Share via


Wireless LAN Technologies and Microsoft Windows

Published: July 01, 2001 | Updated: March 14, 2007

IEEE 802.11 wireless LAN technology is a popular option for network connectivity on organization intranets, home networks, and for accessing the Internet. This article describes the benefits of wireless LANs, the support for 802.11 wireless LAN and wireless LAN security standards in Microsoft® Windows®, and general guidelines for wireless LANs in medium to large organizations and small office/home office networks.

On This Page

Benefits of Wireless LANs
Support for IEEE 802.11 Standards
Support for IEEE 802.11 Security Standards
Checklists and Resources

Benefits of Wireless LANs

Institute of Electrical and Electronic Engineers (IEEE) 802.11 wireless LAN networking provides the following benefits:

  • Wireless connections can extend or replace a wired infrastructure in situations where it is costly, inconvenient, or impossible to lay cables. This benefit includes the following:

    • To connect the networks in two buildings separated by a physical, legal, or financial obstacle, you can either use a link provided by a telecommunications vendor (for a fixed installation cost and ongoing recurring costs) or you can create a point-to-point wireless link using wireless LAN technology (for a fixed installation cost, but no recurring costs). Eliminating recurring telecommunications charges can provide significant cost savings to organizations.

    • Wireless LAN technologies can be used to create a temporary network, which is in place for only a specific amount of time. For example, the network needed at a convention or trade show can be a wireless network, rather than deploying the physical cabling required for a traditional Ethernet network.

    • Some types of buildings, such as historical buildings, might be governed by building codes that prohibit the use of wiring, making wireless networking an important alternative.

  • The wiring-free aspect of wireless LAN networking is also very attractive to homeowners who want to connect the various computers in their home together without having to drill holes and pull network cables through walls and ceilings.

  • Increased productivity for the mobile employee. This benefit includes the following:

    • The mobile user whose primary computer is a laptop or notebook computer can change location and always remain connected to the network. This enables the mobile user to travel to various places—meeting rooms, hallways, lobbies, cafeterias, classrooms, and so forth—and still have access to networked data. Without wireless access, the user has to carry cabling and is restricted to working near a network jack.

    • Wireless LAN networking is a perfect technology for environments where movement is required. For example, retail environments can benefit when employees use a wireless laptop or palmtop computer to enter inventory information directly into the store database from the sales floor.

    • Even if no wireless infrastructure is present, wireless laptop computers can still form their own ad hoc networks to communicate and share data with each other.

  • Easy access to the Internet in public places.

Beyond the corporate campus, access to the Internet and even corporate sites can be made available through public wireless “hot spot” networks. Airports, restaurants, rail stations, and common areas throughout cities can be provisioned to provide this service. When the traveling worker reaches his or her destination, perhaps meeting a client at their corporate office, limited access can be provided to the traveling worker through the local wireless network. The network can recognize that a user is from another corporation and create a connection that is isolated from the local corporate network but provides Internet access to the visiting user. Wireless infrastructure providers are enabling wireless connectivity in public areas around the world. Many airports, conference centers, and hotels provide wireless access to the Internet for their visitors.

Support for IEEE 802.11 Standards

Windows Vista™, Windows XP, Windows Server® 2003, and Windows Server Code Name “Longhorn” provide built-in support for 802.11 wireless LAN networking. An installed 802.11 wireless LAN network adapter appears as a wireless network connection in the Network Connections folder. For computers running Windows XP or Windows Server 2003, you can configure wireless settings on a Wireless Networks tab from the properties of a wireless network connection.

For more information about wireless support in Windows XP with Service Pack 2 and Windows Server 2003 with Service Pack 1, see Wireless LAN Enhancements in Windows XP Service Pack 2.

For information about new wireless LAN features in Windows Server “Longhorn” and Windows Vista, see Wireless Networking in Windows Vista and the “Wireless and 802.1X-based Wired Connections” section of New Networking Features in Windows Server "Longhorn" and Windows Vista.

