<<

. 33
( 61 .)



>>

four keys from 0“3 instead of 1“4. So if you™re using Key 1 on your access
point, select Key 0 in Windows XP.
6. Click OK to close the WEP configuration window.
You™re done turning on WEP. Congratulations.

Can we repeat ourselves again? Will you indulge us? The preceding steps are
very generic. Yours might vary slightly (or in rare cases, significantly). Read
your user™s guide. It will tell you what to do.

Some access points will make you go through the extra step of requiring all
users to use WEP to connect to the access point. Look for a check box or
pull-down menu on your configuration screen with this option. If you don™t do
this, computers without your network™s WEP key might still be able to con-
nect to your access point.

After you configure WEP on the access point, you must go to each computer on
your network, get into the network adapter™s client software (as we describe in
Chapters 7 and 8), turn on WEP, and enter either the pass phrase or the WEP
key. Typically you™ll find an Enable Security dialog box containing a check box
to turn on security and one to four text boxes for entering the key. Simply
select the check box to enable WEP, enter your key in the appropriate text box,
and then click OK. Figure 10-2 shows this dialog box for a Proxim ORiNOCO PC
Card network adapter; the dialog box that you see is likely to be similar.
195
Chapter 10: Securing Your Wireless Home Network




Figure 10-2:
Setting up
WEP on an
ORiNOCO
PC Card.



One area that is consistently confusing when setting up a WEP key ” and
often a real pain in the rear end ” is the tendency of different vendors to
use different formats for the keys. The most common way to format a key is
to use hexadecimal (hex) characters. This format represents numbers and
letters by using combinations of the numbers 0“9 and the letters A“F. (For
example, the name of Pat™s dog, Opie, would be represented in hexadecimal
as 4f 70 69 65.) A few other vendors use ASCII, which is simply the letters and
numbers on your keyboard.

Although ASCII is an easier-to-understand system for entering WEP codes (it™s
really just plain text), most systems make you use hexadecimal: It™s the stan-
dard. The easiest way to enter hex keys on your computers connecting to
your access point is to use the pass phrase that we discuss previously. If
your network adapter client software lets you do this, do it! If it doesn™t, try
entering the WEP key itself that you wrote down when you generated it (it™s
probably hexadecimal). If that doesn™t work either, you might have to dig into
the user™s manual and see whether you need to add any special codes before
or after the WEP key to make it work. Some software requires you to put the
WEP key inside quotation marks; others might require you to put an 0h or 0x
(that™s a zero and an h or an x character) before the key or an h after it (both
without quotation marks).



Closing your network
The last step that we recommend you take in the process of securing your
wireless home network (if your access point allows it) is to create a closed
network ” a network that allows only specific, pre-designated computers and
devices onto it. You can do two things to close down your network, which
makes it harder for strangers to find your network and gain access to it:
196 Part III: Installing a Wireless Network

Turn off SSID broadcast: By default, most access points broadcast their
SSID out onto the airwaves. This makes it easier for users to find the net-
work and associate with it. If the SSID is being broadcast and you™re in
range, you should see the SSID on your computer™s network adapter
client software and be able to select it and connect to it. That is, assum-
ing that you have the right WEP key, if WEP is configured on that access
point. When you create a closed network, you turn off this broadcast so
that only people who know the exact name of the access point can con-
nect to it.
You can find access points even if they™re not broadcasting their SSID
(by observing other traffic on the network with a network sniffer pro-
gram), so this is an imperfect security measure ” and no substitute for
enabling WEP. But it™s another layer of security for your network. Also, if
you™re in an area where you will have a lot of people coming into your
home and wanting to share your connection, you might not want to
close off the network, thus balancing convenience for your friends
against the small exposure of a more open network.
Set access control at the MAC layer: Every network adapter in the
world has a unique number assigned to it known as a Media Access
Controller (MAC) address. You can find the MAC address of your net-
work adapter either by looking at it (it™s usually physically printed on
the device) or using software on your computer:
• Open a DOS window and use the winipcnfg command in
Windows 95/98/Me or the ipconfig/all command on Windows
NT/2000/XP.
• Look in the Network Control Panel/System Preference on a Mac.
With some access points, you can type in the MAC addresses of all the
devices that you want to connect to your access point and block con-
nections from any other MAC addresses.
Again, if you support MAC layer filtering, you™ll make it harder for
friends to log on to when visiting. If you™ve got some buddies who like
to come over and mooch off your broadband connection, you™ll need to
add their MAC addresses as well, or they won™t be able to get on your
network. Luckily, you need to enter their MAC address only one time to
get them “on the list,” so to speak, so you won™t need to do it every time
they show up ” at least until you have to reset the access point (which
shouldn™t be that often).
Neither of these “closed” network approaches is absolutely secure. MAC
addresses can be spoofed (imitated by a device with a different MAC address,
for example), but both are good ways to add to your overall security strategy.
197
Chapter 10: Securing Your Wireless Home Network


Looking Into the Crystal Ball
The limitations of WEP have become a bit of an embarrassment to the wire-
less industry. Although a whole big boatload of businesses has begun using
wireless LANs, many are waiting on the sidelines until security issues are a
bit better sorted out. And although we think that WEP is okay (but not great)
for home use, it™s certainly not good enough for a business that relies upon
the security of its data.

Several efforts are underway to create newer, better, and more secure ways
of protecting wireless LANs . . . efforts that will pay off for home users in the
long run. In this section, we talk about some of the most important of these
efforts and give you a quick overview of them.

This is our “Gaze into the crystal ball and chant voodoo incantations” section
of the chapter. None of this stuff is available yet (although some of it is due in
2003 . . . sometime . . .).



