SECURITY

New Wireless Improvements in Vista

7/28/2010 9:24:42 AM

New Wireless Improvements in Vista
There have been dozens of wireless improvements in Windows Vista over previous Windows versions. Here's a brief cap of the most significant ones.

Wireless configuration is integrated into the new Network and Sharing Center versus having to configure under the wireless network adapter.

Wireless networks can be configured per user or for all users on the machine. Per-user wireless profiles are disconnected when the user logs off.

Separate wireless profiles can be configured for the network standard profile and the domain profile, so different security can be configured when the machine is attached to its home Active Directory domain and when away.

Wireless networks that don't broadcast their SSID can not be added to the list of Preferred Networks. The SSID value of non-broadcasted networks shows up as Unnamed Network. In previous Windows versions, non-broadcasted networks could be used, but could not be added to the Preferred Network list. This became problematic if the involved computer needed to connect to a non-broadcasted wireless network when it was also in the range of a broadcasted wireless network. The computer would always connect to the broadcasted wireless network first, and the computer would then have to be disconnected and then re-connected to the non-broadcast network.

Users will be prompted to confirm whenever connecting to an unsecured network. This continues a behavior added to Windows XP Pro with SP2.

The Network Connection wizard will list all the security methods supported by the wireless network adapter (for example, WPA2, WEP).

Native WPA2 support was added. In Windows XP SP2, WPA2 support was added with an additional WPA2 client program.

WPA2 authentication options can be configured using group policy.

Using group policy, you can define a whitelist or blacklist of allowed or denied SSID names. Blacklisting could be useful when several unauthorized broadcasting wireless networks are all in reach of the computer or to prevent laptops from connecting to unsecured home systems that have not been configured and are still using default SSIDs.

Note
Windows Server 2003 Active Directory schema must be extended to handle new wireless group policy settings.

Better group policy application over wireless scenarios. In previous Windows versions, many group policy settings would not apply over wireless connections.

As discussed previously, when no preferred networks are found, Vista creates a random SSID wireless network on the client (as before), but the client will be placed in passive listening mode and does not broadcast its new random SSID. Inbound connections are not allowed.

WPA2-Enterprise connections can be integrated with 802.1X Network Access Protection services.

Default security protocol for 802.1X wireless connections is PEAPMSCHAPv2. Prior Windows versions used weaker EAP-TLS.

Enhanced EAP architecture (called EAPHost) allows additional EAP types to be added more easily, allows network discovery, and will allow multiple EAP methods and vendors to co-exist without overwriting the other.

Command-line interface for wireless configuration (i.e., Netsh wlan).

Improved wireless diagnostics tools, APIs, and event logging.

If you want more information on Vista's new wireless security improvements, visit http://www.microsoft.com/technet/network/evaluate/new_network.mspx.

Other

Securing Wireless Networks in Windows Vista

Using Group Policy in Windows Vista

Updated Group Policy Features in Windows Vista

New or Updated Group Policy Settings in Windows Vista

Windows Vista Security Guide

Managing Group Policy in a Mixed Environment

Rollout Strategy in Group Policy of Windows Vista

Thinking about Security

The Three-Step Approach to Security

Building the WinPE Image

Securing Your Silverlight Application

Top 10

- SharePoint 2010 : The Search User Interface - The Search Center

- SharePoint 2010 : The Search User Interface - The Query Box

- SQL Server 2008 R2 : Database Maintenance - Executing a Maintenance Plan

- SQL Server 2008 R2 : Database Maintenance - Managing Maintenance Plans Without the Wizard

- Game Programming with DirectX : 3D Models - OBJ Models (part 3) - Preparing OBJ Files for Direct3D

- Game Programming with DirectX : 3D Models - OBJ Models (part 2) - Loading OBJ Files

- Game Programming with DirectX : 3D Models - OBJ Models (part 1) - Understanding the OBJ Model Format

- Game Programming with DirectX : 3D Models - Token Stream

- Game Programming with DirectX : 3D Models - Files in C++

- A Look At Truecrypt The Open Source Security Tool

Most View

- Programming .NET Components : Marshaling-by-Reference Activation Modes (part 1) - Server-Activated Single Call

- The SQL Programming Language : Complex Queries and Join Queries (part 3)

- SQL Server 2008 : Explaining Advanced Query Techniques - Controlling Execution Plans (part 1)

- How To Buy…SSD Drives (Part 2)

- Enermax Ostrog - A Solid Effort

- Scheduling Maintenance Tasks in Vista

- Microsoft Dynamics Sure Step 2010 : A repeatable process for the sales teams (part 2)

- Windows Phone 7 Development : Handling Multiple Concurrent Requests with Rx.NET

- Dell XPS15 - One Of The Best Thin Laptops

- Programming the Mobile Web : WebKit CSS Extensions (part 4) - Animations

- The Hello-World Midlet

- Asus Zenbook Prime Touch - Can It Still Win Our Hearts?

- Implementing Security in Windows 7 : Set Up Parental Controls

- Ten Popular Open Source Media Players

- Allowing Your Imagination To Flourish

- Top 10 Geek Accessories – Jan 2013

- Create A Logo With Inkpad On The Ipad (Part 2)

- AMD Radeon HD 7870 - Game-Breaking Power

- The Cat You Have To Have (Part 1)

- Windows 7 : Managing Your Schedule - Sharing Calendars