Although Windows Vista, Windows XP, Windows Server 2003, and Windows Server “Longhorn” provide built-in support for 802.11 wireless LAN networking, the wireless components of Windows are dependent upon the following:

  • The capabilities of the wireless network adapter

    The installed wireless network adapter must support the wireless LAN or wireless security standards that you require. For example, Windows XP with Service Pack 2 (SP2) supports configuration options for the Wi-Fi Protected Access (WPA) security standard. However, if the wireless network adapter does not support WPA, you cannot enable or configure WPA security options.

  • The capabilities of the wireless network adapter driver

    In order to allow you to configure wireless network options, the driver for the wireless network adapter must support the reporting of all of its capabilities to Windows. Verify that the driver for your wireless network adapter was written for the capabilities of Windows Vista or Windows XP and is the most current version by checking Windows Update or the Web site of the wireless network adapter vendor.

If supported by the wireless network adapter and reported by the wireless network adapter driver, Windows supports the following IEEE wireless standards:

  • 802.11

  • 802.11b

  • 802.11a

  • 802.11g

The following table lists the standards, their maximum bit rate, range of frequencies, and their typical usage.

Standard

Maximum bit rate

Range of frequencies

Usage

802.11

2 megabits per second (Mbps)

S-Band Industrial, Scientific, and Medical (ISM) frequency range (2.4 to 2.5 GHz)

Not widely used.

802.11b

11 Mbps

S-Band ISM

Widely used.

802.11a

54 Mbps

C-Band ISM (5.725 to 5.875 GHz)

Not widely used due to expense and limited range.

802.11g

54 Mbps

S-Band ISM

Gaining in popularity. 802.11g devices are backward-compatible with 802.11b devices.

Note

The S-Band ISM uses the same frequency range as microwave ovens, cordless phones, baby monitors, wireless video cameras, and Bluetooth devices. The C-Band ISM uses the same frequency range as newer cordless phones and other devices.

802.11 Operating Modes

Wireless LAN networks for all the IEEE 802.11 standards use the following operating modes:

  • Infrastructure mode The wireless network contains at least one wireless access point (AP), a device that bridges wireless-based computers to each other and to a wired network such as the Internet or a private network.

  • Ad hoc mode The wireless network contains no wireless APs and wireless-based computers connect and communicate directly with each other.

Regardless of the operating mode, a Service Set Identifier (SSID), also known as the wireless network name, identifies a specific wireless network by name. The SSID is configured on the wireless AP for infrastructure mode or the initial wireless client for ad hoc mode. The wireless AP or the initial wireless client periodically advertise the SSID so that other wireless nodes can discover and join the wireless network.

Support for IEEE 802.11 Security Standards

Although IEEE 802.11 wireless LAN technologies provide the benefits previously described, they introduce security issues that do not exist for wired networks. Unlike the closed cabling system of an Ethernet network that can be physically secured, wireless frames are sent as radio transmissions that propagate beyond the physical confines of your office or home. Any computer within range of the wireless network can receive wireless frames and send its own. Without protecting your wireless network, malicious users can use your wireless network to access your private information or launch attacks against your computers or other computers across the Internet.

To protect your wireless network, you must configure authentication and encryption options:

  • Authentication requires that computers provide either valid account credentials (such as a user name and password) or proof that they have been configured with an authentication key before being allowed to send data frames on the wireless network. Authentication prevents malicious users from being able to join your wireless network.

  • Encryption requires that the content of all wireless data frames be encrypted so that only the receiver can interpret its contents. Encryption prevents malicious users from capturing wireless frames sent on your wireless network and determining sensitive data. Encryption also helps prevent malicious users from sending valid frames and accessing your private resources or the Internet.

IEEE 802.11 wireless LANs support the following security standards:

  • IEEE 802.11

  • IEEE 802.1X

  • Wi-Fi Protected Access (WPA)

  • Wi-Fi Protected Access 2 (WPA2)

IEEE 802.11

The original IEEE 802.11 standard defined the open system and shared key authentication methods for authentication and Wired Equivalent Privacy (WEP) for encryption. WEP can use either 40-bit or 104-bit encryption keys. However, the original IEEE 802.11 security standard has proved to be relatively weak and cumbersome for widespread public and private deployment. Because of its susceptibility to attack and the widespread support of newer security standards such as WPA, its use is highly discouraged.

