Securing Wireless LANs with PEAP and Passwords

There's a wealth of excellent prescriptive Guidance from Microsoft Consultants which is available for free download at

The wireless guide explains how to secure both large scale Enterprise networks and smaller scale networks.

Here's an except:

"Wireless Local Area Network (WLAN) technology is a controversial topic. Organizations that have deployed WLANs are concerned about whether they are secure; those that have not deployed them are worried about missing out on user productivity benefits and lower ownership costs. There is still a good deal of confusion about whether a WLAN is safe to use for corporate computing.

Ever since weaknesses in first generation WLAN security were discovered, analysts and network security firms have strived to resolve these problems. Some of these efforts have contributed significantly to the cause of wireless security. Others have had their share of flaws: some introduce a different set of security vulnerabilities; some require costly proprietary hardware; and others avoid the question of WLAN security altogether by layering on another, potentially complex security technology such as virtual private networks (VPN).

In parallel, the Institute of Electrical and Electronic Engineers (IEEE), along with other standards bodies and consortia, have been diligently redefining and improving wireless security standards to enable WLANs to stand up to the hostile security environment of the early twenty–first century. Thanks to the efforts of standards bodies and industry leaders, "WLAN security" is no longer an oxymoron. WLANs can be deployed and used today with a high level of confidence in their security.

This document introduces two WLAN security solutions from Microsoft® and answers the questions about whether WLANs can be secure and which is the best way of securing them. "


Comments (3)

  1. sam says:

    I’d really love for someone to come up with a *simple* way to secure a *simple* wlan.

    The MS documents cover so many different scenarions they are next to unusable for me to secure my simple home wireless laptop connection. I’d rather face my neighbour surfing on my line then reading a few hundred pages of stuff, setting up a whole slew of certificate servers and trying to figure out how to make them all talk and work together.


  2. Steve Lamb says:

    Sertan> Re. your comment "since it is possible to limit the number of MAC addresses per port, it seems that this hub method may not work at those situations. am I missing something?"

    It’s trivial for the hacker to spoof the MAC address of a valid machine as these are not signed.

  3. Steve Lamb says:

    Sam> That’s great feedback. I’ll track something down and post it on this Blog – stay tuned!

Skip to main content