Page 173 - DCAP512_WAP_AND_WML
P. 173
Unit 12: Secure Application
If WPA2 is giving you problems or isn’t available in Windows XP, try this before you set Notes
up WPA and WPA2:
(a) Install the latest Windows Service Pack. WPA encryption functionality is included
as of Windows XP Service Pack 2. In addition, if setting up WPA2, your Windows
PCs may need the patch at this link. It enables the WPA2 standard on Windows.
(b) Apply the latest firmware drivers for your WAP.
(c) Apply the latest drivers for your wireless adapters. If you have older adapters, they
may not even support WAP. If this is the case (the website support section of the
adapter’s manufacturer should state this), upgrade to a model that does.
Yes, there have been times where I needed to do all three of these things in order to get
WPA working properly. If you still have no luck, verify your hardware (wireless access
point and PC wireless adapter) supports WPA. Some older hardware does not. The hardware
manufacturer’s website should clarify this.
3. Change SSID: Your WAP has a identifier name called the SSID, and is set to a default name
by the hardware manufacturer. Change this name to something else. This will lot actually
improve security. Do this is to indicate to others that your network was set up by someone
who knows more than to take the defaults, and therefore may not be worth attempting to
hack.
Task Your WAP has a identifier name called the SSID. Do you agree with this statement?
Explain.
4. Firewall: If your WAP also routes your Internet traffic, and has a built-in firewall, make
sure it’s turned on. If you have an option for “Block anonymous internet requests”, enable
it.
5. Appliance timers: If you’re really paranoid, get an appliance timer and hook it up to your
WAP. Set it to turn the device off when you know you’re not using it (like overnight, while
you’re at work, etc.) Sometimes the most effective security is to use the OFF switch!
You may have heard other recommendations for setting up security on a wireless network,
things like disabling SSID broadcasting, using WEP encryption, turning off DHCP, MAC
address filtering, restricting the transmitter power or placing the WAP in certain locations
in the house. Do not do any of these. Here’s why:
(a) Don’t disable SSID broadcast: This attempts to hide the existence of your network. It
doesn’t. If a computer is talking to an access point, that traffic is visible, regardless of
SSID settings.
(b) Don’t use WEP encryption: It was nice while it lasted, but WEP encryption has been
broken. With the proper (free) tools, your WEP-protected network can be hacked in
minutes.
(c) Don’t disable DHCP: All computers on a network must have a unique address. DHCP
allocates this address automatically. Turing off DHCP will do nothing to stop anyone
slightly familiar with networking, since the address can also be created manually.
(d) Don’t use MAC address filtering: Like a computer’s fingerprint, all networked
computers have a unique identifier called a MAC address. But unlike fingerprints, a
MAC address can be manually changed. It’s not difficult for someone using sniffer
software to (1) figure out what MACs are allowed on your network and (2) change
their PC’s MAC address to an allowed value.
LOVELY PROFESSIONAL UNIVERSITY 167