IEEE 802.1X

IEEE 802.1X was a standard that existed for Ethernet switches and was adapted to 802.11 wireless LANs to provide much stronger authentication than the original 802.11 standard. IEEE 802.1X authentication is designed for medium and large wireless LANs that contain an authentication infrastructure consisting of Remote Authentication Dial-In User Service (RADIUS) servers and account databases such as the Active Directory® directory service. IEEE 802.1X prevents a wireless node from joining a wireless network until the node has performed a successful authentication. IEEE 802.1X uses the Extensible Authentication Protocol (EAP). Wireless network authentication can be based on different EAP authentication methods such as those using user name and password credentials or a digital certificate.

Note

Some wireless network adapters have a link light that indicates sent or received data frames. However, because IEEE 802.1X authentication occurs before the wireless network adapter begins sending or receiving data frames, the link light does not reflect 802.1X authentication activity. If the link light does not indicate any wireless traffic, the cause could be a failed 802.1X authentication.

WPA

Although 802.1X addresses the weak authentication of the original 802.11 standard, it provides no solution to the weaknesses of WEP. While the IEEE 802.11i wireless LAN security standard was being finalized, the Wi-Fi Alliance, an organization of wireless equipment vendors, created an interim standard known as Wi-Fi Protected Access (WPA). WPA replaces WEP with a much stronger encryption method known as the Temporal Key Integrity Protocol (TKIP). WPA also allows the optional use of the Advanced Encryption Standard (AES) for encryption.

WPA is available in two different modes:

  • WPA-Enterprise Uses 802.1X authentication and is designed for medium and large infrastructure mode networks.

  • WPA-Personal Uses a preshared key (PSK) for authentication and is designed for small office/home office (SOHO) infrastructure mode networks.

WPA2

The IEEE 802.11i standard formally replaces WEP and the other security features of the original IEEE 802.11 standard. Wi-Fi Protected Access 2 (WPA2) is a product certification available through the Wi-Fi Alliance that certifies wireless equipment as being compatible with the IEEE 802.11i standard. The goal of WPA2 certification is to support the additional mandatory security features of the IEEE 802.11i standard that are not already included for products that support WPA. For example, WPA2 requires support for both TKIP and AES encryption.

WPA2 is available in two different modes:

  • WPA2-Enterprise Uses 802.1X authentication and is designed for medium and large infrastructure mode networks.

  • WPA2-Personal Uses a PSK for authentication and is designed for SOHO infrastructure mode networks.

Summary table of IEEE 802.11 security standards

The following table summarizes the 802.11 wireless LAN security standards.

Security standard

Authentication methods

Encryption methods

Encryption key size (bits)

Comments

IEEE 802.11

Open system and shared key

WEP

40 and 104

Weak authentication and encryption. Use is highly discouraged.

IEEE 802.1X

EAP authentication methods

N/A

N/A

Strong EAP methods provide strong authentication.

WPA-Enterprise

802.1X

TKIP and AES (optional)

128

Strong authentication (with strong EAP method) and strong (TKIP) or very strong (AES) encryption.

WPA-Personal

PSK

TKIP and AES (optional)

128

Strong authentication (with strong PSK) and strong (TKIP) or very strong (AES) encryption.

WPA2-Enterprise

802.1X

TKIP and AES

128

Strong authentication (with strong EAP method) and strong (TKIP) or very strong (AES) encryption.

WPA2-Personal

PSK

TKIP and AES

128

Strong authentication (with strong PSK) and strong (TKIP) or very strong (AES) encryption.

If supported by the wireless network adapter and reported by the wireless network adapter driver, Windows supports the following security standards for 802.11 wireless LAN networking:

  • 802.11 with WEP (Windows Vista, Windows XP, Windows Server 2003, and Windows Server “Longhorn”)

  • 802.1X (Windows Vista, Windows XP, Windows Server 2003, and Windows Server “Longhorn”)

  • WPA (Windows Vista, Windows XP with SP2, Windows XP with Service Pack 1 [SP1] and the Wireless update rollup package for Windows XP, Windows Server 2003 with Service Pack 2, Windows Server 2003 with Service Pack 1, and Windows Server “Longhorn”)

  • WPA2 (Windows Vista, Windows XP with SP2 and the Wireless Client Update for Windows XP with Service Pack 2, Windows Server 2003 with Service Pack 2, and Windows Server “Longhorn”)

Although Windows includes support for 802.1X, third-party wireless client software sometimes replaces the built-in 802.1X components of Windows. In this case, a failure to authenticate to a wireless network might be due to the misconfiguration of the third-party 802.1X software.

