Easy 802.11g Security

STEP 4: For Very Small Installations, Consider MAC Address Filtering
To provide some extra protection in very small deployments, you can use media access control (MAC) address filtering, which most wireless APs support. All wireless network adapters have a unique MAC address. You can see the MAC address of a client's adapter card by typing the following command at the client's command prompt:

ipconfig /all 

Type the MAC addresses of all the clients that you want to be able to access the wireless AP into the Linksys MAC Address filter, which Figure 3 shows. (Access this page from the Linksys AP firmware's Wireless tab.) Only the specified adapters will be able to connect to the AP.

MAC addresses can be spoofed by certain programs, and users sometimes swap their Wi-Fi network adapters, so although MAC address filtering stops the casual snoop, it isn't as secure as stronger authentication mechanisms such as WPA RADIUS using 802.1x. Keeping an upto-date MAC address list is also difficult to do for all but the smallest networks. However, MAC address filtering can help guard against someone obtaining the WPA shared key from an employee who has it, although a determined hacker can circumvent MAC filtering, too.

STEP 5: Isolate the Wireless AP
You'll also want to be conscious of where you connect your wireless AP to your network. The Linksys AP includes a firewall, and most users will use this device as their Internet gateway in addition to it being their wireless AP. If you don't trust your wireless network as much as your wired network or for more sensitive deployments, I recommend connecting your wireless AP between a firewall on your wired network and the Internet. By installing your wireless AP on a perimeter network, you can further restrict which computers on the internal network your wireless clients can access.

STEP 6: Configure the Clients
Setting up security on a wireless AP is only one side of the equation. You must also configure security settings on your wireless clients. For the latest features, you should upgrade your clients to XP SP2 and install the most recent wireless network adapter drivers. If possible, choose wireless cards that support WPA or WPA2. Current models of the Linksys wireless adapter with the latest firmware and drivers support WPA and WPA2 and both the TKIP and AES encryption algorithms.

To configure a wireless client with the same encryption settings as on your wireless AP, click Start, Connect To, Wireless Network Connection, View Available Wireless Networks, Change Advanced Settings. Go to the Wireless Networks tab, then click Add under Preferred networks to open the wireless network's properties dialog box. (Alternatively, right-click your wireless network adapter and click Properties.) Go to the Association tab, which Figure 4 shows.

To configure the client to connect to a wireless AP with a nondefault SSID, enter the network name (i.e., the SSID) of the wireless AP, in this case, private. If your wireless AP and other wireless clients support WPA-PSK and AES, choose those values for the Network Authentication field and Data encryption field, respectively. Then enter the shared key you entered at your wireless AP. That's all you need to configure on this dialog box. If you must use WEP, you'll need to change Network Authentication to open or shared, change the encryption type to WEP, and enter the key index and key that exactly match the key configuration on your AP. After your client settings match your wireless AP settings, the client should automatically connect and securely communicate with your wireless AP.

Guard Your Privacy
Wireless networks continue to proliferate, which is easy to see for yourself by simply taking a walk in any city with your Wi-Fi enabled laptop or PDA and witnessing all the open wireless APs inviting you to connect. Keep your network private by taking the simple steps outlined here to secure it.