May 25, 2004               Part 2: “How WiFi”                                                                 

“What security options should I look for?”

WIFi routers and access points, as delivered, usually have a default SSID (service set identifier) for the particular manufacturer of the device you are using. It needs to be change to something that does not reference the manufacturer of the device.

Usually the SSID is set to broadcast itself, as delivered. This is a beacon that is easy to find by users not part of your network. This needs to be turned off after you have setup your network.

The WiFi router or access point is usually accessible via an address on your network. When you first log-on to it you need a password to actually set the device up. You should change this password to prevent unauthorized changes to your network.

If available you could use MAC (media access control) address filtering on your WiFi router or access point. Each computer and other network device has a unique address in their hardware. Filtering on this will limit the users of your network to those you explicitly put into the configuration.

Enable encryption of some kind. The simplest is WEP (wired equivalent privacy) and must be configured in every device connecting to the router or access point. This makes it more difficult for someone to get information from your network but not impossible. It does, however make them work to pierce your network. It is usually easier for a hacker to go elsewhere to get on a network.

Another, stronger encryption, is WPA (WiFi protected access). This is the next step beyond WEP and is much stronger. The encryption token used on WEP is the same for every packet. This sameness allows a hacker the time it takes to crack the token. WPA has the ability to change the token on some regular interval. Now the hackers have to work very quickly to crack the code – and realistically, will never do so.

One other twist to WPA is that there are 2 modes from which you must choose. One is TKIP (temporal key integrity protocol) and the other is RADIUS (remote authentication dial-in user service). Basically TKIP is for small office installations (including homes) and RADIUS is for larger corporate networks where a list of users is maintained on a RADIUS server, only allowing those users access.

WPA is an interim standard but seems to be catching on as a number of manufacturers support it today. This support, however, may be constrained to certain operating systems and you need to read the fine print to make sure your WPA network will really function correctly.

Acknowledgements: for the definitions of the acronyms used in this article.

Need Help?
Give us a call and we can assist you in making sure your virus definitions are up to date!

Have a great day,
Bill Perry

Copyright (c) 2004, PerTel Communications, Inc. All rights reserved.

PerTel Communications, Inc.     949-830-2092     FAX 949-916-5722
PO Box 4743
Mission viejo, CA 92690-4743
For other computer help and custom programming - .