- May 27, 2009
Wireless networking has become much faster, more reliable, and much less expensive year by year. At the time this book was written, 802.11g adapters cost about $40 per computer, less when on sale or with a rebate, and a wireless router costs about the same. The next generation of 802.11n (WiMax) equipment, when its specifications are finalized in late 2008, promise even faster speeds and greater range. The Multiple-Input Multiple-Output (MIMO) technology promises to extend the range of wireless networking from the current effective limit of about 100 feet indoors to considerably more.
If you do want to install a wireless network, you need to know that security risks are involved:
- If you don’t enable wireless security, any passerby can connect to your network.
- If you use the old WEP encryption option, a motivated passerby can still easily connect.
- With Windows Simple File Sharing enabled on XP, or Password Protected Sharing disabled on Vista, anyone who is able to connect can read or modify your shared files. (Simple File Sharing is discussed later in this chapter.)
- Even without Simple File Sharing, anyone who connects could send spam or viruses from your Internet connection.
So, wireless security is important, but fortunately, it’s not that difficult to manage.
Wireless Network Basics
Wireless networking (Wi-Fi) transmits data on the same 2.2GHz radio frequency band used by wireless telephones, microwave ovens, and other consumer products. Many people are familiar with using Wi-Fi to connect to the Internet at airports, cafes, hotels, and the like. You can also use it, rather than cabled Ethernet networking, to connect your computers at home or the office. Wi-Fi has become common enough that in most urban and suburban neighborhoods you’ll probably find that your computer can pick up three or four networks operated by your neighbors. To be able to distinguish your network’s signal from other peoples’, and to secure your network, you must make four choices when you set it up:
- A SSID (Service Set Identifier), a short name that you give your network, up to 32 characters in length. This could be your last name, company name, a pet’s name, or whatever makes sense to you.
- An encryption type, which consists of a choice of protocol, and “strength” of the code used to secure the network against eavesdropping. The choices, in order of increasing security, are none, WEP 40-bit (also called 64-bit), WEP 128-bit (also called 104-bit), WPA, and finally WPA2, which is the most secure as of the time this was written. I’ll discuss encryption schemes in more detail shortly.
- An encryption key, which is a string of hexadecimal digits—that is, the numbers 0 through 9 and the letters A through F. Some wireless networking software lets you generate a key from an ordinary text password, but this method may not work when you use equipment from different manufacturers.
- A channel, which selects the frequency used to transmit your network’s data. In the U.S., this is a number between 1 and 11; the numbers may be different in other countries. The channel is set by your wireless access point. In the U.S., the most common channels used are 1, 6, and 11. Change the channel from its default setting only if you find that several other networks in your area use the same channel; if in doubt, try channel 6.
- MAC-level security, which lets you specify which network adapters can connect to your router. MAC-level security is cumbersome to set up and does nothing to repel a really determined hacker, so I won’t discuss it further.
Wireless Network Security
When you are using a traditional, hard-wired network, your data is fairly safe from prying eyes because the signal is contained with the wires, and someone would have to physically connect to your wiring to steal information or freeload on your Internet connection. (Of course, if corporate spies or government agencies get involved, all bets are off.) Wireless networks, on the other hand, broadcast information over a range of at least hundred feet and up to hundreds of yards, and anyone passing with a computer could receive those signals.
To let you limit others’ ability to read your data and use your network bandwidth, wireless networking manufacturers have come up with schemes to encrypt (scramble) the data sent on the wireless signal so that only someone possessing a secret code (key) can connect to, send, and read data from the network. The first such scheme was named Wired Equivalent Privacy, or WEP, but this name turned out to be just a bit overoptimistic—WEP security can be broken in just a few hours with a single computer and some freely available software. WEP was strengthened by extending the length of the secret key from 40 to 128 binary bits, but because of its design flaws, this didn’t help all that much. The networking industry devised a new encryption protocol called Wi-Fi Protected Access, or WPA, which is much more secure than WPA, and the latest, new-and-improved security scheme is called WPA2, for WPA version 2. WPA and WPA2 are very secure as long as you choose a truly random key, as we’ll discuss shortly.
