Share


Share

Share it !



share/bookmark

Setting Up a Secure Wireless Network (PART 2)


In part one I explained why you need to secure your wireless network. I'm glad you came back to part two. Let's get started. I am going to use a Buffalo Nfinity wireless router for this demonstration. The thing to remember is that what I am going to show you here can be done on any wireless router. You may have to check your documentation to find where the settings are for what you are trying to accomplish in the web interface of your router.

Note: If this is a used router the first thing you need to do is reset it. Find the documentation for detailed instructions on doing this. It will set your router back to factory defaults. It is usually just a matter of pressing the reset button on the back of the router.

If your router came with a setup disk feel free to use it to set your network up. Once it is complete please continue with this document to make sure it did everything is was suppose to.

DISCLAIMER:

While every reasonable precaution has been taken in the preparation of this document, the author is not responsibLE for errors or omissions, or for damages resulting from the use of the information contained herein. The information contained in this document is believed to be accurate. However, no guarantee is provided. Use this information at your own risk.

The first step is to setup your router. Please follow the getting started documentation that came with your router. If you do not have documentation go to the manufacturer's web site and download it. If you do not want to do that you basically do this. Set the router up and do not plug it in. Unplug the network cable from your computer going to the modem and move it to the router in the port labeled WAN. There will be five ports on the back of your router. This will be the one that is setting by itself. Next, plug an Ethernet cable from any of the four open ports on your router and connect it to your computer.

Just to make sure there are no issues, reboot the modem. After it completely boots plug in the router and let it boot. After about a minute you should be able to access the Internet.

First we need to configure the router. You will need to find the documentation for your router for this next step. You need to find the IP address of the router. All manufacturers have a default IP address for their series of routers. Linksys uses 192.168.1.1, NetGear uses 192.168.0.1 and the default IP Address of the router I am using is 192.168.11.1. If you cannot find the documentation try this. Click on the Start button and then choose Run. Press the Enter key. A DOS window will open. Type ipconfig and press Enter. The ip address of you computer will be displayed. Normally, the IP address of your router will be the same as the first three octets off your IP adress and the final number will be a 1. For example, if your IP address is 192.168.1.2 your router's IP address will be 192.168.1.1. Some routers have the default IP address that ends in 254. If you can't find the IP address of your router, in the DOS window type tracert http://www.google.com and press Enter. The first line will show the IP address of your router.

Open Internet Explorer, or better yet FireFox ,and in the address bar enter the IP address of your router and press Enter. You will be asked for a user name and password. Again, this is in your documentation. If you do not know, or cannot find the documentation go to a site that list the default usernames and passwords for popular routers. Those links are available in this article posted on my site. After successfully passing credentials to the router the configuration interface will display. Let's look at the status of your router. Find a tab or link that shows, your guessed it, the status of your router. The one on my router is labeled System Info. This page shows your IP Address, Subnet Mask, Default Gateway and the DNS servers. Check out my website posted below and find the article labeled "Understanding the Terminology You will find it in Articles" if you would like to know what all those terms mean. You should see something like this.

You are ready to make your first change. You will set a password on your router. You don't want them to be able to change the settings you are about to make. You should set a fairly strong password, in other words, no words found in the dictionary, a minimum of 8 characters, upper and lower case and at least one number. This will make it secure. To test your password go here and see how strong and see how strong it is. Find the page to set the router password. Mine is Admin Config. You normally cannot change the administrative user name, but you can change the password. Type in your password, then verify it, then press the button to save it.

The next thing you need to do is set the name of your wireless network. This would be changing the field labeled SSID . Mine is in a section labeled Basic Wireless Configuration. Set this to anything you want. You may not want to set it to your last name if you have people around you that may try to crack your network if they know it is yours. I personally do not care about that so I set mine to HAG. Set the name and apply it. The router will reboot and place you back on that screen.

This is the name that will be broadcast to clients looking for a network. If it is secured they will be asked for a key. Without the key they cannot connect to the network. It is more secure to not broadcast your SSID, but that is not part of part one. If you want to strengthen your network just keep reading. For now, just allow the SSID to be broadcast. It will make connecting a client to it much easier if you have not done this before.

