│  Wireless Network Security Part 1  │ 
 

Wireless Network Security in Windows XP (Part 2)

Revised and updated 13 Feb 2005

Topics on this page (continued from Part 1):

[4] Router Security Settings (continued from Part 1)

[5] How to add SSID/WPA keys on a computer with Windows XP SP2

[6] Other network security considerations

[7] Troubleshooting

Glossary

References

 

 

4. Router Security Settings

(continued from Part 1)

Choose WPA Pre-Shared Key (PSK) as Security Mode with TKIP algorithm. Do not use WEP if your hardware and clients support WPA. Alternately use AES algorithm for WPA (but not all hardware supports this option). Use a random and long key (at least 8 alphanumeric non-word random characters, preferably much longer; fig. 4). Optionally, set the Group Key Renewal to a lower number of seconds (more secure but traffic may take longer).

WPA-PSK and TKIP

Fig. 4. WPA-PSK and TKIP.

 

Enable MAC Filter for Wireless Network Access. Manually type the network adaptor's MAC address or click the button Select MAC Address From Networked Computers (fig. 5). If you don't know the MAC address, go to command prompt of the computer concerned and type:

ipconfig /all

and identify it under physical address of the network adaptor.

MAC address filtering (Wireless Network Access)

Fig. 5. MAC address filtering (Wireless Network Access).

 

Filter MAC Address: set the MAC address Access Control Table; this is not the same as MAC address filtering for wireless access above. It applies to both wired and wireless computers being allowed to access the internet. You can set either Allow or Deny specific MAC addresses, depending on your needs (fig. 6).

MAC Address Filter (Access Control)

Fig. 6. MAC Address Filter (Access Control).

 

In Linksys, it's not possible to assign fixed internal IP address for computers (you can in Netgear). Although it's not strictly a security risk, setting fixed IPs has some advantages when you configure router to share files or use remote desktop.

Some routers (e.g. Netgear) have a fixed time-out period, after which you have to re-logon but this feature is not found in Linksys. The only way to log out is to close the browser.

 

5. How to add SSID/WPA keys on a computer with Windows XP SP2

The wireless connection GUI is slightly different in Windows XP SP2. The major difference between SP2 and pre-SP2 is there is no WPA option in Windows XP Gold and SP1 without the wireless update rollup package; in which case use WEP with the highest encryption (consult the references below). The following applies to SP2 using WPA.

  1. If it's the first time setting up wireless network, run the Wireless Network Setup Wizard and follow the steps.
     
  2. Go to Wireless Network Connection Properties (R click wireless network NIC in Control Panel > Network and Internet Connections > Network Connections > Wireless Network Connection > Change settings of this connection). There is more than one way to do this and you can have a look yourself. If this is the first time, choose Create a new connection.
     
  3. In Wireless Network tab, under Preferred networks, click Add. Or, when changing configuration of an established network, highlight the desired network in the box and click Properties.
     
  4. In Wireless network properties window, Association tab, enter the same SSID you assigned in the router. You must do this whether or not router SSID broadcast is disabled.
     
  5. Set Network Authentication to WPA-PSK.
     
  6. Set Data encryption to TKIP.
     
  7. Enter the PSK (exactly as you entered in the router) in the Network key field and again in the Confirmation network key field.
     
  8. Click OK.
     
  9. Wait for new network connection to finish detection. If necessary, do a repair on the wireless network connection (R click on the wireless network icon on the notification area), or reboot the computer.
     

Figure 7 shows the Windows SP2 GUI for setting up wireless network.

Configuring WPA in Windows XP SP2

Fig. 7. Configuring WPA in Windows XP SP2.

 

6. Other network security considerations

The above are the basic router security settings for the home and SOHO wireless network user. There are other options for more advanced users which you might wish to use.  If you run a server then there are other security considerations and auditing. Remember, security is not absolute and depends on taking the above measures as well as user vigilance.

Although these are not part of wireless network security as such, you should do the following too to secure file sharing in Windows:

  • install a good software firewall (that is, not Windows' inbuilt firewall, this would give an added layer of protection);
  • install a good anti-virus programme;
  • disable the Guest account;
  • disable potentially unsafe Windows system services (see my tutorial on system services);
  • use NTFS in the partition to host all the shared folders;
  • configure Windows NTFS folder permissions and folder sharing permissions (they are not the same) to the highest level (most restrictive) possible (e.g. remove Everyone Group and add Authenticated Users Group);
  • install all the Microsoft Windows and Internet Explorer security patches as soon as they are released.

