Network Systems DesignLine | Securing a wireless network--The basics--Part V

Get the latest news, products and how-to information on network systems. Sign up for the Network Systems DesignLine newsletter, a weekly e-mail guide dedicated to the needs of engineers developing networking equipment and components. Here is our RSS feed.








 
 HOW-TO

Securing a wireless network--The basics--Part V

Here's the fifth segment of Chapter 2 of Home Network Security Simplified--an easy-to-follow explanation of how to make sure that your home network is secure--why it's important, and amazingly, how few of us actually do it. Part IV offers a step-by-step WPA encryption example, how to disable ad-hoc networking, and a wireless security checklist
By Jim Doherty, Neil Anderson Print This Story Send As Email Discuss This Story Reprints

Page 1 of 2

Network Systems Designline
(02/21/2007 0:01 AM EST)

Rate this article
WORSE | BETTER
1 2 3 4 5
Here are Part I, Part II, Part III, and Part IV.

WPA Encryption Example
To compare enabling WEP encryption to how WPA encryption is enabled, let's take an example of WPA (this time, we pick 8F37ahr43K as our example pre-shared key). Enabling WPA encryption is a lot like enabling WEP encryption, except you must make one additional decision: You must decide how long an encryption key will be allowed to be used before a new key is assigned. The lower the value, the less time a hacker has to try to "crack" the key. For example if you set the value to 1800 seconds (which is 30 minutes for you nonmath majors), a key is used for 30 minutes and then the wireless router and wireless NIC create a new key. If a hacker "cracks" the key within 30 minutes (which is pretty tough to do), the key will only be valuable for the remainder of the 30 minutes before it is switched to an entirely new key, and the hacker would have to start all over.

First, here's an example of setting up WPA on the wireless router:

  1. On the Wireless Security subtab again (See Figure 20), select Pre-Shared Key on the line labeled Security Mode. (On some Linksys products, the selection is called WPA Pre-Shred Key).
  2. Select either TKIP (For WPA1) or AES (for WPA2). If your wireless router and all wireless NICs support AES mode, select it because it is more secure. If any of them do not, select TKIP. You cannot configure some with TKIP and some with AES.
  3. On the line labeled WPA Shared Key, enter the pre-shared key you made up (in our example, 8F37ahr43K).
  4. On the line labeled Group Key Renewal, enter the number of seconds that you want the key to be used before changing it (See Figure 20). We chose 1800 (which is 30 minutes) for this example.
  5. Click Save Settings.


Figure 20. Enabling WPA Encryption on the Wireless Router

Very Important: So how long should you set the key renewal period for? There is no great answer, although if you have the value set too low (1 to 2 minutes, for example) it could cause connectivity issues for some NICs. We recommend following manufacturer recommendations (or defaults).

With WPA, we also then need to tell the super-secret password to each of the devices with wireless cards so that they know how to decode the conversations with the wireless router. Here is an example for a Linksys WPC54GS Wireless-G PCMCIA laptop NIC:

  1. Launch the WLAN Monitor Utility, similar to the example earlier where we enabled WEP on a USB-connected wireless NIC.
  2. For the Encryption Method, choose Pre-Shred Key (See Figure 21). (On some Linksys products it is called WPA Pre-Shared Key). Click Next.
  3. On the line labeled Encryption, select TKIP (for WPA1) or AES (for WPA2). On the line labeled Passphrase, enter the key phrase you made up (See Figure 22). In our example, we chose 8F37ahr43K. Click Next.


    4. Figure 21. Choose WPA Pre-Shared Keyr


    Figure 22. Enter the WPA Passphrase

  4. In the confirmation window that appears, double-check that Encryption is set to Pre-Shared Key, and then click Save (See Figure 23).


    5. Figure 23. Conform New WPA Settings

  5. Click the Link Information tab. If you entered everything correctly, the Signal Strength and Link Quality should reappear as green bars (See Figure 24).

    If not, you probably entered something incorrectly.


Figure 24. You are Successfully Connected!

Continue setting up each NIC with the super-secret password, each time checking to see whether the connection is reestablished to the wireless router.

Troubleshooting Tips: Wireless Encryption
If any of the computers do not reestablish communication, items to check include the following:

  • Make sure the encryption method chosen on both the wireless router and all wireless NICs is the same.
  • Make sue the passphrase for WEP key generation (or WPA) is entered exactly the same on both the wireless router and all wireless NICs. The passphrase is case sensitive, which means that "p" is different than "P." Take care to make sue the entered phrase matches exactly, including lowercase and uppercase letters.
  • If all else fails, disable encryption on both the wireless router and all wireless network adapters, reverify the connections without encryption turned on, and then start the encryption setup from scratch.
  • Read the Troubleshooting and Wireless Security chapters in the installation manuals that came with the Linksys wireless router and Linksys wireless NICs.



Page 2: next page Print This Story Send As Email Discuss This Story Reprints

Page 1 | 2


 
eSearch  

 Top 5 Most Read
 How-To Stories
1. 2. 3. 4. 5.

 Top 5 Most Read
 News Stories
1. 2.

  • Introduction to Optical Transmission Systems

    		•
  • Optimizing Embedded Systems for Broadband 10 Gigabit Ethernet Connectivity

    		•
  • Interfacing a DS3231 with an 8051-Type Microcontroller

    		•
    The entire library >>  

    		 
     Top 5 Most Read
     Product Stories
    1. 2. 3.

     Sponsor

    EE Times TechCareers
    Search Jobs

    Enter Keyword(s):


    Function:


    State:
      

    Post Your Resume
    -----------------
    Employers Area
    Most Recent Posts
    GE Corporation seeking Lead Systems Analyst in Van Buren Township, MI

    Osram Sylvania seeking Sr Applications Engineer in Danvers, MA

    Accolo, Inc. seeking User Experience Engineer in Reston, VA

    Johnson Controls, Inc seeking Project Development Engineer in Pittsburg, PA

    WhiteHat Security seeking User Interface Engineer in Santa Clara, CA

    More career-related news, resources and job postings for technology professionals


     Tech Library
    ¤ Looking for the appropriate Industry Association? This comprehensive, up-to-date list will take you to the right Web site for the help you need.

    ¤ Got a question about a standard? Here are direct links to resources detailing the industry's most important communications standards.

    ¤ Freshen up on technology, new and old, with these links to interesting and informative tutorials.

    More from TechLibrary
    Welcome to our DesignLine network of web communities. On these sites, we provide practical how-to technical information for engineers and engineering managers involved in Automotive,audio, DSP, DTV, EDA, Industrial Control, Mobile Handset, Power Management, Programmable Logic,RF,Video, and Wireless networking design. Check out the sites and let us know your thoughts.
    		 



    HOME  |  ABOUT  |  FEEDBACK  |  CONTACT
    Career Center | CommsDesign.com | Embedded.com | EE Times | TechOnline
    Planet Analog | DeepChip | eeProductCenter | Electronic Supply & Manufacturing | Webinars


    All material on this site Copyright © 2006 CMP Media LLC. All rights reserved
    Privacy Statement | Your California Privacy Rights | Terms of Service