|Home │ Wireless Network Security Part 1 │|
Wireless Network Security in Windows XP (Part 2)
Revised and updated 13 Feb 2005
Topics on this page (continued from Part 1):
 Router Security Settings (continued from Part 1)
(continued from Part 1)
Choose WPA Pre-Shared Key (PSK) as Security Mode with TKIP algorithm. Do not use WEP if your hardware and clients support WPA. Alternately use AES algorithm for WPA (but not all hardware supports this option). Use a random and long key (at least 8 alphanumeric non-word random characters, preferably much longer; fig. 4). Optionally, set the Group Key Renewal to a lower number of seconds (more secure but traffic may take longer).
Fig. 4. WPA-PSK and TKIP.
Enable MAC Filter for Wireless Network Access. Manually type the network adaptor's MAC address or click the button Select MAC Address From Networked Computers (fig. 5). If you don't know the MAC address, go to command prompt of the computer concerned and type:
and identify it under physical address of the network adaptor.
Fig. 5. MAC address filtering (Wireless Network Access).
Filter MAC Address: set the MAC address Access Control Table; this is not the same as MAC address filtering for wireless access above. It applies to both wired and wireless computers being allowed to access the internet. You can set either Allow or Deny specific MAC addresses, depending on your needs (fig. 6).
Fig. 6. MAC Address Filter (Access Control).
In Linksys, it's not possible to assign fixed internal IP address for computers (you can in Netgear). Although it's not strictly a security risk, setting fixed IPs has some advantages when you configure router to share files or use remote desktop.
Some routers (e.g. Netgear) have a fixed time-out period, after which you have to re-logon but this feature is not found in Linksys. The only way to log out is to close the browser.
The wireless connection GUI is slightly different in Windows XP SP2. The major difference between SP2 and pre-SP2 is there is no WPA option in Windows XP Gold and SP1 without the wireless update rollup package; in which case use WEP with the highest encryption (consult the references below). The following applies to SP2 using WPA.
Figure 7 shows the Windows SP2 GUI for setting up wireless network.
Fig. 7. Configuring WPA in Windows XP SP2.
The above are the basic router security settings for the home and SOHO wireless network user. There are other options for more advanced users which you might wish to use. If you run a server then there are other security considerations and auditing. Remember, security is not absolute and depends on taking the above measures as well as user vigilance.
Although these are not part of wireless network security as such, you should do the following too to secure file sharing in Windows:
For wireless and/or internet connectivity and folder sharing problems, check the following to try to narrow down the problem:
Is the router switched on (check power cable)?
Is the router connected to outside modem correctly (check cable) and is the modem switched on?
Is the wireless NIC correctly installed in the computer (check Device Manager - wireless network device enabled, and physically examine the hardware)?
Is the wireless enabled computer too far or obscured from the wireless AP? If it's a laptop trying bringing it closer.
If you use wireless hardware profile, have you logged on using this and not a wired profile accidentally?
Have you checked the IP address status using the ipconfig
command? Is the internet IP correct? Is DHCP enabled? Is DNS server
found? Have you tried releasing the renewing the IP (by typing:
Have you tried repairing the network connection (R click the wireless connection icon in the Notification Area (system tray))?
Have you tried rebooting the modem, router and computer (sometimes it solves the DHCP/DNS issues)?
Have you updated Windows XP client?
Have you updated router firmware?
Have you updated wireless NIC firmware?
Can you connect with wired LAN?
Can you connect with firewall disabled on both computers?
Have you checked folder sharing permissions carefully?
Have you checked or retyped the WPA key?
Have you tried re-running the Windows Wireless Network Setup Wizard again?
Have you search on the internet and in the wireless NIC manufacturer's website about any possible problem and solution to the NIC?
802.1x authentication method required in WPA, optional in the 802.11 standard
802.11b a Wi-Fi standard from IEEE: max. 11Mbs
802.11g a Wi-Fi standard from IEEE: max. 54Mbs
802.11i a draft IEEE standard for wireless network security
AES Advanced Encryption Standard, an option in WPA
AP access point
EAP Extensible Authentication Protocol
Encryption data scrambling; here it refers to WEP and WPA
ICV integrity check value
IEEE Institute of Electrical & Electronics Engineers
MAC Media Access Control in the IEEE 802.x specification
MIC message integrity code
Michael a new algorithm that calculates an 8-byte message integrity code (MIC) using the calculation facilities available on existing wireless devices. The MIC is placed between the data portion of the IEEE 802.11 frame and the 4-byte ICV.
PSK Pre-shared Key
RADIUS Remote Authentication Dial-In User Service
SSID Service Set Identifier
TKIP Temporal Key Integrity Protocol
War driving the practice of driving around business or residential neighbourhoods scanning for wireless network names
WPA Wi-Fi Protected Access, an interim standard for Wi-Fi security
WEP Wired Equivalent Privacy
Download the WindowsXP-KB826942-x86-enu.exe package (Windows XP 32-bit editions) Release Date: October 31, 2003
Microsoft Corporation with Strebe, M., MCSA/MCSE Self-Paced Training Kit (Exam 70-214): Implementing and Administering Security in a Microsoft Windows 2000 Network (Redmond: Microsoft Press, 2003)
Smith, B. and Komar, B. with the Microsoft Security Team, Microsoft Windows Security Resource Kit (Redmond: Microsoft Press, 2003)
Northrup, T. and Thomas O.: MCSA/MCSE Self-Paced Training Kit (Exam
70-299): Implementing and Administering Security in a Microsoft® Windows
Server™ 2003 Network (Redmond: Microsoft Press, 2004)
Go to Part 1 of this article
Go to TOP
Copyright © 2004-2005 by Kilian. All my articles including graphics are provided "as is" without warranties of any kind. I hereby disclaim all warranties with regard to the information provided. In no event shall I be liable for any damage of any kind whatsoever resulting from the information. The articles are provided in good faith and after some degree of verification but they may contain technical or typographical errors. Links to other web resources may be changed at any time and are beyond the control of the author. Articles may be added, removed, edited or improved at any time. No support is provided by the author.
This is not an official support page for any products mentioned. All the products mentioned are trademarks of their companies.
Created 5 Dec 2004; updated 27 Feb 2005