Wireless Security - How To Do It - Written by Drew - Sept 2007

A wireless network can create problems if you don't secure it. Wireless networks are a great way to share files, printers, and your Internet connection to any computer in your home. You can communicate with friends, read the news, and surf the Web anywhere you can receive a wireless network signal. Manufacturers disable security options to make routers easy to install. But if your network is unprotected, you're begging to be hacked. Your neighbors may use your broadband. By setting up security features on your wireless network, you can make it very difficult for uninvited guests to connect. You can protect your wireless network by using the same method banks use to protect your password when you log on to their Web sites: encryption. Encryption scrambles data on your wireless network so that only computers that have the encryption key can read your communications. It's one thing to let a neighbor borrow your lawn mower, but you should think twice about allowing anyone to access your home network. There are several good reasons for this. People who can connect to your wireless network might be able to:

• Slow down your Internet performance

  View files on your computers and spread dangerous software

  Monitor the Web sites you visit

  read your e-mail and instant messages as they travel across the network

  copy your usernames and passwords

  Send spam or perform illegal activities with your Internet connection

Wireless networks don't stop at the walls of your home. In fact, wireless networks often extend more than 300 feet from your wireless router. If you live in an apartment, dorm, or condominium, you may have dozens of neighbors who can access your wireless network. You'll need to change your router's configuration to lock it down. Each router is a little different. First, make sure your computer is connected directly to the router with an Ethernet cable. This provides the most stable connection, for making changes. Next, you'll need to find the router's IP address. It will be something similar to 192.168.0.1. Linksys uses by default: 192.168.1.1 Check your manual under configuration settings.

When you find the address, open your Internet browser. Enter the IP number in the address bar. You'll be asked for a user name and password. They're in the manual, too. When you get to the router's settings, you can enable security. Encrypting your wireless signal is critical. Use WPA2 (Wi-Fi Protected Access), if available. This could be listed as WPA-PSK (pre-shared key). If you use WPA-PSK to encrypt your network, set a long passphrase of at least 20 random characters. Don't make it something that's easily guessed, like a line from a movie. Characters can be letters, numbers or symbols. The password will be used to create the encryption key. Your router may only support WPA, the forerunner to WPA2. If so, your password should be at least 21 characters. Many older routers use WEP (Wired Equivalent Privacy). WEP is unacceptable; it is easily broken. If your router uses WEP, go to the maker's site. Try to upgrade it. If no upgrade is available, replace the router. Your computers must support the same protocol as the router. You may need new network adapters if they don't.

Now you'll need to set up the computers so they can access the network. Click Start>>Control Panel. Double-click Network Connections. Right-click Wireless Network Connection and select Properties. You should see your network listed under "Preferred networks" on the Wireless Networks tab. Select it and click Properties. If you don't see your network, click Add. Enter your network's name under "Network name (SSID)." Under Network Authentication, select the WPA option. Under "Data encryption," AES indicates WPA2. TKIP goes with WPA. Enter your password under "Network key." Enter it again to confirm it. Deselect "The key is provided for me automatically." Click OK>>OK. You're good to go!

You have several choices for wireless encryption:

• 64-bit WEP (Wired Equivalent Protection). The original wireless encryption standard, it is now outdated. The main problem with it is that it can be easily "cracked." Cracking a wireless network means defeating the encryption so that you can establish a connection without being invited. Change your encryption key once a month. If someone manages to learn your key, they will be locked out again when you change it. Don't connect to unprotected wireless networks—it's possible for someone to monitor your Internet usage and even record your passwords.

• 128-bit WEP. An updated, more secure version of the original WEP. However, skilled attackers can still crack 128-bit WEP in a few hours or less, giving them access to your network.

• WPA-PSK (also known as WPA-Personal). A more secure alternative to WEP, but because it is newer, it is not as widely supported. Microsoft Windows XP with Service Pack 2 supports WPA, so this type of encryption is the best choice if you plan to connect only Windows XP computers to your wireless network. However, if you have wireless devices that don't support WPA, such as media extenders or wireless cameras, you'll have to use WEP on your network instead. You might also see the security method called "WPA-Enterprise." As the name suggests, this method of network encryption is designed for business use. Setup for WPA-Enterprise is more complex than for other types of encryption, and it requires special network infrastructure.

• WPA2. The newest type of wireless encryption, WPA2 provides the highest level of encryption available. WPA2 encryption should be your first choice if your wireless router and all of your wireless computers and devices support it.

Any encryption can be cracked. An individual with knowledge of computers and networking, and who is willing to spend a few hours researching free "hacking" tools, can crack encryption in a few hours (or less). However, most users who want to connect without authorization lack the expertise to crack 64-bit or 128-bit WEP. In a crowded neighborhood with numerous unprotected networks, anyone looking for a free connection will likely choose the unprotected network rather than spend the time to crack your WEP encryption. Therefore, WEP encryption offers better protection than not having encryption enabled at all.

An expert user can also crack WPA-PSK encryption if you use a short passphrase (like a password, only containing a sequence of words.) However, a longer passphrase provides excellent protection. Currently there are no freely available tools to crack WPA2 encryption. So if you enable WPA encryption on your network, you can rest easy knowing that your wireless network is as secure as it can be. Over time, new cracking tools will be developed that could increase the vulnerability of WPA and WPA2. So, it's important to stay up to date with the latest encryption technologies.