Do you really have to worry about your network being broken into? Maybe not, but you can’t really tell because the “enemy” is most likely someone you don’t know and will never see. And although someone might “just” be after a free Internet connection, someone who’d deliberately break into your network could very well want to do things that could get you in hot water if the activity is traced back to your Internet connection: send spam, share copyrighted music and video, purchase items with stolen credit card numbers, exchange illegal pornography, communicate with terrorists, commit espionage, or who knows what? So you really do need to at least try to make this difficult; with luck anyone trying to tap into your network will move on to look for an easier target. (It’s like locking your front door. Intruders can still break a window to get in, but you at least have to force them to break the window.)
The problem with wireless security is that the same scheme has to be used by all access points and computers on the network. If even one of your devices doesn’t support WPA2 or WPA, you’re stuck using the relatively insecure WEP. If your access point or router doesn’t support WPA2 or WPA, you may be able to install updated firmware to get it—visit the manufacturer’s website to check. Furthermore, if you have an older version of Windows on your network, you might have to settle for WEP. Here is a list of the various schemes supported by different versions of Windows:
- Vista (all versions)—Has built-in support for WPA2, WPA, and WEP.
- XP Service Pack 3—Has built-in support for WPA2, WPA, and WEP.
- XP Service Pack 2—Has built-in support for WPA, and WEP. You can add WPA2 support with a hotfix. Visit support.microsoft.com and search for KB893357.
- Earlier versions of Windows—Previous versions of Windows (Windows Me, 9x, 2000, and XP without SP2) support WEP, but not WPA. The manufacturer of your computer’s wireless network adapter may be able to provide an updated driver that includes WPA support.
Select the best security method supported by all your network gear, including any access points or routers. For example, if your access point and all computers support WPA2, use WPA2. Otherwise, if all support WPA, use WPA. Use WEP only if you have one or more devices that can’t manage WPA. And be sure to use a truly random key when you set up the network.
Creating a Random Encryption Key
In actual use, a key is a string of binary ones and zeroes, ranging from 40 to 256 bits or more in length, looking like this: 1100101000111010110101010001110101001010. That’s just 40 bits, and you can imagine how hard it would be to type something like this correctly into a router and several computers. Usually, then, keys are expressed in the shorter hexadecimal notation, where each group of four bits is represented by the digits 0 through 9 and the letters A through F. The same 40-bit key in “hex” looks like this: CA3AD51D4A, which is much more manageable. A 128-bit WEP key* takes 26 hex characters, like this: 9552DCF6069263823BFFA19957.
Even this shorthand form of the key can be tedious and difficult to type correctly, so most wireless equipment manufacturers—and Windows itself—let you enter a key using a passphrase instead. A passphrase is a word or short phrase that the software converts into numbers, which it scrambles and from which it then extracts the necessary bits for the key. For WPA, which uses 256 bits for the key, most devices and drivers require a passphrase—there usually isn’t even the option of specifying the key as 64 hex characters.
On the surface, passphrases appear to make things easier but they can actually introduce some serious problems. With WEP, not every device driver or access point uses the same mathematical scheme to derive the key. The same passphrase typed into Windows and into your access point could produce a different set of bits, and if that happened, your wireless connection would not work. WPA doesn’t have this particular problem because the formula for turning the passphrase into a key is part of the standard, but it shares another problem with WEP: Any wireless encryption scheme can be broken if the intruder can guess your passphrase. Freely available WEP- and WPA-attacking software comes with a huge list of names, numbers, and words to try. If your passphrase is in the attacker’s dictionary, he can connect in just a few minutes.
So although it’s tempting to use your pet’s name or your house number as a passphrase, to make a really secure network, you need to create a truly random key. This means that if you’re using WPA or WPA2, you should create a 63-character random text string. If you have to use WEP, create a 26-digit random hex number. Save this random key in a text file, and use it to copy and paste the key into each of your computers and your router’s setup screen. This is a bit more work than typing just “fluffy,” but it’s necessary if you want your network to be protected against intrusion.
