| < Day Day Up > |
|
WiFi Protected Access (WPA) is designed to provide wireless users with an encryption mechanism that is not susceptible to the vulnerabilities of Wired Equivalent Privacy (WEP). Most 802.11g access points either ship with the option to use WPA or a firmware upgrade can be downloaded from the access point manufacturer.
Before enabling WPA, you should ensure that your wireless card has WPA drivers. As with access points, you often need to update the card’s drivers, firmware, or both in order to take advantage of WPA. This section details how to set up WPA encryption on two access points: the D-Link DI-624 and the Linksys WRV54G. You will also learn how to configure your wireless client to use WPA.
The D-Link DI-624 ships with WPA capability. This means that no firmware upgrade is necessary and you can start using WPA as soon as the DI-624 comes
out of the box. First, you need to log into the DI-624 from a wired connection. Then, point your browser to 192.168.0.1 and supply the username admin with a blank password when prompted. This opens the initial configuration screen, as seen in Figure 11.1.
Figure 11.1: The DI-624 Initial Configuration Screen
Next, click the Wireless button on the left to open the wireless configuration options window, as shown in Figure 11.2.
Figure 11.2: The Wireless Configuration Options Window
WPA-PSK utilizes a 256-bit pre-shared key or a passphrase that can vary in length from 8 to 63 bytes. Short passphrase-based keys (less than 20 bytes) are vulnerable to the offline dictionary attack. The pre-shared key that is used to set up the WPA encryption can be captured during the initial communication between the access point and the client card. Once an attacker has captured the pre-shared key, he can use that to essentially “guess” the WPA key using the same concepts used in any password dictionary attack. In theory, this type of dictionary attack takes less time and effort than attacking WEP. Choosing a passphrase that is more than 20 bytes mitigates this vulnerability.
Next, choose either the WPA or WPA-PSK Authentication options. The WPA option requires a RADIUS server, whereas WPA-PSK (Pre Shared Key) sets a passphrase that must also be entered in the client WPA configuration settings. See Figures 11.3 and 11.4.
Figure 11.3: The WPA Configuration Screen
Figure 11.4: The WPA-PSK Configuration Screen
Enter either your RADIUS server information and Shared Secret for WPA or a strong passphrase that is more than 20 bytes long, and then click Apply to save your settings and enable WPA.
The Linksys WRV54G VPN-Broadband Router may require a firmware upgrade to allow WPA capability. Firmware version 2.10 or later is required for WPA functionality on the WRV54G. To enable WPA, you need to log in to the WRV54G, as shown in Figure 11.5. Point your browser to the IP address of the WRV54G. By default, this is 192.168.1.1. There is no username required and the default password is admin.
Figure 11.5: The Linksys WRV54G Initial Configuration Screen
Next, click the Wireless tab to display the Wireless Network Settings, as seen in Figure 11.6.
Figure 11.6: The Wireless Networks Settings Screen
Then, choose the Wireless Security option to display the Wireless Security settings, as seen in Figure 11.7.
Figure 11.7: The Wireless Security Settings
The Security Mode drop-down box displays the four modes of security available on the WRV54G:
WPA Pre-Shared Key
WPA Radius
RADIUS
WEP
WPA RADIUS requires a RADIUS server, as shown in Figure 11.8. WPA Pre-Shared Key (Figure 11.9) allows you to enter a strong pre-shared key. All wireless clients must also be configured to use the WPA pre-shared key in order to authenticate to the wireless network.
Figure 11.8: The WPA RADIUS Settings
Figure 11.9: The WPA Pre-Shared Key Settings
Finally, enter the RADIUS server IP address and shared secret, or the pre-shared key and choose Save Settings to enable WPA support.
In order to take advantage of WPA, you must configure your wireless client. To allow Windows XP to work with WPA you must first install the Microsoft Update for Microsoft Windows XP (KB826942). This patch enables WPA compatibility in Windows XP. After installing KB826942, double-click the Wireless Network Connection icon on the toolbar. This opens the Wireless Network Connection Properties window, as seen in Figure 11.10. If you have a profile for your access point already set up, select it and click Properties. Otherwise, select Add under the Preferred Networks. The connection properties window will open.
Figure 11.10: The Connection Properties Window
Next, enter the SSID for your access point in the Network Name textbox, as shown in Figure 11.11. Then, choose the type of encryption you configured your access point to use—WPA or WPA-PSK—and then the encryption standard: WEP, Temporal Key Integrity Protocol (TKIP), or Advanced Encryption Standard (AES). Finally, input the pre-shared key configured on your access point into the Network key and Confirm network key textboxes.
Figure 11.11: WPA Client Settings
Your client setup is now complete and you can utilize your wireless network with WPA security.
| < Day Day Up > |
|