Network secure? Think again
- 15 February, 2006 10:45
Do your customers think their wireless networks are secure? Many of them better think again. The newest Wi-Fi security standard, called Wireless Protected Access 2, adds professional-grade encryption - but even though the standard has been around for more than a year, most people still aren't using it.
WPA2 security is definitely worth the modest amount of effort required to set it up.
The original WPA security standard can be cracked with relative ease unless you use a passphrase that is longer than 20 characters and is not merely composed of words that can be found in a dictionary (English or otherwise).
And while WPA's predecessor, Wired Equivalent Privacy, is still around, relying on it is only marginally safer than having no network protection at all. WEP can be cracked in seconds, no matter how complex a key you contrive for it. If your primary security concern is to prevent neighbors and passers-by from siphoning your network's bandwidth, WEP will suffice; if you're serious about keeping data private, however, you need WPA2.
Before you can add WPA2 protection to a network, you must download and install Microsoft's WPA2 hotfix for Windows XP. You may also need to install the latest drivers for wireless cards.
Microsoft's Windows Update page often lists these updates under its Hardware, Optional category; you can also check for updates on the card manufacturer's website.
Next, download and install the latest firmware update for the wireless router from its manufacturer's website. (The Wi-Fi Alliance maintains a list of products that support WPA2.) If the router has gotten too old to support an upgrade to WPA2 or even to the original WPA standard, replace it. With the equipment fully patched, log in to the router's administration page through your Web browser (check the manual for the exact steps), and change the security settings to WPA2 Personal: Choose TKIP+AES as the WPA algorithm to use, and enter a passphrase in the field labelled WPA Shared Key and in the passphrase confirmation field below it.
Your phrase can consist of any combination of letters and numbers, up to 63 characters in length. Save your changes, and the router setup is done.
The next time you log on the your newly WPA2-protected gateway, ther system will prompt you for the WPA Shared Key passphrase.
Type the WPA2 passphrase into the appropriate fields in the Wireless Network Connection dialogue box.
Automated Wi-Fi Security
Even though Windows 2000 and earlier versions don't support WPA2 network security, you can still have a secure wireless network under older Windows releases, with the help of the right tools.
McAfee's Wireless Home Network Security software can configure the Wi-Fi security settings for many different wireless gateways and for up to three networked PCs.
The company maintains a list of the devices that the program works with. Though the software can't handle WPA2 yet, it does address one of WPA's weaknesses: the protocol's use of a static key, which makes it easier to crack.
The program automatically generates, and then rotates through, new keys on any PC on the network, and on the gateway itself.
One way to check the security of a wireless network is with Marius Milner's Netstumbler utility. Not only can the program help you determine a network's vulnerability, but it can also reveal the sources of network interference and identify areas of weak signal strength. Netstumbler is free to use, but the author requests that you make a donation of $US50 (which he refers to as "beggarware") if you like it.
Deploying a wireless network can lead to security problems and a loss of service if the network is not properly secured. After chatting with the experts, here's are a few quick steps for resellers implementing wireless networks.
- Plan antenna placement
- Use Wireless Protected Access 2 (WPA2).
- Change the Service Set Identifier (SSID) and disable its broadcast
- Disable DHCP
- Dispose or modify SNMP settings
- Use access lists