EZLAN.NET
Copyright © 2001-2007

Hardware and Software Specifications, Examples, Links, and other info. are valid at the publishing time. In case it become invalid use the Internet Search.

1st Published, Dec. 2004

Over 6,500,000 Hits Site Wide in 2006

 

  

  

 

   

Configuring Wireless Security for small Network.

Few years ago when Wireless LANs started to be used in the cooperate world, PC-Mag revealed a major security problem. Due to the novelty of the medium a lot of installation left open with the default setting and no security on.  The "waves" raised by this article keep “wetting" us to date. The second part of this ordeal came with the revelation that even with the 128bits Encryption (WEP) On, it is possible to crack the security of the connection. The result is a lot of "Wireless Paranoia".

Let face it in the computer world nothing is “perfectly” secured.  If you have something that is very desirable, and a "real pros" want it, no matter what you do they probably will find the way in.

Today's WPA and the newest WPA2 (WPA-AES) are much more secure and trouble free. Use them for you own Good.


The security settings of the Wireless Client (a Wireless Computer) and the Wireless Source (a Wireless Cable/DSL Router, Access Point, or Public Hot Spot) must be perfectly matched otherwise you would not have a working Wireless connection.


We can not provide specific step by step instructions since there is no uniform menu system to configure Wireless Devices like Wireless Routers, and each Brand use there own propriety system.

The information bellow assumes that for the actual setting you would follow your Hardware Manual.

Read this page to the end before you actually starting to configure the Wireless settings.


To make sure that you take advantage of all the Security measures that your Wireless hardware is capable of, use first the manufacturer original utility, if it does Not work with the original utility it would not work with the native Windows Wireless application (WZC).  After configuration if you prefer to use Windows Zero Configuration (WZC), you can switch back to it and insert the encryption key when first used.
While using the original Utility WZC has of be switched Off. When using WZC make sure that the manufacturer Utility is Off and Not loaded at StartUp.
Switching On and Off WZC here, http://www.ezlan.net/wzc.html
Controlling StartUp here, http://www.ezlan.net/infestation#process


What can be done to maximize Wireless Security without additional expense and sophisticated hardware?

1. Put a Unique SSID (I.e. the name of your Wireless Network should not be WLAN or any other default setting).).

2. Set the system to channel 11 – This no big addition to security but usually will yield better cleaner Wireless. Since the default channel 6 is very busy.

3. Switch On the MAC Filter and enter the MACs of your system. – This will only allow your hardware to connect to the system.

Take into consideration that MAC information is not encrypted. As s a result MAC filtering is a good deterrent against casual intruders.  However it is very easy to Hack it.

4. Set Encryption to the most recent secure type that is available on your Wireless hardware (The available method  would depend on how old is your hardware).

Most secure is WPA2 (WPA AES), followed by WPA-TKIP, WEP 128 bit and the least secure WEP 64bit.

5. If you are extra worried, and you have WEP only change the WEP key every 3-4 days. Breaking 128bits WEP takes time, frequent changing will make casual hacker affords futile.

6. Set the DHCP to the same number of computers that you have on your Network. (Example, you have 4 computers set it to 101-104).

7. Install NetBEUI, and do the local sharing through NetBEUI. (Most people do not have this arrangement. Their TCP/IP sharing will not get into your files).

Link to: Set NetBEUI as the Default Sharing Protocol in WinXP.

8.  Disable Auto Broadcast. - Most Wireless Access Points Broadcast their existence by default, your can try to disable this feature. 

You should take into consideration that Disabling SSID Broadcasting might cause some Wireless Hardware to be Inoperable, or very "Quirky".  Using this security measure Does Not provide real protection since many device and applications would detect your Wireless anyway. So if your hardware provides this feature use it with caution.


Almost all the Wireless Hardware that came out in 2005 is  WPA-TKIP  capable.

Upgrade from WEP to WPA might be available for few selected old version (check you Brand Website). 

To have a functional WPA on your Wireless Network, both Windows and the Hardware have to be WPA Enabled.

Microsoft already posted the WPA update for WinXP.

Link to:  Microsoft - WPA Wireless Security for Home Networks.

If you update WinXP to WinXP SP1 or to WinXP SP2 WPA support is installed automatically.


If another Wireless Signal is propagating in your reception area it might appear in your available Wireless Network list.

Appearing on the list does not mean that there is actual Network connections. If you use the measures mentioned on this page, it is more a "Cosmetic" issue rather than Security problem.

Some settings might have the capacity to limit the Connections to a preferred Wireless Network (Setting might be in the Wireless Card's Drivers, the Router's configuration menu, or and Windows Wireless Configuration).


If using the measures mentioned in this page do not Help and some else's Wireless Network is actually logging into your Network, you should consider using a RADIUS Server.

Using RADIUS For WLAN Authentication - Part I

Using RADIUS For WLAN Authentication, Part II


Wireless is comfortable and cool.

Secure yourself, and Do Not let the “paranoids” deprive you from using it.


Want to know more about the differences between:  WEP, WPA,  and WPA2.

Link to:   Network segregation - Adding security to Wireless Network (or any peer to peer Network).

Good Luck and Safe Wireless Surfing.


Copyright © 2001-2007 EZLAN.NET.  All Rights Reserved.
Home