Securing 802.1X Authentication Settings

by Eric Geier [Published on 27 Jan. 2011 / Last Updated on 4 Dec. 2009]

Though 802.1X can provide secure authentication for wireless and wired networks, it is prone to man-in-the-middle attacks. For example, a hacker could pose as an authentication server, trying to divulge a user’s login credentials and/or access to their device. However, there are a few settings you can configure to reduce these types of attacks.

These settings are located on the main 802.1X settings of Windows, accessible when configuring a wireless network profile or wired network connection:

  • Validate server certificate: Mark this checkbox and select the Certificate Authority that the server’s certificate uses from the list box so it could authenticate the server before letting the server authenticate it.
  • Connect to these servers: Mark this checkbox and enter the domain(s) listed on the certificate so it will only communicate with servers with this domain on the certificate.
  • Do not prompt user to authorize new servers or trusted certification authorities: Mark this checkbox to automatically reject unknown servers.

Featured Links