Though 802.1X can provide secure authentication for wireless and wired networks, it is prone to man-in-the-middle attacks. For example, a hacker could pose as an authentication server, trying to divulge a user’s login credentials and/or access to their device. However, there are a few settings you can configure to reduce these types of attacks.
These settings are located on the main 802.1X settings of Windows, accessible when configuring a wireless network profile or wired network connection:
- Validate server certificate: Mark this checkbox and select the Certificate Authority that the server’s certificate uses from the list box so it could authenticate the server before letting the server authenticate it.
- Connect to these servers: Mark this checkbox and enter the domain(s) listed on the certificate so it will only communicate with servers with this domain on the certificate.
- Do not prompt user to authorize new servers or trusted certification authorities: Mark this checkbox to automatically reject unknown servers.