Sunday, September 6, 2009

Bookmark and Share

How to Setup a Wireless Network

You've heard the buzz around people accessing your neighbors wireless access and about ways to make sure people can't access your wireless connection. Maybe you aren't worried about someone using your internet connection...You should be. For two reasons...

  1. What is they are trying to do harm to other computer networks? From your internet connect...And you get in trouble for it...
  2. You're the one paying for the service so why allow someone else to use it for free. Plus your contract probably has something in it about not servicing other customers.
So how do I keep people from using my wireless network?
First, lets run through a few terms...
  1. WEP - Wired Equivalent Privacy - Very first attempt at wireless security that uses a static key, or serious of numbers that allows a computer to talk to the access point. If both static key's match, they can talk. WEP can be compromised within minutes and should not be used.
  2. WPA - Wi-Fi Protected Access - WPA was a major improvement over WEP as certain values used to transmit data are never reused. WPA uses TKIP to encrypt data from the computer to the access point. WPA is also a pre-standard protocol and has been replaced with the standard WPA2, although still commonly used.
  3. TKIP - Temporal Key Integrity Protocol (TKIP) - Method used to encrypt data
  4. WPA2 - Wi-Fi Protected Access - Similar to WPA but has been standardized so different vendors can work together and replaced the encryption method with AES.
  5. AES - Advanced Encryption Standard - Just as it sounds, this is more advanced encryption than TKIP.
  6. WPA/WPA2 Enterprise - Enterprise version doesn't apply to most small and medium businesses. It has additional security built in that allows the wireless access point to authenticate the user with a userid, password and additional piece of information called a certificate. 
  7. SSID - Service set identifier (SSID)
So how do I setup a wireless network again...
Okay, here are the steps...Each vendor will be slightly different...
1)   Access your wireless access point / router by going to http://ipaddress or https://ipaddress. Dont' know what  the ip address of your router is? Go to start, run, type cmd. When the command prompt comes up type ipconfig. It is most likely the default gateway if this is the only device in your network. 

IPv4 Address. . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

2)   Click on the wireless tab. Under basic settings, select G-Only if you have all new computers. Most likely you won't have any 802.11b clients.

Select a wireless channel 1,6 or 11. If you have issue staying connected, try a different channel.
Disable SSID Broadcast and enter in an SSID. This is just a name that you want to call your wireless network. Change it from the default.
Click Save.





3)   Next, Click on Wireless Security. In the next steps you will configure the WPA Type, Security Algorithms and Shared Key.




 4)   Secuity Mode - Choose WPA2 Personal if your computer or laptop supports it. 




5)   WPA Algorithms - Choose AES if your computer or laptop supports it. 




6)   WPA Shared Key - Enter in a shared key consisting of random numbers and letters. The device will tell you if the key is not long enough. Make it at least 16 characters. Click Save.

7)   Wireless MAC Filter - I enable a mac address filter so that only my approved wireless computers can connect. This only adds a small level of protection as MAC's can be stolen and used. Click enable and Permit only approved devices. Click Edit MAC List. A list of connected devices should show up. If not, go back to the cmd command window and type ipconfig/all. This will show you your wireless mac address. Enter the value into the list and Click Save. Physical Address. . . . . . . . . : 00-22-69-XX-XX-XX 


8)  Setting up your laptop or wireless device.



Since we disabled the SSID Broadcast, the wireless connection wil not show as instructed, so click on the advanced settings, create a new wireless connection with the SSID name you specified, WPA(2)/AES or TKIP (as configured above) and the matching key.

Conclusion 

It has been reported as of this writing that WPA/TKIP has been compromised in only a few minutes. WPA2/AES is recommended. Keep in mind that not all computers will support connecting to an access point with WPA2/AES and WPA/TKIP may be required. A wireless driver update may be required to support WPA2/AES. Updating drivers is beyond the scope of this article.

Cisco Select Partner
Kansas City Cisco Unified Communications Solutions
Voice - Video - Wireless - Security - Data

Labels: , , , ,

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home