Wireless Tips: Your Wireless Network Needs a Security Update

Do you think your wireless network is secure? Better think again. The newest Wi-Fi security standard, called Wireless Protected Access 2, adds professional-grade encryption--but even though the standard has been around for more than a year, most people still aren't using it.

WPA2 security is definitely worth the modest amount of effort required to set it up. The original WPA security standard can be cracked with relative ease unless you use a passphrase that is longer than 20 characters and is not merely composed of words that can be found in a dictionary (English or otherwise).

And while WPA's predecessor, Wired Equivalent Privacy, is still around, relying on it is only marginally safer than having no network protection at all. WEP can be cracked in seconds, no matter how complex a "key" you contrive for it. If your primary security concern is to prevent neighbors and passersby from siphoning your network's bandwidth, WEP will suffice; if you're serious about keeping your data private, however, you need WPA2.

Before you can add WPA2 protection to your network, you must download and install Microsoft's WPA2 hotfix for Windows XP (KB893357). You may also need to install the latest drivers for your wireless card. Microsoft's Windows Update page often lists these updates under its 'Hardware, Optional' category; you can also check for updates on your card manufacturer's Web site.

Next, download and install the latest firmware update for your wireless router from its manufacturer's Web site. (The Wi-Fi Alliance maintains a list of products that support WPA2.) If your router has gotten too old to support an upgrade to WPA2 or even to the original WPA standard, replace it; new ones cost as little as $35.

With your equipment fully patched, log in to your router's administration page through your Web browser (check the manual for the exact steps), and change the security settings to WPA2 Personal: Choose TKIP+AES as the WPA algorithm to use, and enter your passphrase in the field labeled WPA Shared Key (see FIGURE 1

FIGURE 1: Set your network to Wireless Protected Access 2 via the security options for your gateway.
) and in the passphrase confirmation field below it. Your phrase can consist of any combination of letters and numbers, up to 63 characters in length. Save your changes, and the router setup is done.

The next time you log on to your newly WPA2-protected gateway, your system will prompt you for your WPA Shared Key passphrase. Type the WPA2 passphrase into the appropriate fields in the Wireless Network Connection dialog box.

Automated Wi-Fi Security

Even though Windows 2000 and earlier versions don't support WPA2 network security, you can still have a secure wireless network under older Windows releases, with the help of the right tools.

McAfee's $80 Wireless Home Network Security software can configure the Wi-Fi security settings for many different wireless gateways and for up to three networked PCs (see FIGURE 2

FIGURE 2: Keep your wireless network connection safe by using McAfee's $80 Wireless Home Network Security program.
). The company maintains a list of the devices that the program works with. Though the software can't handle WPA2 yet, it does address one of WPA's weaknesses: the protocol's use of a static key, which makes it easier to crack. The program automatically generates, and then rotates through, new keys on any PC on the network, and on the gateway itself.

One way to check the security of your wireless network is with Marius Milner's Netstumbler utility. Not only can the program help you determine your network's vulnerability, but it can also reveal the sources of network interference and identify areas of weak signal strength. Netstumbler is free to use, but the author requests that you make a donation of $50 (which he refers to as "beggarware") if you like it.

Senior Associate Editor Andrew Brandt writes the Privacy Watch column.
To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon