Problem You want to protect your wireless network using encryption. Solution There are two encryption standards you can use to protect your network: Wireless Equivalent Protocol (WEP) and WiFi Protected Access (WPA). The WEP protocol is older and less secure than WPA, but not all hardware supports it. Older hardware doesn't support it, and much, though not all, newer hardware supports WPA. The rest of this recipe shows you how to set up both types of encryption, using a Linksys router. How you do it will vary from manufacturer to manufacturer, and even from model to model from the same manufacturer. It will also vary depending on your wireless adapter, but will generally follow these steps. Setting up WEP encryption Go to the Setup screen of your router. For a Linksys router, open a browser, type http://192.168.1.1 in the address bar, and press Enter. A login screen appears. Leave the username field blank; in the Password field, type admin and press Enter. If you've changed the user name and password, use those instead. Click Wireless, and then Wireless Security. Select Enable next to Wireless Security. Select WEP from the Security Mode drop-down list. In the Default Key section, choose any key from one through four. (It doesn't matter which you choose.) Next, select the wireless encryption level you want to use. From the Wireless Encryption Level drop-down box, choose either 64 bits 10 hex digits or 128 bits 26 hex digits. Using 128-bit encryption is more secure but will slow down your wireless network slightly more than does 64-bit encryption. If you chose 64-bit encryption, type in a phrase in the Passphrase box, shown in Figure 14-8, and click Generate. That will generate the WEP key that you'll use on your router, and each PC on the network. Four keys will be created in the WEP Key boxes. You'll only use one of these keys at a time, but you generate four of them because you can manually switch between them at regular intervals, for added security. You don't have to generate your keys this way you can create them yourself and type them in manually, but chances are the ones you write will be far easier to crack than keys randomly generated by the router's software. Figure 14-8. Enabling 64-bit WEP encryption 
If you instead selected 128-bit encryption, you'll be sent to a new screen. In the Passphrase box, type in a phrase and click Generate. This will generate a 128-bit encryption key. Whether you created a 64-bit key, or a 128-bit key, copy down the key (or keys, in the case of 64-bit) on a piece of paper. You'll use this key for each PC that is going to access the network.  | Not all adapters and routers handle alphanumeric keys well. If you run into a problem, use the Hex digits instead. |
|
Click Save Settings. That applies the key to your network. Now only PCs that use WEP encryption and the key you just generated will be able to get onto your network. Now you have to configure each wireless computer on your network to use WEP and the key you just generated. On each PC, click the wireless connection icon in the Notification Area, click Properties, click the Wireless Network tab, highlight your network, click Properties, and then click the Association tab. In the Network Authentication drop-down box, select Shared. In the data encryption dialog box, choose WEP. When you do that, the "The key is provided for me automatically" box is checked. Uncheck this box.  | If you can't get WEP to work, it may be due to problems with Network Authentication. Experiment with using Open and Shared on each PC. You choose this from the Network Authentication drop-down box. |
|
Enter your WEP key in the Network key box, and type it again in the Confirm network key box. From the Key Index, choose the key number that you are using. Figure 14-9 shows the tab filled out. Click OK, then OK again. The PC can now connect to your network using WEP encryption. Figure 14-9. Using 64-bit WEP encryption 
For added security, on a regular basis, go into each PC, and change the key number and associated network key. You shouldn't need to change the number on your router, because it will recognize all of the keys you generated. If you use 128-bit encryption, you'll only have one key to use.
Setting up WPA encryption Install the WPA software. WPA is available in SP2, but not earlier versions of XP. If you don't have SP2, download it by visiting http://windowsupdate.microsoft.com. Update your router's and network cards' firmware. Your hardware may not take advantage of WPA. Check with the relevant manufacturers and see if a firmware update will do the job. If so, download and install the firmware. Remember: you'll have to upgrade your router and wireless networking adapters, not just a few components. Also download the latest driver for your network adapters. Go to the Setup screen of your router. For a Linksys router, open a browser, type http://192.168.1.1 in the address bar, and press Enter. A login screen appears. Leave the User name field blank; in the Password field, type admin and press Enter. If you've changed the user name and password, use those instead. Click Wireless, and then Wireless Security. Select Enable next to Wireless Security. Select WPA Pre-Shared Key from the Security Mode drop-down list. In the WPA Algorithms drop-down list, choose TKIP, which is the approved, certified algorithm for WPA. Some products support Advanced Encryption System (AES), but that hasn't been certified for interoperability among different vendors' hardware. In the WPA Shared Key box, type in a key between eight and 63 characters in length. The longer it is, and the more random the characters, the more secure it will be. Write down the key. You'll need to use this on each wireless PC on your network. Leave the Group Key Renewal row at 3600. Figure 14-10 shows the screen properly filled in. Click Save Settings. That applies the key to your network. Now only PCs that use WPA encryption and the key you just generated will be able to get onto your network. Figure 14-10. Using WPA encryption 
Now you have to configure each wireless computer on your network to use WEP and the key you just generated. On each PC, click the wireless connection icon in the Notification Area, click Properties, click the Wireless Network tab, highlight your network, click Properties, and then click the Association tab. In the Network Authentication drop-down box, select WPA-PSK. In the data encryption dialog box, choose TKIP. When you do that, the The key is provided for me automatically box is checked. Uncheck this box. Enter your WPA key in the Network key box, and type it again in the Confirm network key box. Click OK, then OK again. The PC can now connect to your network using WPA encryption.
Discussion WEP has gotten a bad name among security experts because it isn't as secure as WPA, but for most home networks, it's perfectly suitable. As a general rule, home networks are not targeted by serious, dedicated intruders, and so WEP is perfectly suitable for keeping out passersby. Using 128-bit encryption will make it even more secure. However, for the most security, use WPA, even in home networks. Business networks, however, should use WPA encryption, at a minimum, if their hardware is capable of handling it. For even more safety, they should use private key methods such as those provided in Windows servers or third-party products. It's a good idea to regularly change your key, because if someone monitors your network and captures network packets for long enough, they may be able to crack your encryption. So if you regularly change your key, it will be much harder for them to crack the encryption because they'll have less time and data for doing so. You may come across some confusing and apparently misleading information when choosing WEP encryption. Some hardware manufacturers give you the choice of 40-bit or 104-bit encryption, rather than 64-bit and 128-bit encryption. In fact, 40-bit WEP encryption and 64-bit WEP encryption are two terms for the same thing, and 104-bit and 128-bit WEP encryption are similarly terms for the same thing. WEP uses a 24-bit "initialization vector," which means you don't control that part of the key. So some manufacturers refer to the standard as 40 bit or 104 bit, and others call it 64 bit or 128 bit. See Also For more detailed instructions on using WPA on your network, see the PC Magazine article "WirelessSecurity: WPA Step by Step" at www.pcmag.com/print_article/0,3048,a=107756,00.asp. MS KB 815485. |
