Configuring wireless network clients
Automatic wireless network configuration supports the IEEE 802.11 standard for wireless networks and minimizes the configuration that is required to access wireless networks. When you enable automatic wireless network configuration on your computer, you can roam across different wireless networks without the need to reconfigure the network connection settings on your computer for each location. As you move from one location to a new location, automatic wireless network configuration searches for available wireless networks and notifies you when there are new wireless networks available for you to connect to. After you select the wireless network that you want to connect to, automatic wireless network configuration updates your wireless network adapter to match the settings of that wireless network, and attempts to connect to that wireless network.
With automatic wireless network configuration, you can create a list of preferred wireless networks, and you can specify the order in which to attempt connections to these wireless networks.
Wireless network types
You can choose from the following wireless network types:
Access point (infrastructure)
In access point wireless networks, wireless stations (devices with radio network cards, such as your portable computer or personal digital assistant) connect to wireless access points. These access points function as bridges between wireless stations and the existing network distribution system (network backbone). As you move from one location to another, and the signal for one wireless access point weakens, or the access point becomes congested with traffic, you can connect to a new access point. For example, if you work in a large corporation, your wireless device can connect to several different access points as you move between different floors of a building or different buildings in a campus. As a result, you maintain uninterrupted access to network resources.
Computer-to-computer (ad hoc)
In computer-to-computer wireless networks, wireless stations connect to each other directly, rather than through wireless access points. For example, if you are in a meeting with co-workers, and you do not need to gain access to network resources, your wireless device can connect to the wireless devices of your co-workers, and you can form a temporary network.
Any available network (access point preferred)
In access point preferred wireless networks, a connection to an access point wireless network is always attempted first, if there are any available. If an access point network is not available, a connection to a computer-to-computer wireless network is attempted. For example, if you use your laptop at work in an access point wireless network, and then take your laptop home to use in your computer-to-computer home network, automatic wireless network configuration will change your wireless network settings as needed, so that you can connect to your home network.
Security options for 802.11 include authentication services and encryption services based on the Wired Equivalent Privacy (WEP) algorithm. WEP is a set of security services used to protect 802.11 networks from unauthorized access, such as eavesdropping (the capture of wireless network traffic). With automatic wireless network configuration, you can specify that a network key be used for authentication to the network. You can also specify that a network key be used to encrypt your data as it is transmitted over the network. When data encryption is enabled, secret shared encryption keys are generated and used by the source station and the destination station to alter frame bits, thus avoiding disclosure to eavesdroppers.
Open System and Shared Key authentication
802.11 supports two subtypes of network authentication services: Open System and Shared Key. Under Open System authentication, any wireless station can request authentication. The station that needs to authenticate with another wireless station sends an authentication management frame that contains the identity of the sending station. The receiving station then sends back a frame that indicates whether it recognizes the identity of the sending station. Under Shared Key authentication, each wireless station is assumed to have received a secret shared key over a secure channel that is independent from the 802.11 wireless network communications channel. To use Shared Key authentication, you must have a network key.
When you enable WEP, you can specify that a network key be used for encryption. A network key can be provided for you automatically (for example, it might be provided on your wireless network adapter), or you can specify the key by typing it yourself. If you specify the key yourself, you can also specify the key length (40 bits or 104 bits), key format (ASCII characters or hexadecimal digits), and key index (the location where a specific key is stored). The longer the key length, the more secure the key. Every time the length of a key is increased by one bit, the number of possible keys doubles.
Under 802.11, a wireless station can be configured with up to four keys (the key index values are 0, 1, 2, and 3). When an access point or a wireless station transmits an encrypted message using a key that is stored in a specific key index, the transmitted message indicates the key index that was used to encrypt the message body. The receiving access point or wireless station can then retrieve the key that is stored at the key index and use it to decode the encrypted message body.
For enhanced security, you can enable IEEE 802.1x authentication. IEEE 802.1x authentication provides authenticated access to 802.11 wireless networks and to wired Ethernet networks. IEEE 802.1x minimizes wireless network security risks, such as unauthorized access to network resources and eavesdropping, by providing user and computer identification, centralized authentication, and dynamic key management. IEEE 802.1x supports Internet Authentication Service (IAS), which implements the Remote Authentication Dial-In User Service (RADIUS) protocol. Under this implementation, a wireless access point that is configured as a RADIUS client sends a connection request and accounting messages to a central RADIUS server. The central RADIUS server processes the request and grants or rejects the connection request. If the request is granted, the client is authenticated, and unique keys (from which the WEP key is derived) can be generated for that session, depending on the authentication method chosen. The support that IEEE 802.1x provides for Extensible Authentication Protocol (EAP) security types allows you to use authentication methods such as smart cards, certificates, and the Message Digest 5 (MD5) algorithm.
With IEEE 802.1x authentication, you can specify whether the computer attempts authentication to the network if the computer requires access to network resources whether a user is logged on or not. For example, data center operators who manage remotely administered servers can specify that the servers should attempt authentication to access the network resources. You can also specify whether the computer attempts authentication to the network if user or computer information is not available. For example, Internet service providers (ISPs) can use this authentication option to allow users access to free Internet services, or to Internet services that can be purchased. A corporation can grant visitors with limited guest access, so that they can access the Internet, but not confidential network resources.