Encrypting Wireless Transmissions

Encrypting Wireless Transmissions
After getting these configuration steps out of the way, you're ready to tackle the most controversial security feature on a wireless network—turning on Wired Equivalent Privacy (WEP). In the original 802.11b standard, WEP was defined as an optional standard intended to make wireless networks as secure as wired networks. It works by encrypting data transmissions between the mobile clients (a notebook computer with a wireless LAN adapter, for instance) and the access point. Most hardware that uses WEP employs a single shared key that is used by all parts of the network. A flaw in the standard allows this key to be easily sniffed out by remote attackers, making off-the-shelf implementations of WEP insecure.

On many wireless products sold for use on home networks, WEP encryption is optional. On others (including the Agere Systems Orinoco line), it's enabled by default, with the affordable Silver series using relatively weak 40-bit encryption (with a key made up of five 8-bit characters) and the more expensive Gold series using 104-bit encryption (using a 13-character key). If you use 802.11b hardware, we recommend that you enable WEP as a first line of security and upgrade its protection level to 104 bits. Because of the documented flaws in WEP, some security experts recommend disabling it altogether. We think that advice is short-sighted. Although WEP doesn't provide absolute protection against a determined attacker and must be supplemented with other security techniques, enabling this option can go a long way toward stopping amateur hackers and locking out nosy neighbors. In addition, some hardware vendors have addressed some of the security flaws in the original WEP standard. You may need to update the firmware in your access point and wireless LAN adapters to incorporate these improvements.

NOTE
--------------------------------------------------------------------------------

Why does WEP use odd key sizes of 40 and 104 bits? The actual key sent for authentication includes a 24-bit initialization vector combined with the shared key. The result is a key that consists of either 64 bits (40+24) or 128 bits (104+24).
To enable WEP on your access point, you must use the hardware configuration utility—Windows does not include any tools for configuring access points. If your hardware includes an option to upgrade from 40-bit to 104-bit encryption, take advantage of it. Write down the shared key and carefully note other settings on your access point.

After enabling WEP on a computer running Windows 2000, you must use the client software to supply the shared key. If you use Windows XP, the operating system handles this task without requiring any extra software and should prompt you for this key the first time you connect to a WEP-enabled network. To enter the key manually, follow these steps (note that we assume you have only one access point on a small network):

Open the Network Connections folder, right-click the icon for the wireless adapter, and choose Properties. If automatic discovery is on, the network name for your access point should appear in the Available Networks list and in the Preferred Networks list.

Select the entry in the Preferred Networks list and choose Properties. If you've disabled automatic discovery on your access point, click the Add button.
In the Wireless Network Properties dialog box, shown in Figure 16-3, adjust the settings as shown here.

Figure 16-3. To increase security on your wireless network, adjust the settings as shown here. Do this after configuring your access point.
If necessary, fill in the Network Name (SSID) box. This field is automatically filled in and unavailable for selection if automatic discovery is enabled on the access point.
Select Data Encryption (WEP Enabled). This setting encrypts data transmissions on the network.
Select Network Authentication (Shared Mode). This setting requires the correct key before authenticating a computer.
Choose the Key Length (40 or 104 bits) and Key Format (ASCII or Hexidecimal) to match the settings from your access point.
Fill in the Network Key field using the same key you set on the access point.
Clear the check box for The Key Is Selected For Me Automatically. This setting is used when the key is stored in memory on the wireless adapter.
Click OK to close the dialog box and save your settings.
Because of the documented weaknesses in WEP encryption, security experts recommend that you change the WEP keys at regular intervals, at least once a month. Although this process is tedious, it's a necessary precaution on any wireless network that is not compatible with the 802.11i authentication standard.

TIP
--------------------------------------------------------------------------------

Try this low-tech security solution

The power switch on your wireless access point is an amazingly effective security device. If most of your network consists of wired computers, and you use wireless features only occasionally, you can reduce the risk of outside intrusions by turning off the access point when you don't need to use it. On a business network that operates only during the day, consider putting the access point on a timer that automatically shuts down shortly after closing time and starts again in the morning. This low-tech solution is excellent insurance against would-be intruders who might be tempted to try to break in at night, when you're not likely to notice the unwanted traffic.