Tutorial: How to ready WPA2 on your wireless network

Information technology'south worth the actress steps to keep your communications secure

If you are like nearly people, your home or minor office wireless router probably is running without any encryption whatsoever, and you are a sitting duck for someone to easily view your network traffic.

Some of y'all accept put encryption on your wireless networks but aren't using the best wireless security methods. This means that you are running your networks with inferior protocols that offer a false sense of protection because these protocols are very easily broken into. It is the divergence between using a deadbolt and a uncomplicated lock on your front door. For example, Tom's Networking has a three-part serial that shows you how easy information technology is to crack Wired Equivalent Privacy.

If you want to go along your neighbors out of your business, so you lot need to apply Wi-Fi Protected Admission version 2 (WPA2) encryption. This is at present showing up on a number of routers and is worth the extra few steps involved to brand certain your communications are secure. It is currently the all-time encryption method but getting it going isn't so uncomplicated. This recipe will testify yous how to make information technology work.

How does WPA2 differ from earlier versions? First, information technology supports the 802.11i encryption standards that have been ratified by the IEEE. These are the commercial-grade encryption products that are bachelor on enterprise-grade products.

Second, at that place are two encryption methods that WPA2 adds: one called Advanced Encryption Standard (AES) and i chosen Temporal Primal Integrity Protocol (TKIP). Both of these permit for stronger encryption, and while the differences betwixt the two aren't that important for our purposes, you should pick one method when yous ready your network as you'll see in a moment.

Finally, the protocol creates a new encryption primal for each session, while the older encryption standards used the same key for everybody -- which is why they were a lot easier to crack.

Besides part of the new standard is Pairwise Principal Central caching, where faster connections occur when a client goes back to a wireless admission indicate to which the customer already is authenticated. There is i more than acronym I'll mention, and that is Pre-Shared Cardinal or PSK. The WPA2 standard supports two different authentication mechanisms: i using standard RADIUS servers and the other with a shared key, similar to how WEP works. We'll go dorsum to this in a moment, but permit's show y'all how to become this train going.

Stride i: Windows Os: Showtime make certain your operating system is upwards to date. If you are running Windows XP, you lot'll need service pack 2 and yous'll need to download the WPA2 patch that's located hither.

If you're using a Mac, y'all need to be running OS Ten 10.4.2 or ameliorate. Apple calls its version WPA2 Personal. While Linux is outside the scope of this commodity, yous tin can get more than information here.

Footstep 2: Wireless Adapter: While you are updating your Windows Bone, you might desire to make sure that the wireless adapter in your laptop is too up to the task of supporting WPA2. The Wi-Fi Alliance maintains an online database of products that is somewhat difficult to use. Become to their Web site, check the WPA2 box and then select which vendor you are interested in.

If y'all accept a built-in Intel wireless adapter, it needs to exist running Intel's ProSet version 7.ane.iv or better, excluding versions 8.x. Y'all can get more information on this folio on Intel's Spider web site.

Step 3: Wireless access point/router: Side by side, make certain your router/gateway tin back up WPA2. If you lot take purchased it in the terminal year, chances are good that information technology does, but you might need to update your firmware as well. For the Belkin Pre-Due north router model 2000, I needed to update the firmware to version 2.01. An older model 1000 didn't support WPA2 and couldn't be upgraded. How tin you tell the departure when yous are buying one? You lot tin can't, other than opening the box and looking at the label on the bottom of the unit.

Hither is how y'all gear up up the wireless security section of your router to back up WPA2. In our examples hither, we chose WPA2-AES. Here's a screenshot for the Belkin router:

wpa4.jpg

You lot'll detect that you lot can obscure the key from beingness shown on the screen, which is a nice feature. That is the PSK that we mentioned earlier. Go along track of this; you'll need information technology later.

With this recipe, I also tried a Netgear WNR854T router, which didn't need whatever firmware update to back up WPA2. Hither is the screenshot from the Netgear router, where you tin see the shared passphrase on the screen in the clear:

wpa2.jpg

If you are using Apple's Airport router, you need to download the patch for Drome four.2 here.

Step 4. Finishing the configuration: At present comes the fun role. In one case you lot have your routers fix, you need to get the clients working properly. I'll evidence you the screens for Windows, but the Mac is similar.

The biggest event is that yous have to remember the PSK that you used to prepare up the router and enter it when prompted by the OS. You can enter any phrase from viii to 63 characters, and plainly the longer the ameliorate. Don't forget to match the correct combination of acronyms that you chose when yous ready your router to friction match what is required in Windows' Wireless Properties Association dialog box, as shown in this screenshot:

wpa3.jpg

Practise this for all of the customer computers on your network. Once you become everything working, if you take a look at your wireless connections screen, you should see something like this, where the wireless3 access point is showing that it has WPA2 security enabled:

wpa1.jpg

OK, now you lot should be washed. If you aren't getting a connection, chances are there is a mismatch between your router and your client. Cheque all the steps and make sure that the WPA2 choices are showing up in the right places and that y'all take chosen the advisable encryption method (AES or TKIP) for both router and client pairs. You might also take to use the wireless management software from your adapter vendor, rather than Microsoft's, to set upwardly your connection. Once you lot accept a working connectedness, yous don't accept to go through all these steps and should be connected securely automatically.

David Strom is a writer, editor, public speaker, blogging bus and consultant. He is a former editor in chief of Network Calculating and Tom'due south Hardware and has his own blog at http://strominator.com . He tin can exist reached at david@strom.com .

David Strom writes and speaks about security, networking and communications topics for CSO Online, Network World, Computerworld and other publications. He tin can be reached through his web site, or on Twitter @dstrom.

Copyright © 2006 IDG Communications, Inc.