Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


October 2002

Configuring Basic 802.11b Security

You have little choice but to lock down these ubiquitous devices
From the October 2002 Edition
of Windows IT Pro
Jeff Fellinge
Focus
InstantDoc #26355
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Security Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!
SideBar    A Glimpse at 802.1x Authentication

You've now completed basic security configuration for an 802.11b AP. Remember that some proprietary solutions add extra security features beyond the basic 802.11b specification, so be sure to check your vendor's documentation. Now, it's time to use Wireless Zero Configuration services or third-party drivers to configure the client. The steps to do so are similar. For the Wireless Zero Configuration example, I used an Intel 2011 wireless NIC. For the third-party driver example, I used an SMC SMC2632W wireless NIC. Both communicate with NET-GEAR's ME102 AP. These products are popular, inexpensive 802.11b solutions that you might see in home or workgroup implementations.

Wireless Zero Configuration Steps
Wireless Zero Configuration, which promises to centralize and sanitize wireless configuration in XP, is a service that's installed and started by default on all XP machines. When you install a wireless card that supports Wireless Zero Configuration, you don't need to install any third-party drivers. You need only to install the supported card (PC Card or USB) onto your computer, and Windows automatically installs the drivers and attempts to connect to an available AP. To use Wireless Zero Configuration to get up and running, follow these steps:

  1. Insert the card into the computer. XP might prompt you to install drivers, although the Intel 2011 card didn't prompt me. In fact, after I plugged in this card, XP silently installed the necessary drivers. I viewed progress in XP pop-up balloons. The first balloon notified me that the new hardware was ready to use. The second balloon notified me that a new wireless network was available.

    2. If you didn't configure your wireless AP for Shared Key authentication and WEP, XP automatically connects to your network. Remember that anyone else can just as easily attach to your network!

    You can check the Microsoft Hardware Compatibility List (HCL) to ensure that your wireless device supports Wireless Zero Configuration—not all of them do. Devices that have proprietary features will likely require specific drivers. Another way to check for Wireless Zero Configuration support is to go ahead and install the card—if XP prompts you to install drivers, your card might not support Wireless Zero Configuration. After you install the card, open Network Connections and look for a Wireless Network Connection icon next to your adapter. Right-click the icon (or the icon of the NIC that you know is wireless), and click Properties. If your network connection adapter's Properties dialog box contains a new Wireless Networks tab, as Figure 4 shows, your card supports Wireless Zero Configuration. If it doesn't, you'll need to use the card's third-party drivers to manage it.

  2. Connect to the network. Next to the system tray, you should see a balloon stating that a new wireless network is available. Click the balloon to access the Wireless Networks dialog box. In this dialog box, you can enter your network key, connect to your network, and perform advanced configuration. Because you've locked down the AP, you need to manually configure the client. To do so, in the Wireless Network dialog box, click Advanced, which takes you to the Wireless Network Connection Properties dialog box's Wireless Networks tab.

    3. If you don't see the balloon next to the system tray, you can access the advanced-configuration options manually. Open Network Connections, right-click the wireless adapter, and click Properties. On the Wireless Networks tab, you'll see fields for your Available networks and Preferred networks. A preferred network is a wireless network that you can configure to automatically connect to in the future. If you've already configured your AP, you might see the SSID name under Available networks. (Many APs broadcast the SSID name, and Microsoft's Wireless Zero Configuration service uses it to help with configuration. These are two reasons you shouldn't rely on your SSID as a part of your security.)

  3. Configure your network connection and configure 802.11b security. Under Preferred networks, select your network's SSID and click Properties. If you don't see any networks listed, click Add to access the Wireless Network Properties dialog box, which Figure 5 shows. Because basic 802.11b devices don't support automatic key management, you need to clear the The key is provided for me automatically check box. You can now configure the WEP network-key settings. Select both the Data encryption (WEP enabled) and Network Authentication (Shared mode) check boxes. (Shared mode is synonymous with Shared Key authentication.) Enter your WEP network key and specify its format, length, and index. The key index tells the system which of the four keys it should use. Click OK.

XP will now automatically find and connect to your wireless AP. Repeat this process for each of your wireless clients. (The 802.1x protocol will centralize and streamline much of this process, providing a higher level of authentication security and requiring less management.)

