WINXP, to set up 802.1x authentication, follow these steps:
1. Open Network Connections.
2. Right-click the connection for which you want to enable or disable IEEE 802.1x authentication, and then click Properties.
3. On the Authentication tab, do any of the following:
* To enable IEEE 802.1x authentication for this connection, select the Use IEEE 802.1X Network Access Control check box. This check box is selected by default.
* To disable IEEE 802.1x authentication for this connection, clear the Use IEEE 802.1X Network Access Control check box. 4. In EAP Type, click the
Extensible Authentication Protocol type to use for this connection .
5. If you select Smart Card or other certificate in EAP Type, and if you click Properties, you can configure additional properties, and you can do the following in Smart Card or other certificate properties:
* To use a certificate that resides on your smart card for authentication, click Use my smart card.
* To use a certificate that resides in the computer's certificate store for authentication, click Use a certificate on this computer.
* To verify that the server certificate presented to your computer is still valid, select the Validate server certificate check box, specify whether to connect only if the server resides in a specific domain, and then specify a trusted root certification authority. * To use a different user name when the user
name in the smart card or certificateis different from the user name in the domain you are logged on to, select the Use a different user name for this connection check box. 6. To specify whether the computer should attempt authentication to access the network when the user is not logged on and/or when computer or user information is not available, do the following: * To specify that the computer attempt authentication to access the network when the user is not logged on, select the Authenticate as a computer when computer information is available check box. * To specify that the computer attempts authentication to access the network when user information or computer information is unavailable, select the "Authenticate as a guest when user or computer information is unavailable" check box. This check box is selected by default.There are also the following points to note: 1. IEEE 802.1x authentication providesauthenticated access to 802.11 wireless networks and to wired Ethernet networks. 802.1x minimizes wireless network security risks and uses standard security protocols (for example, RADIUS). 2. To configure settings on the "Authentication" tab, you must be a member of the local administrative group. 3. For wired and wireless network connections, the settings in the "Authentication" tab apply to the network you are currently connected to. If you are currently connected to a wireless network, you can verify the name of the network by clicking the "Wireless Networks" tab. The network name will appear in "Visible Networks" and "Preferred Networks" and there will be an icon with a circle in front of the name.
| |
|
提升卡
变色卡
千斤顶
