Web kiloseven.blogspot.com
www.arrl.org www.eham.net

2012-05-28

A+: Wireless Ethernet (WLAN) Configuration

Most home and small-business networks using encryption will use a pre-shared key (PSK). When a pre-shared key is used, both the wireless router or access point and all clients must have the same PSK before they can connect with each other. WPA and WPA2 also support the use of a RADIUS authentication server, which is used on corporate networks.

Wireless Ethernet requires additional configuration compared to wired Ethernet, as shown below:

The SSID (Service Set Identifier) names the network. XP and later can detect SSIDs on unsecured ('open') networks.

The Channel specifies a predefined frequency for all stations to use. Since the Wireless Zero Configuration service of XP, WIndows will determine the channel to use automatically, but if ad-hoc (peer-to-peer) configurations are used or if vendors software is used for configuration, a manual assignment may be needed. Only channels 1, 5, 11 and 14 do not overlap with other channels, and channel 14 can't be used in North America.

WEP (Wireless Equivalent Privacy) is the oldest wireless security method, and was intended to prevent access by unauthorized users. 802.11n does not permit WEP, and you should use WPA2 or WPA if available to all devices on the WLAN. If WEP, WPA or WPA2 is not used or is disabled (which is the default when shipped), anyone can get on the WLAN and record the network traffic if they know or can find the SSID, and SSID-finding software is easily obtained.  Also, WEP is an inefficient protocol, and can take up to 35% of your  router's CPU time, whereas WPA and WPA2 are not only more secure, but also more efficient, limiting CPU time to 5%.

WEP Encryption Strength can be set to 64-bit (13 ASCII characters) or 128-bit (26 ASCII characters). You should not use WEP if you can use WPA or WPA2, and you should not use 64-bit WEP if you can use 128-bit WEP, but, really, if an FBI agent can break 128-bit WEP in 5 minutes in his first attempt (at a Las Vegas hacker's convention years ago), imagine how quickly your hacking-obsessed 14-year-old neighbor can break 128-bit WEP.  Make sure to use WPA or WPA2. 

The WEP Key is the password for the encryption of your network for security. All network devices must use the same method and the same key.


WPA is Wi-Fi Protected Access, a stronger and faster security method than WEP. A driver or firmare upgrade may be needed for older equipment which did not originally support WPA.  WPA2 is a newer, 21-Century variation which is stronger than WPA.


The WPA Encryption Type for WPA or WPA2 can be either

  • TKIP, the Temportal Key Integrity Protocol, a 128-bit protocol which is compatible with older gear, or
  • AES, the Advanced Encryption Standard, aka CCMP, a preferred protocol using 128-bits or 256-bits which is also used elsewhere. 
WPA Keys may be up to 63 characters long, and can include uppercase and lowercase letters as well as numbers and other characters. Some hardware may not support 63 character keys.

WPS is Wireless Protected Setup, a newer method for automated security. It, too, should be avoided, as it's been broken. See http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access for more.



Labels:

0 Comments:

Post a Comment

<< Home