Secure Your Home Wireless Network: Part V
Here's the fifth segment of Chapter 2 of Home Network Security Simplified -- an easy-to-follow explanation of how to make sure that your home network is secure -- why it's
February 21, 2007
Here are Part I, Part II, Part III, and Part IV.
WPA Encryption Example
To compare enabling WEP encryption to how WPA encryption is enabled, let's take an example of WPA (this time, we pick 8F37ahr43K as our example pre-shared key). Enabling WPA encryption is a lot like enabling WEP encryption, except you must make one additional decision: You must decide how long an encryption key will be allowed to be used before a new key is assigned. The lower the value, the less time a hacker has to try to "crack" the key. For example if you set the value to 1800 seconds (which is 30 minutes for you nonmath majors), a key is used for 30 minutes and then the wireless router and wireless NIC create a new key. If a hacker "cracks" the key within 30 minutes (which is pretty tough to do), the key will only be valuable for the remainder of the 30 minutes before it is switched to an entirely new key, and the hacker would have to start all over.
First, here's an example of setting up WPA on the wireless router:
On the Wireless Security subtab again (See Figure 20), select Pre-Shared Key on the line labeled Security Mode. (On some Linksys products, the selection is called WPA Pre-Shred Key).
Select either TKIP (For WPA1) or AES (for WPA2). If your wireless router and all wireless NICs support AES mode, select it because it is more secure. If any of them do not, select TKIP. You cannot configure some with TKIP and some with AES.
On the line labeled WPA Shared Key, enter the pre-shared key you made up (in our example, 8F37ahr43K).
On the line labeled Group Key Renewal, enter the number of seconds that you want the key to be used before changing it (See Figure 20). We chose 1800 (which is 30 minutes) for this example.
Click Save Settings.
Figure 20. Enabling WPA Encryption on the Wireless Router
Very Important: So how long should you set the key renewal period for? There is no great answer, although if you have the value set too low (1 to 2 minutes, for example) it could cause connectivity issues for some NICs. We recommend following manufacturer recommendations (or defaults).
With WPA, we also then need to tell the super-secret password to each of the devices with wireless cards so that they know how to decode the conversations with the wireless router. Here is an example for a Linksys WPC54GS Wireless-G PCMCIA laptop NIC:
Launch the WLAN Monitor Utility, similar to the example earlier where we enabled WEP on a USB-connected wireless NIC.
For the Encryption Method, choose Pre-Shred Key (See Figure 21). (On some Linksys products it is called WPA Pre-Shared Key). Click Next.
On the line labeled Encryption, select TKIP (for WPA1) or AES (for WPA2). On the line labeled Passphrase, enter the key phrase you made up (See Figure 22). In our example, we chose 8F37ahr43K. Click Next.
Figure 21. Choose WPA Pre-Shared Keyr
Figure 22. Enter the WPA PassphraseIn the confirmation window that appears, double-check that Encryption is set to Pre-Shared Key, and then click Save (See Figure 23).
Figure 23. Conform New WPA SettingsClick the Link Information tab. If you entered everything correctly, the Signal Strength and Link Quality should reappear as green bars (See Figure 24).
If not, you probably entered something incorrectly.
Figure 24. You are Successfully Connected!
Continue setting up each NIC with the super-secret password, each time checking to see whether the connection is reestablished to the wireless router.
Troubleshooting Tips: Wireless Encryption
If any of the computers do not reestablish communication, items to check include the following:
Make sure the encryption method chosen on both the wireless router and all wireless NICs is the same.
Make sue the passphrase for WEP key generation (or WPA) is entered exactly the same on both the wireless router and all wireless NICs. The passphrase is case sensitive, which means that "p" is different than "P." Take care to make sue the entered phrase matches exactly, including lowercase and uppercase letters.
If all else fails, disable encryption on both the wireless router and all wireless network adapters, reverify the connections without encryption turned on, and then start the encryption setup from scratch.
Read the Troubleshooting and Wireless Security chapters in the installation manuals that came with the Linksys wireless router and Linksys wireless NICs.
Disable Ad-Hoc Networking
As previously mentioned, we recommend for security reasons that you operate your wireless home network in infrastructure mode, meaning a wireless router provides the central point of the network and all wireless computers communicate only with the central point, not to each other directly (which is called ad hoc). This is a relatively low security risk, but there is a small possibility that those sitting next to us in an airport or other public location can try to make an ad-hoc connection directly between their laptop and ours.
Because we only ever plan to use our laptop computers connected to a wireless router in infrastructure mode, we should disable ad-hoc networking mode so that it is not possible for another laptop computer to attempt to make a connection directly to our laptop.
Using the Linksys NIC management utilities (such as WLAN Monitor), we do this by selecting infrastructure mode. When using Windows XP, the operating system manages most wireless NICs for us, and an additional step is required.
If your laptop or NIC does not support doing so, do not worry about it too much; if it is supported, however, why not take advantage of it? Here is how to disable ad-hoc wireless networking in Windows XP for a built-in wireless NIC:
Bring up the properties of the wireless NIC.Click the Wireless Networks tab (See Figure 25).In the Preferred Networks section, click the Advanced button.
Figure 25. Wireless Networks TabSelect Access point (infrastructure) networks only (See Figure 26).
Figure 26. Do Not Allow Ad-Hoc ConnectionsClick Close.<="" li="">
Now, if we encounter another compute with a wireless NIC that attempts to set up an ad-hoc connection, our wireless NIC will not respond to the attempt, keeping our wireless network (and laptop) secure.
Next: Prevent unintentional Roaming and a Wireless Security ChecklistAbout the Authors
Jim Doherty is the director of marketing and programs with Symbol Technologies' industry solutions group. Before Symbol, Jim worked at Cisco Systems, where he led various marketing campaigns for IP telephony and routing switching solutions. Jim holds a B.S. degree in electrical engineering from N.C. State University and an M.B.A. from Duke University.
Neil Anderson is a senior manager in enterprise systems engineering at Cisco Systems and is currently responsible for large corporate customers in the areas of routing and switching, wireless, security, and IP communications. Neil holds a bachelor's degree in computer science.
To contact either author, please email: [email protected] and use Home Network Security Simplified/post question as the subject line.
Title: Home Network Security SimplifiedISBN: 1-58720-163-1 Authors: Jim Doherty, Neil AndersonChapter 2: Tip 2: Secure Your Wireless NetworkPublished by Cisco Press
Reproduced from the book Home Network Security Simplified. Copyright [2006], Cisco Systems, Inc. Reproduced by permission of Pearson Education, Inc., 800 East 96th Street, Indianapolis, IN 46240. Written permission from Pearson Education, Inc. is required for all other uses.*Visit Cisco Press for a detailed description and to learn how to purchase this title.
Another article by the same authors: Voice over IP--The Basics
You May Also Like