Wireless Security: WPA Step by StepBy Craig Ellison | Posted 2003-10-14 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
PC Magazine's Director of Operations, Craig Ellison, offers a step-by-step guide on using WiFi Protected Access to secure Wi-Fi networks.
Even if you've enabled WEP (Wired Equivalency Protocol) encryption on wireless networks, odds are that they're still not secure. WEP's flaws are well documented. Hackers can break WEP easily. What you need is WPA (Wi-Fi Protected Access), a far stronger protocol that fixes the weaknesses in WEP.
Here we'll take you through the process of upgrading your networking equipment and enabling WPA security for your home WLAN. To upgrade your wireless security to WPA, you must have three critical components:
WPA replaces WEP in small-office or home routers, so moving to WPA is an all-or-nothing proposition. For you to consider an upgrade, every wireless device on your network must have WPA capabilities. This includes any wireless bridges you might use for your Microsoft Xbox (or other gaming device), digital camera, home audio gateway, and print server.
If you haven't purchased wireless hardware already, buying WPA-capable networking equipment is easy. The Wi-Fi Alliance began certifying products for WPA interoperability in April. In addition, all new products submitted for certification after August 2003 must have WPA capability. Any product that passes Wi-Fi WPA compatibility testing will have the Wi-Fi Protected Access box checked on its package label (
You can also visit the Wi-Fi Alliance's Web site and search for WPA-certified products (www.wi-fi.org/OpenSection/certified_products.asp?TID=2).
If you already own wireless networking hardware, upgrading may not be possible. You must check the Web sites of your hardware makers for WPA upgrades. WPA is designed so that legacy wireless hardware can be upgraded via drivers, but with the product cycles of wireless gear being about six months, most manufacturers do not provide WPA upgrades for legacy products. If you find WPA support, it will probably be for relatively new products. If you don't find driver upgrades for your hardware, you'll either have to buy new equipment or live with WEP.
For this article, we selected the Linksys WRT54G broadband router and the Linksys WPC54G client card. Both products are widely available and have online driver and firmware upgrades for WPA.
The easiest part of the process is adding WPA support to your OS. Microsoft provides a free WPA upgrade, but it works only with Windows XP. If you are running an OS other than Win XP, you'll need a third-party supplicant. The client software is available from either Funk Software (www.funk.com) or Meetinghouse Data Communications (www.mtghouse.com). For now, we'll assume that you're running Win XP.
The WPA client is not available as an automatic Windows update. You can find it in the Microsoft Knowledge Base Article 815485 (http://support.microsoft.com/default.aspx?scid=kb;en-us;815485). Download the file into a new directory. Double-click on it to install it. (The file is self-extracting and self-installing) Once you've installed the update, reboot your machine. The software adds additional dialog boxes to the Network Control Panel to support the new authentication and encryption options of WPA. You can check to be sure that the upgrade has been installed by opening the Control Panel, double-clicking on Add or Remove Programs, and checking for Windows XP Hotfix (SP2) Q815485 (
Now you must download the upgrades for your router and network cards. We recommend that you download everything before upgrading anything. For the Linksys router, go to the company's Web site, click on Support | Downloads, select the product (WRT54G), and click on Downloads for this Product. When the page loads, click on Firmware and you'll see the screen in
From this page, you can choose to download the firmware file, manually update your router, or use an automatic update program. We'll use the automatic utility. If you need to download drivers for your wireless adapter, follow the same procedure and enter the name of your adapter (WPC54G), then download the file Wpc54g_driver_utility_v1.21.zip to an empty directory, such as C:\downloads\linksys. Click on the link to download the utility and save the file on your computer. Once the download is complete, click on Open. Now follow the steps in
After your router reboots, log on to it. If possible, use a wired connection to change the security settings, because if you change the settings wirelessly, you won't be able to communicate with your router until after you've configured your client.
Your router's home page will change as a result of the firmware upgrade. To set up the WPA encryption for your router, click on the Enable button and then Edit Security Settings (
Now you're ready to update your network card.
Don't give up yet. We're almost finished!
Because you enabled WPA security on your AP previously, when you finish your client configuration, you should be able to associate with your access point and use the network as you did before. Only now you have a secure wireless link.