Choosing which way to secure WLANs (IAS, WPA and certs or passwd)

I have been looking into setting up a wireless LAN and I am debating between
using certificates or not. I read the documents on Securing Wireless using
certs and Securing using PEAP and passwords. The one using PEAP and passwords
seems to be less complicated but I wondering how much less secure it is.

Lets say I set up the following: RADIUS server (IAS), Microsoft root CA
(Windows 2003), Wireless Access Points (Proxim), Windows XP clients, WPA
encryption, settings using group policy. Also, in IAS, I create a group with
the users and computers that can use wireless.

How will the computer authentication work? What does it check for exactly?
At what point does it get an IP address? What is the risk of being hacked
compared to installing certificates on the client PC's?

Health

certificates are a lot more secure than password strings. The use of
certificates demands a PKI infrastructure whether this be an internal MS
windows CA or a third party CA (i.e. Thwart, Veri-Sign, etc).

The idea behind certificates is that client A trusts client B certificate
and vice versa, so in your case computer certificates would be deployed
across the LAN for the clients and servers, when the client boots and
attempts to connect to the WLAN the request for the computer account to be
authenticated to the LAN is passed via IAS, as long as the computer account
is a member of the allowed group and the computer certificate is valid then
the computer would be allowed to authenticated and logon to the wireless
LAN, after this the client would then receive the Ctrl + Alt + Del screen
allowing the "user" to enter logon credentials to login to the PC and access
resources that they have been granted permissions to.

"Heath" <(E-Mail Removed)> wrote in message
news:ECB91673-D85F-42BB-A7A9-(E-Mail Removed)...
>I have been looking into setting up a wireless LAN and I am debating
>between
> using certificates or not. I read the documents on Securing Wireless using
> certs and Securing using PEAP and passwords. The one using PEAP and
> passwords
> seems to be less complicated but I wondering how much less secure it is.
>
> Lets say I set up the following: RADIUS server (IAS), Microsoft root CA
> (Windows 2003), Wireless Access Points (Proxim), Windows XP clients, WPA
> encryption, settings using group policy. Also, in IAS, I create a group
> with
> the users and computers that can use wireless.
>
> How will the computer authentication work? What does it check for exactly?
> At what point does it get an IP address? What is the risk of being hacked
> compared to installing certificates on the client PC's?

Agree. That is what we are using.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Pieman" <bullens_at_no_spam_nifcoeu.com> wrote in message news:(E-Mail Removed)...
Health

certificates are a lot more secure than password strings. The use of
certificates demands a PKI infrastructure whether this be an internal MS
windows CA or a third party CA (i.e. Thwart, Veri-Sign, etc).

The idea behind certificates is that client A trusts client B certificate
and vice versa, so in your case computer certificates would be deployed
across the LAN for the clients and servers, when the client boots and
attempts to connect to the WLAN the request for the computer account to be
authenticated to the LAN is passed via IAS, as long as the computer account
is a member of the allowed group and the computer certificate is valid then
the computer would be allowed to authenticated and logon to the wireless
LAN, after this the client would then receive the Ctrl + Alt + Del screen
allowing the "user" to enter logon credentials to login to the PC and access
resources that they have been granted permissions to.

"Heath" <(E-Mail Removed)> wrote in message
news:ECB91673-D85F-42BB-A7A9-(E-Mail Removed)...
>I have been looking into setting up a wireless LAN and I am debating
>between
> using certificates or not. I read the documents on Securing Wireless using
> certs and Securing using PEAP and passwords. The one using PEAP and
> passwords
> seems to be less complicated but I wondering how much less secure it is.
>
> Lets say I set up the following: RADIUS server (IAS), Microsoft root CA
> (Windows 2003), Wireless Access Points (Proxim), Windows XP clients, WPA
> encryption, settings using group policy. Also, in IAS, I create a group
> with
> the users and computers that can use wireless.
>
> How will the computer authentication work? What does it check for exactly?
> At what point does it get an IP address? What is the risk of being hacked
> compared to installing certificates on the client PC's?