 

7. Troubleshooting

For wireless and/or internet connectivity and folder sharing problems, check the following to try to narrow down the problem:

Is the router switched on (check power cable)?

Is the router connected to outside modem correctly (check cable) and is the modem switched on?

Is the wireless NIC correctly installed in the computer (check Device Manager - wireless network device enabled, and physically examine the hardware)?

Is the wireless enabled computer too far or obscured from the wireless AP? If it's a laptop trying bringing it closer.

If you use wireless hardware profile, have you logged on using this and not a wired profile accidentally?

Have you checked the IP address status using the ipconfig command? Is the internet IP correct? Is DHCP enabled? Is DNS server found? Have you tried releasing the renewing the IP (by typing:
ipconfig /release
and
ipconfig /renew)? Internal IPs should normally be 192.168.x.x.

Have you tried repairing the network connection (R click the wireless connection icon in the Notification Area (system tray))?

Have you tried rebooting the modem, router and computer (sometimes it solves the DHCP/DNS issues)?

Have you updated Windows XP client?

Have you updated router firmware?

Have you updated wireless NIC firmware?

Can you connect with wired LAN?

Can you connect with firewall disabled on both computers?

Have you checked folder sharing permissions carefully?

Have you checked or retyped the WPA key?

Have you tried re-running the Windows Wireless Network Setup Wizard again?

Have you search on the internet and in the wireless NIC manufacturer's website about any possible problem and solution to the NIC?

 

Glossary

802.1x authentication method required in WPA, optional in the 802.11 standard

802.11b a Wi-Fi standard from IEEE: max. 11Mbs

802.11g a Wi-Fi standard from IEEE: max. 54Mbs

802.11i a draft IEEE standard for wireless network security

AES Advanced Encryption Standard, an option in WPA

AP access point

EAP Extensible Authentication Protocol

Encryption data scrambling; here it refers to WEP and WPA

ICV integrity check value

IEEE Institute of Electrical & Electronics Engineers

MAC Media Access Control in the IEEE 802.x specification

MIC message integrity code

Michael a new algorithm that calculates an 8-byte message integrity code (MIC) using the calculation facilities available on existing wireless devices. The MIC is placed between the data portion of the IEEE 802.11 frame and the 4-byte ICV.

PSK Pre-shared Key

RADIUS Remote Authentication Dial-In User Service

SSID Service Set Identifier

TKIP Temporal Key Integrity Protocol

War driving the practice of driving around business or residential neighbourhoods scanning for wireless network names

WPA Wi-Fi Protected Access, an interim standard for Wi-Fi security

WEP Wired Equivalent Privacy

 

References

Wi-Fi Protected Access (WPA) Overview. The Cable Guy - March 2003

Wi-Fi Protected Access Data Encryption and Integrity. The Cable Guy - November 2004

Configuring Windows XP IEEE 802.11 Wireless Networks for the Home and Small Business

IEEE 802.11 Wireless LAN Security with Microsoft Windows XP (WiFi_Security.doc download)

KB 815485 Overview of the WPA Wireless Security Update in Windows XP

KB 826942 Wireless update rollup package for Windows XP is available

Download the WindowsXP-KB826942-x86-enu.exe package (Windows XP 32-bit editions) Release Date: October 31, 2003

Microsoft Wi-Fi Website

Wi-Fi

WPA Wireless Security for Home Networks

Microsoft Corporation with Strebe, M., MCSA/MCSE Self-Paced Training Kit (Exam 70-214): Implementing and Administering Security in a Microsoft Windows 2000 Network (Redmond: Microsoft Press, 2003)

Smith, B. and Komar, B. with the Microsoft Security Team, Microsoft Windows Security Resource Kit (Redmond: Microsoft Press, 2003)

Northrup, T. and Thomas O.: MCSA/MCSE Self-Paced Training Kit (Exam 70-299): Implementing and Administering Security in a Microsoft® Windows Server™ 2003 Network (Redmond: Microsoft Press, 2004)
 

Go to Part 1 of this article

Go to TOP

 

 

Copyright © 2004-2005 by Kilian. All my articles including graphics are provided "as is" without warranties of any kind. I hereby disclaim all warranties with regard to the information provided. In no event shall I be liable for any damage of any kind whatsoever resulting from the information. The articles are provided in good faith and after some degree of verification but they may contain technical or typographical errors. Links to other web resources may be changed at any time and are beyond the control of the author. Articles may be added, removed, edited or improved at any time. No support is provided by the author.

This is not an official support page for any products mentioned. All the products mentioned are trademarks of their companies.

Created 5 Dec 2004; updated 27 Feb 2005