Odds are, your wireless network is not secure. Even if you've
enabled WEP (Wired Equivalency Protocol) encryption, the flaws in
that standard are well documented, and hackers can break WEP easily.
You need WPA (Wi-Fi Protected Access), a far stronger protocol that
fixes the weaknesses in WEP. For further discussion of WPA, see our
wireless security story.
Here we'll take you through the process of upgrading your
networking equipment and enabling WPA security for your home WLAN.
To upgrade your wireless security to WPA, you must have three
critical components:
an access point (AP) or wireless router that has WPA support;
a wireless network card that has WPA drivers available;
a client (called a supplicant) that supports WPA and your
operating system.
WPA replaces WEP in small-office or home routers, so moving to
WPA is an all-or-nothing proposition. For you to consider an
upgrade, every wireless device on your network must have WPA
capabilities. This includes any wireless bridges you might use for
your Microsoft Xbox (or other gaming device), digital camera, home
audio gateway, and print server.
If you haven't purchased wireless hardware already, buying
WPA-capable networking equipment is easy. The Wi-Fi Alliance began
certifying products for WPA interoperability in April. In addition,
all new products submitted for certification after August 2003 must
have WPA capability. Any product that passes Wi-Fi WPA compatibility
testing will have the Wi-Fi Protected Access box checked on its
package label ( Figure
1 ).
You can also visit the Wi-Fi Alliance's Web site and search for
WPA-certified products (www.wi-fi.org/OpenSection/certified_products.asp?TID=2).
If you already own wireless networking hardware, upgrading may
not be possible. You must check the Web sites of your hardware
makers for WPA upgrades. WPA is designed so that legacy wireless
hardware can be upgraded via drivers, but with the product cycles of
wireless gear being about six months, most manufacturers do not
provide WPA upgrades for legacy products. If you find WPA support,
it will probably be for relatively new products. If you don't find
driver upgrades for your hardware, you'll either have to buy new
equipment or live with WEP.
For this article, we selected the Linksys WRT54G broadband router
and the Linksys WPC54G client card. Both products are widely
available and have online driver and firmware upgrades for
WPA.
Update Your OS
The easiest part of the process is adding WPA support to your OS.
Microsoft provides a free WPA upgrade, but it works only with
Windows XP. If you are running an OS other than Win XP, you'll need
a third-party supplicant. The client software is available from
either Funk Software (http://www.funk.com/) or Meetinghouse Data
Communications (http://www.mtghouse.com/). For now, we'll assume
that you're running Win XP.
The WPA client is not available as an automatic Windows update.
You can find it in the Microsoft Knowledge Base Article 815485 (http://support.microsoft.com/default.aspx?scid=kb;en-us;815485).
Download the file into a new directory. Double-click on it to
install it. (The file is self-extracting and self-installing) Once
you've installed the update, reboot your machine. The software adds
additional dialog boxes to the Network Control Panel to support the
new authentication and encryption options of WPA. You can check to
be sure that the upgrade has been installed by opening the Control
Panel, double-clicking on Add or Remove Programs, and checking for
Windows XP Hotfix (SP2) Q815485 ( Figure
2 ).
Update the Firmware
Now you must download the upgrades for your router and network
cards. We recommend that you download everything before upgrading
anything. For the Linksys router, go to the company's Web site,
click on Support | Downloads, select the product (WRT54G), and click
on Downloads for this Product. When the page loads, click on
Firmware and you'll see the screen in Figure
3 .
From this page, you can choose to download the firmware file,
manually update your router, or use an automatic update program.
We'll use the automatic utility. If you need to download drivers for
your wireless adapter, follow the same procedure and enter the name
of your adapter (WPC54G), then download the file
Wpc54g_driver_utility_v1.21.zip to an empty directory, such as
C:\downloads\linksys. Click on the link to download the utility and
save the file on your computer. Once the download is complete, click
on Open. Now follow the steps in Figure
4 to complete the upgrade.
After your router reboots, log on to it. If possible, use a wired
connection to change the security settings, because if you change
the settings wirelessly, you won't be able to communicate with your
router until after you've configured your client.
Configure WPA Settings
Your router's home page will change as a result of the firmware
upgrade. To set up the WPA encryption for your router, click on the
Enable button and then Edit Security Settings ( Figure
5 ). The following page has your WPA
options ( Figure
6 ).
In the Security Mode field, select WPA Pre-Shared Key (no
authentication server required).
For WPA Algorithms, select TKIP. This is the approved and
certified algorithm. Though some products support AES (Advanced
Encryption System), interoperability among various vendors' products
hasn't been certified. You could try AES on your router and client;
if it works, AES provides even greater security than WPA.
For the WPA Pre-Shared Key, create a key that won't be easily
compromised. Write it down, as you'll need to enter the same key
when you configure your network card.
Leave the Group Key Renewal row set at 3600, then click on
Apply.
Update Your Network Card
Now you're ready to update your network card.
Unzip the driver file you downloaded earlier. The directory
where you unzipped the file contains the driver you need
(Bcmwl5.sys) along with the INF file. Make a note of this location.
Although you can uninstall the old drivers from the Add or Remove
Programs applet and reinstall the entire package you've downloaded,
it's much easier to update the driver via the Device Manager ( Figure
7 ).
From the Control Panel, double-click on the System icon and
click on the Hardware tab. Click on Device Manager.
Right-click on the wireless adapter.
Select Properties and click on Driver. If your card hasn't been
upgraded, you'll see a driver date prior to 5/26/2003. If you driver
is dated May 26 or later, it already supports WPA. You can click on
Cancel and jump to the step that shows the Wireless Networks dialog
( Figure
8 ).
Click on Update Driver.
Tell the wizard to search specific locations for the driver.
Type in the directory where you unzipped the upgrade file.
Click on Next.
The updated driver will show a date of 5/26/2003 or later.
Don't give up yet. We're almost finished!
Open the Network applet in the Control Panel, right-click on
your wireless card, and click on the Wireless Networks tab ( Figure
8 ).
In the Available networks window, select the name of your
network. This is the same as the SSID (network name) you configured
in your router.
Click on Configure.
Under Network Authentication, select WPA-PSK. If you don't
select the correct authentication mode, you won't be allowed to
select the correct encryption mode (TKIP). If you leave network
authentication set to Open, the only encryption options you'll see
are WEP or Disabled.
In Data encryption, select TKIP (or AES if you selected AES
earlier).
In Network key, type in the same WPA Shared Key you entered into
the AP configuration and type it again under Confirm network key.
Then click on OK.
Because you enabled WPA security on your AP previously, when you
finish your client configuration, you should be able to associate
with your access point and use the network as you did before. Only
now you have a secure wireless link.
|
