44 MAXIMUMPC MARCH 2004
Tighten Up Your Network’s Security... Today
Make your wireless network as secure as possible, or you will eventually
suffer the consequences4
Wi-Fi Wonder
Big words are scary: Here’s what they all mean
The bad news is that there’s no way to
completely protect a wireless network from
intruders. It’s just not possible. Your access
point constantly broadcasts its signal wire-
lessly, and anyone in range with enough
time and expertise will be able to break
whatever security you put into place. In a
best case scenario, they’ll leech bandwidth
from you. But they’ll also gain access to
any files you’ve shared on your PCs. That
means they can gank last year’s tax return,
or worse, the video you made to commem-
orate that very special Valentine’s Day.
The good news is that it takes a lot of
effort and some specialized hardware and
software to break into a wireless LAN. In a
perfect laboratory environment, it takes a
day or more to collect enough data to crack
one WEP key. In a real-world situation, it
can take several months.
Luckily, there’s more you can do than
just changing the AP’s password. Today’s
access points come with the tools you
need to keep all but the most determined
crackers out.Enable WEP or WPA
The first action you should take is to
enable WEP or WPA on your access
point. WEP and WPA encrypt every single
transmission over your wireless network,
from harmless requests for a dynamic IP
address to the contents of the files you
download over Kazaa. WEP is the original
encryption standard for Wi-Fi networks.
Newer Wi-Fi hardware also supports WPA,
which provides a higher level of protec-tion, but isn’t supported by all wireless
hardware. At the bare minimum, you
should enable a 128-bit WEP key for your
wireless network. Don’t keep telling your-
self you’re going to do it. Do it today!
Enabling WEP isn’t enough to protect
your network, though. You need to make
sure the WEP key is sufficiently random.
Because a 128-bit WEP key is difficult to
remember, many people use an easy-to-
remember series. This is bad; WEP keys that
aren’t random are very easy for anyone to
pick out and decrypt. To create a truly ran-
dom WEP key, you can do one of several
things. You can mash random letters and
numbers on the keyboard until you’ve cre-
ated a 26-digit key. You can roll three dice
and use the value of the dice to determine
each digit of your key. Or you can use a
simple random number generator. Several
are available at http://www.download.com.Make your wireless clients
inaccessible to the rest of
the Internet
One of the main techniques evildoers use
to crack Wi-Fi encryption keys is to send
massive amounts of data across the wire-
less network, then use that traffic to suss
out the network’s WEP key. By sending
millions of ping requests to a wireless
computer, they can generate enough
traffic to crack some WEP keys in as little
as 18 hours. However, if they can’t con-
nect to your wireless computers from the
Internet, all they can do is sniff normal
day-to-day traffic. This takes considerablylonger. Make sure your wireless PCs have
private IP addresses that are inaccessible
to the rest of the net. Private IPs usually
start with 192.168 or 10.15.Prevent unauthorized
computers from connecting
Every network card has a unique identi-
fier built in. This number is called the
MAC address. Most access points allow
you to limit connections to computers
with known MAC addresses. If you
manually input the MAC address for
each of the computers you intend to
connect to your wireless network, it
will be much more difficult for some-
one to infiltrate your network. Check
the documentation that came with your
access point to find out how to manu-
ally input allowed MAC addresses. Note
that you can get the MAC address (also
called the physical address) for your PCs
by going to the Network Connections
Control Panel, right-clicking your net-
work card, and choosing Status. Then go
to the Support tab and click Details. The
Physical Address entry is that network
card’s MAC address.Change your WEP or
WPA key regularly
It’s a pain, but take the time to change
your WEP or WPA key once or twice a
month. By occasionally changing the
encryption key, you can prevent anyone
from collecting enough data to gradually
reverse engineer any one of your keys.ACCESS POINT: The access point is the
interface between a wired network and a wire-
less network. Properly configuring the access
point is the key to a good wireless experience. An
improperly configured AP will leave your network
open to attack.ROUTER: A router will let you share the single
IP address that your Internet provider assigns you
with all the computers on your network.BRIDGE: A bridge lets you connect two differ-
ent types of networks. The bridges we mention
in this story convert wired Ethernet devices into
wireless Wi-Fi devices.WI-FI: The Wi-Fi logo on a piece of wireless
hardware denotes full compatibility with other Wi-
Fi hardware. Originally, Wi-Fi only encompassed
the 802.11b spec, but later came to include both
the 802.11a and 802.11g specs as well.802.11A: A successor to the original 802.11b
protocol, 802.11a uses the unlicensed 5GHz fre-
quency range for data transfers. Most 802.11a
products are not backward-compatible with
802.11b, although there is some new multi-band
hardware that supports 802.11a, 802.11b, and
802.11g. 802.11a moves data at 54Mb/sec.802.11B: The original Wi-Fi protocol, 802.11buses the unlicensed 2.4GHz range. It runs at
up to 11Mb/sec and is the gold standard for
wireless access.802.11G: Another Wi-Fi protocol, 802.11g uses
the same frequency range as 802.11b, but runs at
a 54Mb/sec compared with 802.11b’s 11Mb/sec.
802.11g hardware is backward-compatible with
802.11b hardware.802.16A: Also known as WiMax, 802.16a prom-
ises wireless broadband with a range of up to 30
miles. In early 2005 expect to see the first WiMax
networks set up in rural areas that lack good DSL
or cable coverage.