Third-Party Driver Steps
The steps for configuring a third-party driver are similar to those that comprise the Wireless Zero Configuration setup.

  1. Insert the card into the computer and install its latest drivers. Some wire-less adapters install proprietary client-configuration software. Look in your system tray or Start menu for any adapter-specific utilities. You might also be able to access some of the configuration settings through the adapter's Properties sheet. In XP and Windows 2000, open Network Connections, right-click the wireless NIC's icon, and select Properties. Click Configure to configure the wireless adapter.
  2. Maneuver to the dialog box that includes a tab on which you can enter the SSID. (The field might also be called ESSID or Network Name.) Enter the name with which you configured the AP. Figure 6 shows an example of an SMC card configured to connect to the Blackstatic SSID network.
  3. Navigate to the tab on which you configure WEP settings. Enable WEP and specify the key length and the WEP key. Figure 7 shows the SMC's Encryption tab: Click OK and exit the dialog box.

No Choice
The 802.11b protocol provides built-in security mechanisms that organizations typically—and unfortunately—deploy in a disabled state. Particularly guilty are non-IT or nontechnical departments. You need to seek out any rogue 802.11b deployments and lasso them into alignment with your entire WLAN infrastructure. Even if you have a basic deployment, you must review the security requirements of your WLAN attached network, remembering that unauthorized access to the WLAN will likely permit trespass to the network to which it's connected. Most large organizations will want to add security measures to the basic 802.11b built-in security features, which alone are simply weak and subject to compromise. However, these fast, cheap devices are popular and will continue to sprout up everywhere. You need to understand how to properly configure your wireless devices for basic security—particularly in environments in which isolated networks or dedicated firewalls are impossible.

Related Articles in Previous Issues
You can obtain the following articles from Windows & .NET
Magazine's Web site at http://www.winnetmag.com/magazine.

SHON HARRIS
"802.11 Security Shortcomings," December 2001,
InstantDoc ID 22934
TIM HUCKABY
"Is 802.1x the Answer?" December 2001, InstantDoc
ID 22935
TOM IWANSKI
"Windows XP Goes Wireless," January 2002, InstantDoc ID 23294
"802.11 Wireless Devices," July 2001, InstantDoc ID 21146
ALLEN JONES
"Securing 802.11 Wireless Networks," June 2002,
InstantDoc ID 24873

End of Article

   Previous  1  2  [3]  Next  


Reader Comments
One of good choices to restrict access to a WLAN is to use allowed MAC address lists, which are available in some AP:s

heikki kivistö March 27, 2003

You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor? Register now




Top Viewed ArticlesView all articles
Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

WinInfo Short Takes: Week of November 9, 2009

An often irreverent look at some of the week's other news, including some more Windows 7 sales momentum, some Sophos stupidity, Microsoft's cloud computing self-loathing, more whining from the browser makers, Zoho's "Fake Office," and much, much more ...

Understanding File-Size Limits on NTFS and FAT

A general confusion about files sizes on FAT seems to stem from FAT32's file-size limit of 4GB and partition-size limit of 2TB. ...
Security Whitepapers Reducing the Costs and Risks of Branch Office Data Protection

Solving Desktop Management Challenges in Healthcare

Solving Desktop Management Challenges in Education
Related Events WinConnections and Microsoft® Exchange Connections

Deep Dive into Windows Server 2008 R2 presented by John Savill

Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Introducing Left-Brain.com, the online IT bookstore
Looking for books, CDs, toolkits, eBooks? Prime your mind at Left-Brain.com

Discover Windows IT Pro eLearning Series!
Clear & detailed technical information and helpful how-to's, all in our trademark no-nonsense format


ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
EMC SAN vs. DAS Exchange 2007 Calculator
Calculate your savings now!

Let Your Users Reset Their Own Passwords: Free Download
Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.


Disaster Recovery Strategies – Tips and Tricks
Determine how you can achieve your DR objectives as simply and cost-effectively as possible.

Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide
Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!

Migration, Virtualization, Availability, and Desktop Management
Realize the importance of a workload optimization strategy...it can affect your bottom line!

Deep Dive into VMware vSphere, eLearning Series
Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound
Left-Brain.com Technology Resource Directory asp.netPRO ITTV Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 © 2009 Penton Media, Inc. Terms of Use | Privacy Statement