The Wireless Network Setup Wizard provided with Windows XP and Vista can generate and install a truly random key for you. We discus this wizard in the next section. You can also create a randomly key manually, using these steps:
If you’re using WPA, visit www.grc.com/passwords.htm and press the F5 key to refresh the web page. Under 63 Random Alpha-Numeric Characters, select all the text in the box, right-click, and select Copy. (You’re best off using all 63 characters in this key, but you could shorten it and still have pretty decent security. Just don’t use fewer than about 20 characters or so.)
If you’re using WEP, visit www.andrewscompanies.com/tools/wep.asp. Click on the Generate 128-bit Key button. Under Generated Key, select the text in the Hex box, right-click, and select Copy.
- Click Start, [All] Programs, Accessories, Notepad. Click Edit, Paste.
- Click File, Save As, and save the file with the name Wireless key in your [My] Documents folder, or better yet, to a removable USB drive, so that you can carry it around to your other computers.
- Print this file and keep the hard copy in a safe place.
Now you can copy and paste in this key when Windows asks you for your wireless key. When you’re configuring your wireless router or access point, paste this key into the device’s configuration software or web page.
Setting Up a Wireless Network Access Point
When you set up a wireless router or access point, you are setting up what is called an infrastructure network. Before you start, you should read the previous three sections: “Wireless Network Basics,” “Wireless Network Security,” and “Creating a Random Encryption Key,” which go over the choices you’ll have to make along the way.
There are three main ways to set up a new wireless router in your home or office:
- Use a special setup or “wizard” program provided by the manufacturer.
- Set up the access point manually, following the manufacturer’s instructions.
- Use the Wireless Network Setup Wizard provided with Windows XP and Vista.
I’d suggest that you read the manual that comes with your router to see whether it comes with its own setup program. If it does, and if its instructions make sense and seem easier than what follows in this section, by all means use it and see whether it works. If you elect not to use it, try the Wireless Network Setup Wizard, described in the next section. As a last resort, configure the router manually, as described later in this chapter.
Using the Wireless Network Setup Wizard
The easiest way to set up a wireless network is to use the built-in wizards provided with Windows XP and Vista. These tools not only help you generate a truly secure, random key, they may also be able to automatically configure your wireless router or access point.
Because the details vary greatly, I describe the XP and Vista wizards separately.
If at least one of your computers has Windows Vista, use Vista to set up your wireless network, and then add the XP computer(s) later. To run the Vista wizard, follow these steps:
- Click Start, Control Panel. Select Network and Internet, and then under Network and Sharing Center, select Connect To a Network.
- Select Set Up a Connection or Network. Select Set Up a Wireless Router or Access Point, and then click Next.
- Click Next and confirm the User Account Control prompt.
- If you are asked Do you want to turn on network discovery for all public networks? click No, Make the Network I Am Connected to a Private Network.
If Windows can connect to and can configure the router directly through the network, it offers to do so. Select that option and follow the wizard’s prompts to complete the setup procedure.
If Windows can’t directly control the router, it offers two other choices: Configure This Device Manually, or Create Wireless Network Settings and Save to USB Flash Drive. Even if your router doesn’t have a USB flash drive port, select the Create option.
- Enter the name (SSID) you selected for your network and click Next.
If all your computers and other wireless devices support WPA encryption, accept the proposed random passphrase and click Next.
If any of your computers or other wireless devices doesn’t support WPA (your TiVo, for instance), you must use WEP encryption. Click Show Advanced Network Security Options, and select WEP. A random WEP key is generated. Click Next to proceed.
If you have already set up file and printer sharing, select Keep the Custom Settings I Currently Have and click Next. You can also make one of the following selections here:
- Do Not Allow File and Printer Sharing—Prevents other computers from accessing files and printers shared by your computer.
- Allow Sharing with Anyone with a User Account and Password for This Computer—Enables File and Printer Sharing by your computer, using Password Protected Sharing.
- Allow Sharing with Anyone on the Same Network as This Computer—Enables File and Printer Sharing by your computer, with Password Protected Sharing turned off.