For more information about 802.11 wireless LAN security, see IEEE 802.11 Wireless LAN Security with Microsoft Windows.

Checklists and Resources

The following sections provide general guidelines for wireless networks of different sizes and links to resources for more information.

Medium to Large Networks

For a wireless network in a medium to large organization that uses 802.1X authentication, you should use infrastructure mode and one of the following security technologies:

  • WPA2-Enterprise with 802.1X authentication

  • WPA-Enterprise with 802.1X authentication

For more specific recommendations that include the different EAP authentication types used for wireless connections in Windows, see Wireless Deployment Recommendations and Best Practices.

WPA product checklist

To create a WPA-Enterprise-based medium to large wireless network, ensure that you have the following:

  • Wireless APs that support WPA

  • Wireless network adapters that support WPA

  • Wireless network adapter drivers that support reporting WPA capabilities to Windows

  • Computers running Windows Vista, Windows XP with SP2, Windows XP with SP1 and the Wireless update rollup package for Windows XP, Windows Server 2003 with Service Pack 2, Windows Server 2003 with Service Pack 1, or Windows Server “Longhorn”

WPA2 product checklist

To create a WPA2-Enterprise-based medium to large wireless network, ensure that you have the following:

  • Wireless APs that support WPA2

  • Wireless network adapters that support WPA2

  • Wireless network adapter drivers that support reporting WPA2 capabilities to Windows

  • Computers running Windows Vista, Windows XP with SP2 and the Wireless Client Update for Windows XP with Service Pack 2, Windows Server 2003 with Service Pack 2, or Windows Server “Longhorn”

For more information about how to deploy a medium to large wireless network, see Deployment of Secure 802.11 Networks Using Microsoft Windows.

Small Office/Home Office Networks

For a small office/home office (SOHO) wireless network that does not use 802.1X authentication, you should use infrastructure mode and one of the following security technologies:

  • WPA2-Personal with PSK authentication

  • WPA-Personal with PSK authentication

In either case, you must configure the PSK on the wireless AP and each wireless client or device. If you have computers running Windows XP with SP2, you can use the Wireless Network Setup Wizard to simplify the configuration of the PSK. For more information, see The New Wireless Network Setup Wizard in Windows XP Service Pack 2.

You can use 802.1X authentication on a SOHO wireless network. However, it requires an authentication infrastructure and many older wireless devices such as printers do not support 802.1X authentication. For more information about deploying 802.1X authentication on a SOHO wireless network, see Step-by-Step Guide for Secure Wireless Deployment for Small Office/Home Office or Small Organization Networks.

For specific recommendations for Windows-based SOHO wireless networks, see Recommendations for Small Office or Home Office Wireless Networks.

WPA product checklist

To create a WPA-Personal-based SOHO wireless network, ensure that you have the following:

  • Wireless APs that support WPA

  • Wireless network adapters that support WPA

  • Wireless network adapter drivers that support reporting WPA capabilities to Windows

  • Computers running Windows Vista, Windows XP with SP2, Windows XP with SP1 and the Wireless update rollup package for Windows XP, Windows Server 2003 with Service Pack 2, Windows Server 2003 with Service Pack 1, or Windows Server “Longhorn”

WPA2 product checklist

To create a WPA2-Personal-based SOHO wireless network, ensure that you have the following:

  • Wireless APs that support WPA2

  • Wireless network adapters that support WPA2

  • Wireless network adapter drivers that support reporting WPA2 capabilities to Windows

  • Windows Vista, Windows XP with SP2 and the Wireless Client Update for Windows XP with Service Pack 2, Windows Server 2003 with Service Pack 2, or Windows Server “Longhorn”

For more information about how to deploy a SOHO wireless network, see Configuring Windows XP IEEE 802.11 Wireless Networks for the Home and Small Business.

Additional Resources