Home  |Philosophy | ICT Services | Services | Enquiries| About Us


Search          
Article Finder          
Sign up  
Download                    
Team          
Links          

 


WIRELESS NETWORK SECURITY
by Mike Martin
01/10/2004
 

In the June 2004 edition, we briefly discussed the need for improving security on the growing number of wireless networks in use, both in small and large offices, but also in many residential situations.

In this article, we will talk a little about configuring a wireless router/access point to ensure that security features provided with most devices are implemented to provide a basic level of protection.  We apologise if this goes into some technical detail, but it is necessary at this level to understand how to configure basic security.  We will attempt to explain as many of the technical terms as possible

We were recently called by a client who uses one of these devices to provide a peer-to-peer network in their office.  They were complaining that in their view the performance of their Internet link had dropped dramatically in recent days.  Even when no one was accessing the Internet, the Internet port was showing considerable activity (indicated on the front panel LED – Light Emitting Diode).

By accessing the device’s configuration information we investigated further to reveal that someone in the vicinity was using the wireless router to access the Internet at the expense of our client.

The router had been set up with only the default configuration, with no security implemented at all.  Therefore anyone within a 100 metre range of the router, suitably equipped with a wireless access card in their computer was able to access our client’s network and “share” their Internet link.

Unfortunately, this is a common problem with users of wireless access points and routers.  The following notes demonstrate how this problem can be overcome by implementing the basic security features provided by such devices.

For the purposes of this article, we are using the Linksys Wireless Access Point/Router as an example (Linksys is now owned by Cisco).  Other manufacturers’ devices will have similar features, and will be implemented in a similar fashion.

The Linksys Model BEFW11S4 is a wireless transceiver conforming to the CCITT radio specification 802.11b.

It has 4 physical network ports for connecting conventionally cabled computers and one Wide Area Network (WAN) port for connecting to the Internet.  It can support any number of wireless users.

Administration and configuration of the device is carried out via a web interface using Internet Explorer or Netscape Navigator.  In the case of the Linksys device, the address is 192.168.1.1.  Typing this address in the address bar of IE will produce a Logon panel. 

Leave the User ID field blank and type “admin” in the password field.  This will produce the “home” page of the internal ‘web site” within the device.  From here you can configure every feature.

The first task was to change the identification name of the client’s office network – the SSID (Service Set IDentifier).  The device is pre-configured with a default name of “Linksys”.  We changed this setting by typing in a name for the network that is not immediately apparent to any passing stranger.  It can perhaps be cryptic.  Remember this name has to be used to configure each of the client PCs wireless network cards, otherwise they will not be able to connect to the network (and neither will any mischievous passer-by).

The second task was to implement the WEP (Wired Equivalent Privacy algorithm) security feature.  This provides encryption of information that is transmitted between the computers on the network and the access point/router.  In order to do this, we had to specify a “pass phrase” or password, which is then encrypted into a hexadecimal string of characters. 

The process is carried out by hitting the WEP KEY SETTING button on the “home” page of the Linksys configuration screen.  You can then decide to use either 64-bit or 128-bit encryption (128 is considerably more secure).  Enter the pass phrase into the appropriate box and hit GENERATE button.  This will produce the 26-character hexadecimal string.   The encrypted string was then placed in the configuration of each wireless card on the client’s network.  Having completed these steps, APPLY the settings and logout of the configuration screen. 

Following the implementation of these features, our client’s security was enhanced and his network was closed to all but his own authorised users.

If you require assistance with implementing these features on your own wireless network, then please contact Alan Finch as soon as possible on 01224 697457.
 
 

We wish to acknowledge with thanks that some of the material contained within this publication has been sourced from Computer Weekly.
 
May Day Consulting Limited and your Chamber of Commerce have endeavoured to ensure the accuracy of the information contained in this publication, but do not accept liability for any inaccuracy or omission contained within it.

May Day Consulting Limited
9 Benbecula Road, Sheddocksly, Aberdeen, Scotland  B16 6FT

Tel: 01224 697457
Mob: 07817624652

www: http://www.maydayconsulting.co.uk
www: http://www.understand-it.co.uk

email: enquiries@itsmeit.co.uk
email: alan.finch@maydayconsulting.co.uk

Directors: Alan Finch (Dip Mgt Studies); Margaret Finch
Company Registered in Scotland SC230050
VAT Registered Number 813 7511 45
Registered Office: Bon-Accord House
Riverside Drive
Aberdeen AB11 7SL

Copyright © 2007 May Day Consulting Limited
Send e-mail to webmaster@broch.com with questions or comments about this web site.