Password Protected Sharing is described later in this chapter under “Simple File Sharing” (p. 356). Make the desired selection and click Next.
- Plug a removable (USB) flash drive into your computer if you haven’t done so already, and wait for it to be recognized. If a What do you want to do with the contents of this drive? prompt appears, or if an Explorer window opens, close it. Then, in the Wireless Wizard, select the drive under Save Settings To, and click Next. This copies a file containing wireless setup information and a setup program that can install these settings on Windows on XP and Vista. We talk more about this in a moment.
- When the copying process is complete, click Print Network Settings to make a hard copy of the setup information. You many need this to configure your router, and you also need it as a backup of your network setup information. (Be sure to keep it in a safe place.) Click Next.
Windows prompts you to configure your access point and other computers. Windows might be able to configure your router directly over its Ethernet connection, if you made that connection as suggested in the earlier Tip. If it can’t do that, and if your router has a USB slot, plug the flash drive that was prepared in step 9 into your router. Within 30 seconds, the router should blink its lights three times. This indicates that its wireless security settings have been configured. (Its Internet connection haven’t been configured or changed, however, so you have to take care of that part separately.)
If your router doesn’t have a USB port, you have to configure it manually as described later in this section.
After the router is configured, you can take the USB flash drive to your other Vista and XP computers to configure them. Simply log on using a Computer Administrator–type account, and plug in the flash drive. This should run the setup program that the wizard put on the drive. You don’t need to use the instructions in the next section to set up your XP computers—the setup program on the flash drive takes care of XP as well as Vista computers.
When all your other computers have been set up, if you want, you can bring the flash drive back to the original Vista computer and have the setup wizard erase the security information from the flash drive. This is up to you. You can always configure other computers manually by using the Network Settings printout you made in step 10. Finally, if you are using your wireless router to share a high-speed Internet connection, open the router’s setup web pages and set up your Internet connection. I’ll give a brief outline of this process later in this section under “Configuring a Wireless Router Manually.”
If you don’t have any Windows Vista computers, you can set up a new wireless network by using the Wireless Network Setup wizard provided with Windows XP, following these steps:
- Start by logging on to a Computer Administrator account. Open My Network Places from the Start menu. In the Network Tasks list, select Set Up a Wireless Network for a Home or Small Office. When the wizard appears, select Set Up a New Wireless Network.
- In the first screen, enter a name for your wireless network, select Automatically Assign a Network Key, and indicate that you want Windows to create a random key for you. Also, if all your wireless equipment supports WPA encryption, check the Use WPA box at the bottom of the screen. Then click Next, and Next again to proceed.
- If you have a USB flash memory drive, or a USB-connected digital camera memory card reader that presents the memory cards as disk drives, select Use a USB Flash Drive. (You can also use a floppy disk, if you want, with this setting.) Alternately, you can also choose to copy the wireless settings manually. Make your selection and click Next.
If you chose to use the USB device, Windows asks you to insert the device. Plug it in and wait a moment. If Windows displays a What Do You Want to Do with This Drive dialog, or if an Explorer appears, close it. Then, select the corresponding drive letter. (You can also select your floppy drive here.) Click Next and Windows copies the necessary files.
After Windows copies the files, remove the flash drive and take it to your router and/or other computers to configure them. If your router has a USB port, plug in the flash drive. Within 30 seconds the router should flash its lights three times to indicate that its wireless security settings have been configured. (Its Internet connection isn’t configured or changed by this process, however, so you have to take care of that part separately.) If your router doesn’t have a USB port, you’ll configure it manually in a later step.
Configure your other Windows XP and Windows 9x computers:
- If you’re using a USB device, plug the device into the computer. The Wireless Network Setup Wizard should run automatically and add the computer to the wireless network.
- If you’re using a floppy disk, insert the disk in each computer, and use My Computer or Windows Explorer to locate and double-click the SetupSNK.EXE file. This adds the computer to the wireless network.
- To add computers manually, wait until after the next step when you have a printout of the network settings. I discuss the manual procedure later under “Joining a Wireless Network.”