Waiting for WPA
The Institute for Electrical and Electronics Engineers (IEEE ” the group that
developed the standards for 802.11 networks; see Chapter 2) is working on a
long-term solution to WEP™s weaknesses (which we discuss in the following
section about 802.11i). In the meantime, the Wi-Fi Alliance (the group of ven-
dors that ensure the compatibility of Wi-Fi gear) has put together its own
interim solution for wireless LAN security called Wi-Fi Protected Access (WPA).

WPA is a new set of forward-compatible encryption and authentication
enhancements for 802.11 networks. Forward-compatible means that WPA will
work with newer systems that are currently being developed by the IEEE.
Other reasons to get excited about WPA include the following features that it
will offer:

More random encryption techniques: WPA has basically been designed
as an answer for all the current weaknesses of WEP, with significantly
increased encryption techniques. One of WEP™s fatal flaws is that its
encryption is not sufficiently random, meaning that an observer can
more easily find patterns and break the encryption. WPA™s encryption
techniques will basically be more random ” and thus harder to break.
Automatic key changes: WPA also has a huge security advantage in the
fact that it automatically changes the key (although you, as a user, get to
198 Part III: Installing a Wireless Network

keep using the same password to access the system). So by the time a
bad guy has figured out your key, your system would have already
moved on to a new one.
More user-friendly: WPA will also be easier for consumers to use
because there™s no hexadecimal stuff to deal with . . . just a plain text
password. The idea is to make WPA much easier to deal with than WEP,
which takes a bit of effort to get up and running (depending on how
good your access point™s configuration software is).
Backward compatibility: The best thing about WPA is that it™s being
designed to be backward compatible, too. Thus, existing Wi-Fi certified
equipment should be able to be upgraded to WPA by just installing a
downloadable software update.

The Wi-Fi alliance expects to begin certifying WPA equipment sometime in
early 2003. (We haven™t seen any yet, but it™s just a matter of time, as we write.)



The future: 802.11i
WPA is a great next step in wireless LAN security (see the preceding section),
but it™s not the end of the road. Well, face it . . . there is no end of the road.
Computers get more powerful, and the bad guys in the black hats who want
to break into the networks get smarter ” so no system is going to be immune
to security breakdowns forever. Don™t think of security as something that you
can just figure out and put behind you; security is a continuous trek of
upgrades and refinements ” and it always will be.




802.1x: The corporate solution
Another new standard that™s being slowly rolled network. After this authentication process has
out into the Wi-Fi world is 802.1x. This isn™t an been satisfactorily completed, the user is given
encryption system but instead, an authentica- full (or partial, depending on what policies the
tion system. An 802.1x system, when built into authentication server has recorded for the user)
an access point, would allow users to connect access to the network.
to the access point but give them only extremely
802.1x is not something that we expect to see in
limited access (at least initially). In an 802.1x
any wireless home LAN anytime soon. It™s really
system, the user would be able to connect to only
a business-class kind of thing, requiring lots of
a single network port (or service). Specifically,
fancy servers and professional installation and
the only traffic that the user could send over the
configuration. Just thought we™d mention it
network would be to an authentication server,
because you™ll no doubt hear about it when
which would exchange information (such as
you search the Web for wireless LAN security
passwords and encrypted keys) with the user to
information.
establish that he was actually allowed on the
199
Chapter 10: Securing Your Wireless Home Network

The next step on this road, after WPA, is 802.11i. This is an entirely new
reconfiguration of wireless LAN security. Unlike WPA, it likely won™t work on
existing access points and network adapters, at least not all aspects of the
system. But sometime down the road, probably in 2004, you should start
seeing new generations of wireless LAN gear that incorporates 802.11i secu-
rity systems.

Perhaps the biggest advance that you™ll see when 802.11i hits the streets is
the system™s adoption of the Advanced Encryption Standard (AES). AES uses
very sophisticated encryption techniques and super-long keys (much bigger
than the 128-bit keys used by WEP) that take a really, really long time (even
with really fast computers) to break. With today™s technology, at least the
technology available to regular people, AES is essentially unbreakable.

802.11i also includes other security measures (like support for 802.1x, which
we discuss in a nearby sidebar) that help really tighten up wireless LAN secu-
rity. So 802.11i should be worth the wait. In the meantime, use what you have
(WEP), and you™ll be fine.
200 Part III: Installing a Wireless Network
Part IV
Using a Wireless
Network
In this part . . .
And here™s where things get fun: After you get your wire-
less home network installed and running, you probably
can™t wait to use it, both in practical and fun ways. In this
part, we cover the basics on what you can do with your
network, such as sharing printers, ¬les, folders, and even
hard drives. But there are many other cool things that you
can do over a wireless network, too, such as playing multi-
user computer games, connecting your audio-visual
equipment, and operating various types of “smart home”
conveniences. We cover all these great topics here. This
part also contains a chapter on using Bluetooth-enabled
devices and another chapter that describes how to ¬nd
and use wireless hot spots so that you can access the
Internet in public locations.
Chapter 11

Putting Your Wireless Home
Network To Work
In This Chapter
Checking out Network Neighborhood
Finding files on other computers
Sharing printers and other peripherals
Securing your network through sensible sharing
Exploring Mac-friendly sharing




R emember that old Cracker Jack commercial of the guy sitting in the bed
when the kid comes home from school? “What™d you learn in school
today?” he asks. “Sharing,” says the kid. And then out of either guilt or good
manners, the old guy shares his sole box of caramel popcorn with the kid.

You shouldn™t hog your caramel popcorn, and you shouldn™t hog your net-
work resources, either. We™re going to help you share your Cracker Jacks

<<

. 33
( 61 .)



>>