Wireless Security: WPA Step by Step

By Craig Ellison  |  Posted 2003-10-14 Email Print this article Print
 
 
 
 
 
 
 

PC Magazine's Director of Operations, Craig Ellison, offers a step-by-step guide on using WiFi Protected Access to secure Wi-Fi networks.

Even if you've enabled WEP (Wired Equivalency Protocol) encryption on wireless networks, odds are that they're still not secure. WEP's flaws are well documented. Hackers can break WEP easily. What you need is WPA (Wi-Fi Protected Access), a far stronger protocol that fixes the weaknesses in WEP.

Here we'll take you through the process of upgrading your networking equipment and enabling WPA security for your home WLAN. To upgrade your wireless security to WPA, you must have three critical components:

  • an access point (AP) or wireless router that has WPA support;
  • a wireless network card that has WPA drivers available;
  • a client (called a supplicant) that supports WPA and your operating system.

    WPA replaces WEP in small-office or home routers, so moving to WPA is an all-or-nothing proposition. For you to consider an upgrade, every wireless device on your network must have WPA capabilities. This includes any wireless bridges you might use for your Microsoft Xbox (or other gaming device), digital camera, home audio gateway, and print server.

    If you haven't purchased wireless hardware already, buying WPA-capable networking equipment is easy. The Wi-Fi Alliance began certifying products for WPA interoperability in April. In addition, all new products submitted for certification after August 2003 must have WPA capability. Any product that passes Wi-Fi WPA compatibility testing will have the Wi-Fi Protected Access box checked on its package label (Figure 1).

    You can also visit the Wi-Fi Alliance's Web site and search for WPA-certified products (www.wi-fi.org/OpenSection/certified_products.asp?TID=2).

    If you already own wireless networking hardware, upgrading may not be possible. You must check the Web sites of your hardware makers for WPA upgrades. WPA is designed so that legacy wireless hardware can be upgraded via drivers, but with the product cycles of wireless gear being about six months, most manufacturers do not provide WPA upgrades for legacy products. If you find WPA support, it will probably be for relatively new products. If you don't find driver upgrades for your hardware, you'll either have to buy new equipment or live with WEP.

    For this article, we selected the Linksys WRT54G broadband router and the Linksys WPC54G client card. Both products are widely available and have online driver and firmware upgrades for WPA.

    The easiest part of the process is adding WPA support to your OS. Microsoft provides a free WPA upgrade, but it works only with Windows XP. If you are running an OS other than Win XP, you'll need a third-party supplicant. The client software is available from either Funk Software (www.funk.com) or Meetinghouse Data Communications (www.mtghouse.com). For now, we'll assume that you're running Win XP.

    The WPA client is not available as an automatic Windows update. You can find it in the Microsoft Knowledge Base Article 815485 (http://support.microsoft.com/default.aspx?scid=kb;en-us;815485). Download the file into a new directory. Double-click on it to install it. (The file is self-extracting and self-installing) Once you've installed the update, reboot your machine. The software adds additional dialog boxes to the Network Control Panel to support the new authentication and encryption options of WPA. You can check to be sure that the upgrade has been installed by opening the Control Panel, double-clicking on Add or Remove Programs, and checking for Windows XP Hotfix (SP2) Q815485 (Figure 2).

    Now you must download the upgrades for your router and network cards. We recommend that you download everything before upgrading anything. For the Linksys router, go to the company's Web site, click on Support | Downloads, select the product (WRT54G), and click on Downloads for this Product. When the page loads, click on Firmware and you'll see the screen in Figure 3.

    From this page, you can choose to download the firmware file, manually update your router, or use an automatic update program. We'll use the automatic utility. If you need to download drivers for your wireless adapter, follow the same procedure and enter the name of your adapter (WPC54G), then download the file Wpc54g_driver_utility_v1.21.zip to an empty directory, such as C:\downloads\linksys. Click on the link to download the utility and save the file on your computer. Once the download is complete, click on Open. Now follow the steps in Figure 4 to complete the upgrade.

    After your router reboots, log on to it. If possible, use a wired connection to change the security settings, because if you change the settings wirelessly, you won't be able to communicate with your router until after you've configured your client.

    Your router's home page will change as a result of the firmware upgrade. To set up the WPA encryption for your router, click on the Enable button and then Edit Security Settings (Figure 5). The following page has your WPA options (Figure 6).

  • In the Security Mode field, select WPA Pre-Shared Key (no authentication server required).
  • For WPA Algorithms, select TKIP. This is the approved and certified algorithm. Though some products support AES (Advanced Encryption System), interoperability among various vendors' products hasn't been certified. You could try AES on your router and client; if it works, AES provides even greater security than WPA.
  • For the WPA Pre-Shared Key, create a key that won't be easily compromised. Write it down, as you'll need to enter the same key when you configure your network card.
  • Leave the Group Key Renewal row set at 3600, then click on Apply.

    Now you're ready to update your network card.

  • Unzip the driver file you downloaded earlier. The directory where you unzipped the file contains the driver you need (Bcmwl5.sys) along with the INF file. Make a note of this location. Although you can uninstall the old drivers from the Add or Remove Programs applet and reinstall the entire package you've downloaded, it's much easier to update the driver via the Device Manager (Figure 7).
  • From the Control Panel, double-click on the System icon and click on the Hardware tab. Click on Device Manager.
  • Right-click on the wireless adapter.
  • Select Properties and click on Driver. If your card hasn't been upgraded, you'll see a driver date prior to 5/26/2003. If you driver is dated May 26 or later, it already supports WPA. You can click on Cancel and jump to the step that shows the Wireless Networks dialog (Figure 8).
  • Click on Update Driver.
  • Tell the wizard to search specific locations for the driver. Type in the directory where you unzipped the upgrade file.
  • Click on Next.
  • The updated driver will show a date of 5/26/2003 or later.

    Don't give up yet. We're almost finished!

  • Open the Network applet in the Control Panel, right-click on your wireless card, and click on the Wireless Networks tab (Figure 8).
  • In the Available networks window, select the name of your network. This is the same as the SSID (network name) you configured in your router.
  • Click on Configure.
  • Under Network Authentication, select WPA-PSK. If you don't select the correct authentication mode, you won't be allowed to select the correct encryption mode (TKIP). If you leave network authentication set to Open, the only encryption options you'll see are WEP or Disabled.
  • In Data encryption, select TKIP (or AES if you selected AES earlier).
  • In Network key, type in the same WPA Shared Key you entered into the AP configuration and type it again under Confirm network key. Then click on OK.

    Because you enabled WPA security on your AP previously, when you finish your client configuration, you should be able to associate with your access point and use the network as you did before. Only now you have a secure wireless link.

  •  
     
     
     
    Craig Ellison is PC Magazine Labs' director of operations. The Labs staff, in consultation with PC industry experts, develops procedures and scripts for the independent and impartial testing underlying all PC Magazine reviews.
     
     
     
     
     
     

    Submit a Comment

    Loading Comments...