- Return to the original Windows XP computer, reinsert the flash drive, and Click Next in the Wireless Network Setup Wizard. Then click Print Network Settings to get a copy of the settings. This opens a window in Notepad. Click File, Print to get a hard copy. You definitely want to have this as a backup, and it will help you to configure your router if you have to configure it manually. Finally, click Finish.
- If you have to configure your router manually, follow the instructions provided by the router’s manufacturer and use the information on the printout you just made. The manual setup procedure is roughly outlined in the next section, “Configuring a Wireless Router Manually.”
If you later need to add more computers to the network, you can rerun the wizard on the computer you started with, and it will walk you through the process of reinstalling the setup software on your USB drive, or reprinting the instruction sheet. Or, you can follow the procedure in the next section to join them to the network manually.
After all your computers have joined the wireless network, skip the next section and continue with “Configuring a Workgroup Network.”
Configuring a Wireless Router Manually
If your router can’t be configured automatically through the network or a USB flash drive, you have to configure it manually. The details, of course, vary from one manufacturer to another, so you have to read the instructions for your particular device. The manual procedure goes something like this:
- Connect one of your computers to the access point’s Ethernet port, using a CAT-5 patch cable, and power up the access point.
- Note the IP address that is assigned to your computer’s Ethernet adapter. To find this, view the Network Connections folder. (On XP, get there from Control Panel. On Vista, open the Network and Sharing Center and select Manage Network Connections.) Right-click Local Area Connection, and select Status. Click Details, and note your [IPv4] IP address. This will be something like 192.168.1.23.
- Open Internet Explorer, and in the Address bar type your IP address, but change the last number to 1. In this example, I’d type 192.168.1.1. Then, press Enter.
- You should be prompted to enter a username and password. The default name and password are described in your router’s manual.
Set up the router’s Internet connection. For cable Internet, you typically select the DHCP (automatic) option, and for DSL, you usually need to select the PPPoE option, requiring a username and password, but this varies from one ISP to another. Your ISP will have provided you with this setup information, and most are willing to talk you through setting up your wireless access point if you call the customer support line.
- Select the Wireless Networking setup page and enter your chosen network name (SSID). Select WPA or WEP security. If there is a “key index” selection, select 1. In the box for the first key value, paste in the hexadecimal key you generated in the previous section.
This is usually all you have to do to get an access point up and running. After you have saved the last set of changes, you may need to restart your router. As soon as it’s restarted, you should be able to disconnect the Ethernet cable and connect wirelessly.
Joining a Wireless Network
When your home or small office wireless network has been configured and you’re ready to start using your computer(s), or, if you are taking your computer into someone’s work or home and want to use the wireless network there, you have to take some steps to be able to use the network. You can use the Wireless Network Setup Wizard discussed in the previous section, or you can connect to and use the network by following this manual procedure. (The figures here show the Windows XP versions. The dialogs are slightly different on Vista, but the procedure is the same.)
- In the notification area at the bottom corner of your screen, locate the Wireless Connection icon (shown here to the left). Double-click it.
Windows displays a list of the names (SSIDs) of the wireless networks that it “hears,” as shown in Figure 6.4. Click on the network you want to use and click Connect.
Figure 6.4 Windows displays the names of the networks whose signals it can receive.
- Windows determines what type of security the network is using, and if the network is encrypted, prompts you to enter the network key. If the network uses WPA security, enter the passphrase, which is a string of letters, numbers, and/or punctuation. Be sure to enter it exactly as given to you. If the network uses WEP security, enter the 10- or 26-hex digit key.
On Vista, you are asked whether the network is public or private. Take care answering this question! If you are in a public Wi-Fi hotspot such as a library, café, or business center, or even a client’s office perhaps, select Public. File and printer sharing are disabled so that other computers on the network can’t probe and possibly infect your computer with viruses. Select Private only if the wireless network was secured with a password or key, and you are sure that all the other computers on the network can be trusted.
After the wireless connections are made, you can continue setting up the rest of your network, as described in the following section.