Microsoft deploys wireless security on XP

At this year's Windows Hardware Engineering Conference, Microsoft announced that the upcoming Windows XP will support the emerging IEEE 802.1x authentication standard, which ensures a client is properly authorized by the network before allowing access.

Wireless security is a hot topic among techies and lawmakers alike. Securing resources from inappropriate use becomes more difficult when there are fewer physical barriers.

The increasing use of wireless access points and the availability of connections in public places for wired Ethernet brings added need for network security.

At this year's WinHEC (Windows Hardware Engineering Conference), Microsoft announced that the upcoming Windows XP will support the emerging IEEE 802.1x authentication standard for networks. In concert with this announcement, many hardware and software vendors are rolling out support for the new protocol. The standard ensures a client is properly authorized by the network before allowing access.


802.1x, which was developed jointly by industry giants including Microsoft, Cisco, 3Com, Agere Systems (formerly a division of Lucent) Compaq, and Dell, is currently an IEEE draft proposal. Tim Moore, Networking Group Program Manager for the Windows XP project, is unfazed by the draft status, however. He believes that any change in the standard before acceptance by the IEEE is "very unlikely."

Client certification
802.1x essentially acts like a proxy between a computer and a network to broker an authentication process. Until a central authentication server certifies that a user has rights to use the network, a piece of hardware that is 802.1x-compliant blocks all network traffic coming from the client. Once the certification process is complete, the client is allowed access to network resources such as mail and DHCP servers.

If a network's hardware supports the capability, 802.1x can even dictate rights to particular segments of the network based on a user's security level. For example, an employee could be granted access to all resources, but a visiting guest might be allowed only gateway access to the Internet.

Hampering hackers
In addition, 802.1x increases security for wireless access points by allowing them to perform on-the-fly updating of the encryption key used to protect traffic. This hampers attempts to intercept network traffic because an access point can switch to a fresh key before the existing key can be cracked. Also, 802.1x lets access points send different keys to different clients, if the clients support the capability. This further bolsters network security, because breaking a key only gives a hacker access to one client's network traffic. Previous implementations of 802.11, the wireless networking protocol, passed out one static key to all clients, according to Moore.

Microsoft has tried to make the Windows XP 802.1x support streamlined and maintenance-free.

"1x to the user should be as close to transparent as we can possibly make it," Moore says.

To that end, Windows XP boasts features that allow a computer to detect and configure itself automatically for wireless networks it detects. A notebook user can easily roam among networks in the office, in public areas, and at home without having to switch settings.

The 802.1x implementation in XP automatically recognizes previously encountered networks and appropriately configures settings for facilities such as DHCP and proxy servers.

The mainstream computing world has yet to embrace wireless networking, something Moore attributes to a lack of vendor enthusiasm.

"They haven't gone on this big marketing campaign yet, and I don't know why," he says.

But hardware vendors are launching products that integrate 802.11b support and include ease-of-use features such as those in Windows XP, so Moore expects a groundswell of consumer adoption of the protocol, predicting that "802.11 is going to be the winner in the home."