42

Appendix B: Wireless Security

Maximizing Wireless Security

Wireless-G Access Point

PCs unprotected by a firewall router should at least run firewall software, and all PCs should run up-to-date

antiviral software.

B.

WEP

Wired Equivalent Privacy (WEP) is often looked upon as a panacea for wireless security concerns. This is

overstating WEP's ability. Again, this can only provide enough security to make a hacker's job more difficult.

WEP encryption implementation was not put in place with the 802.11 standard. This means that there are about

as many methods of WEP encryption as there are providers of wireless networking products. In addition, WEP is

not completely secure. One piece of information still not encrypted is the MAC address, which hackers can use to

break into a network by spoofing (or faking) the MAC address.

Programs exist on the Internet that are designed to defeat WEP. The best known of these is AirSnort. In about a

day, AirSnort can analyze enough of the wireless transmissions to crack the WEP key. Just like a dictionary-

building attack, the best prevention for these types of programs is by not using static settings, periodically

changing WEP keys, SSID, etc.

There are several ways that WEP can be maximized:

a) Use the highest level of encryption possible

b) Use multiple WEP keys

c) Change your WEP key regularly

Current encryption technology offers 64-bit and 128-bit WEP encryption. If you are using 64-bit WEP, swap out

your old wireless units for 128-bit encryption right away. Where encryption is concerned, the bigger and more

complex, the better. A WEP key is a string of hexadecimal characters that your wireless network uses in two

ways. First, nodes in your wireless network are identified with a common WEP key. Second, these WEP keys

encrypt and decrypt data sent over your wireless network. So, a higher level of security ensures that hackers will

have a harder time breaking into your network.

Setting one, static WEP key on your wireless network leaves your network open the threats even as you think it is

protecting you. While it is true that using a WEP key increases wireless security, you can increase it further by

using multiple WEP keys.

Keep in mind that WEP keys are stored in the firmware of wireless cards and access points and can be used to

hack into the network if a card or access point falls into the wrong hands. Also, should someone hack into your

network, there would be nothing preventing someone access to the entire network, using just one static key.

43

Appendix B: Wireless Security

Maximizing Wireless Security

Wireless-G Access Point

The solution, then, is to segment your network up into multiple groups. If your network had 80 users and you

used four WEP keys, a hacker would have access to only ¼ of your wireless network resources. In this way,

multiple keys reduce your liability.

Finally, be sure to change your WEP key regularly, once a week or once a day. Using a "dynamic" WEP key, rather

than one that is static, makes it even harder for a hacker to break into your network and steal your resources.

WEP Encryption

WEP encryption for the Access Point is configured through the Web-Utility's Setup tab. Select

WEP

from the drop-

down menu of Security Mode, which will open the WEP screen.

Select which WEP key (1-4) will be used when the Access Point sends data, then select that number as the

Default Transmit Key. Make sure the receiving device is using the same key.

If you wish to use a WEP Passphrase, it can be a maximum of 16 alphanumeric characters. This passphrase may

not work with non-Linksys products due to possible incompatibility with other vendors' passphrase generators.

The WEP Key can be generated using your Passphrase or you can enter it manually.

If you wish to enter the WEP Key manually, type the key into the appropriate Key field on the left. The WEP key

must consist of the letters "A" through "F" and the numbers "0" through "9" and should be 10 characters in

length for 64-bit encryption or 26 characters in length for 128-bit encryption. All points in your wireless network

must use the same WEP key to utilize WEP encryption.

Once the Passphrase is entered, click the

Generate

key to generate a WEP key.

Click the

Save Settings

button to apply your changes and return to the Setup tab or

Cancel Changes

to cancel

your changes. If you require online help, click the

Help

button.

C.

WPA

Wi-Fi Protected Access (WPA) is the newest and best available standard in Wi-Fi security. Two modes are

available: Pre-Shared Key and RADIUS. Pre-Shared Key gives you a choice of two encryption methods: TKIP

(Temporal Key Integrity Protocol), which utilizes a stronger encryption method and incorporates Message

Integrity Code (MIC) to provide protection against hackers, and AES (Advanced Encryption System), which utilizes

a symmetric 128-Bit block data encryption. RADIUS (Remote Authentication Dial-In User Service) utilizes a

RADIUS server for authentication and the use of dynamic TKIP, AES, or WEP.

WPA is accessed through the Web-Utility's Security Tab. Choose one of the following Security Modes from the

drop-down menu:

Figure B-1: The WEP Screen

44

Appendix B: Wireless Security

Maximizing Wireless Security

Wireless-G Access Point

WPA Pre-Shared Key

If you do not have a RADIUS server, Select the type of algorithm, TKIP or AES, enter a password in the Pre-Shared

key field of 8-32 characters, and enter a Group Key Renewal period time between 0 and 99,999 seconds, which

instructs the Access Point how often it should change the encryption keys.

WPA RADIUS

WPA used in coordination with a RADIUS server. (This should only be used when a RADIUS server is connected to

the Access Point.) First, select the type of WPA algorithm,

TKIP

or

AES

. Enter the RADIUS server’s IP Address and

port number, along with a key shared between the Access Point and the server. Last, enter a Group Key Renewal

period, which instructs the Access Point how often it should change the encryption keys.

RADIUS

WEP used in coordination with a RADIUS server. (This should only be used when a RADIUS server is connected to

the Access Point.) First, enter the RADIUS server’s IP Address and port number, along with a key shared between

the Access Point and the server. Then, select a WEP key and a level of WEP encryption, and either generate a

WEP key through the Passphrase or enter the WEP key manually.

Figure B-4: The Radius Screen

Figure B-3: The WPA Radius Screen

Figure B-2: The WPA Pre-Shared Key Screen

45

Appendix C: Upgrading Firmware

Wireless-G Access Point

Appendix C: Upgrading Firmware

The Access Point's firmware is upgraded through the Web-Utility's Help tab. Follow these instructions:

1.

Download the firmware from Linksys's website at

www.linksys.com

.

2.

Click the Web-Utility's

Help

tab, and click the

Upgrade Firmware

button.

3.

From the

Upgrade Firmware

screen, enter the location of the firmware's file or click the

Browse

button to

find the file.

4.

Then, click the

Upgrade

button to upgrade the firmware.

Figure C-1: Upgrade Firmware

46

Appendix D: Windows Help

Wireless-G Access Point

Appendix D: Windows Help

All wireless products require Microsoft Windows. Windows is the most used operating system in the world and

comes with many features that help make networking easier. These features can be accessed through Windows

Help and are described in this appendix.

TCP/IP

Before a computer can communicate with the Access Point, TCP/IP must be enabled. TCP/IP is a set of

instructions, or protocol, all PCs follow to communicate over a network. This is true for wireless networks as well.

Your PCs will not be able to utilize wireless networking without having TCP/IP enabled. Windows Help provides

complete instructions on enabling TCP/IP.

Shared Resources

If you wish to share printers, folder, or files over your network, Windows Help provides complete instructions on

utilizing shared resources.

Network Neighborhood/My Network Places

Other PCs on your network will appear under Network Neighborhood or My Network Places (depending upon the

version of Windows you're running). Windows Help provides complete instructions on adding PCs to your

network.