The final, but most important, piece of part one. You need to choose an encryption type for your network You will have a large number of choices, way too many to cover here. I will just give you my suggestions, and tell you which ones to not even consider, and why. Find the Wireless Security section of the router web interface. Mine is Wireless Security Settings. Here is where it gets confusing. You may see the terms WEP, WPA, WPA Pre-Shared Key, WPA2, WPA personal, WPA Enterprise, WPA2 Personal, WPA2 Enterprise, TKIP, AES, RADIUS and No Encryption. Which one do you choose? There are going to be a bunch of different opinions on this one. You want to choose the strongest one. This will vary from user to user, and you may have to back the encryption down, but I'll tell you how and why. First, what do all these acronyms stand for? Here we go:


WEP (Wired Equivelancy Privacy)
WPA (Wi-Fi Protected Access)
WPA2 (Version 2 of WPA)
TKIP (Temporal Key Integrity Prtotcol)
AES (Advanced Encryption Standard)
RADIUS (Remote Authentication Dial-In User Service)

Which one(s) to choose:


No Encryption (Answer that one yourself)
WEP (The lease secure. Avoid using it if possible)
WPA (Good)
WPA2 (Best)
TKIP (Good)
AES (Best)

Sounds pretty cut and dry doesn't it? WPA2-AES. That is the first one you will want to try. Here is going to be the problem. If the wireless card you are using does not support it then it simply won't work. If this is the case drop back to WPA2 -TKIP. Does it work? No. Try WPA-AES, then WPA-TKIP, then lastly WEP. You may also see TKIP+AES. This is fine. It will try AES first, if not successful drop back to TKIP automatically. For WPA and WPA2 use the personal settings. Enterprise and RADIUS require other hardware and is meant for what it says, enterprises.

That is only one part of this. The other is the key strength. In WEP you will have a choice of 64 bits 10 hex digits and 128 bit 26 hex digits. What is a hex digit? These are hex digits 0-9 and A-F. Hexadecimal is base 16. If you add the digits between 0-F you will have 16 digits. I got off track there, but if you didn't know, now you do. In WPA and WPA2 you will be presented with either a pass phrase, or shared key. Try to use a minimum of 8 digits, letters, upper/lowercase and words not found in the dictionary, but preferably 20 or more. I use WPA-AES with a 25 digit/character password.

Once you do this you have a secure network. You can now attach a wireless client to it to test it. This test will allow you to see if your network card will support the encryption you chose. If it will not connect start backing the encryption down as described above.

I'm going to show you how to connect using Windows Wireless Network Connection tool. If you are using a third party tool, like Broadcom Wireless Lan tool the Windows tool will not be available. To make it available you need to close the third party tool. Right click on it in the system tray (The tray by the clock) and exit the tool. If this is not available try this:


Right click on My Computer and choose Manage.
Click the plus (+) next to Services and Applications.
Highlight (Click) on Services.
To make it easier to see click on the Standard tab.

Look for the service that is handling your wireless connections. Mine is Broadcom Wireless LAN Tray Service. Right click on it and choose Stop.

Now that you have no services managing your wireless connections, while still in the services window, go down to Wireless Zero Configuration . Right click on it and choose Start. You have now enabled the Wireless Network Connections tool.

Note: When you reboot, or log off, these settings will be lost. If you want to keep them you will have to disable the service for the third party tool and make sure Windows Zero Configuration is set to Automatic.

Right click on the wireless icon in the system tray and choose View Available Wireless Networks.

You will now see all the wireless networks with range of your wireless card. If you live in a well populated neighborhood don't be surprised to see a lot of them. Some of them will probably be unsecured.

Just for the fun of it try to connect to it. You will be informed that you are connecting to an unsecured network. If you click Yes you will be connected to your neighbors network. Disconnect if you do that since we are going to connect you to you secured network. Highlight (Click) on your network and choose Connect.

You will be asked for your network key. Enter the key, press the Tab key, then enter it again. Once you are done click on the Connect button.

You will be connected to your secure network and can now surf the net.

The key word here is You! You are the only one connected to your network.

This concludes PART2 If you would like to strengthen your security please read PART3. I hope to see you there!




A direct link to this article, complete with images and links to the tools mentioned can be found at TechAlternatives

We help you Discover Your Choices