Cyber Angels Corporate

Wi-Fi Protected Access (WPA) is part of a new wireless security standard called 802.11i. With the recent ratification of 802.11i, industry saw the need for improved security and has largely moved to adopt WPA. Built upon strong AES-CCMP (Advanced Encryption Standard-Counter Mode/ CBCMAC Protocol)-based encryption, 802.11i avoids the IV (initialization vector) and MIC (Message Integrity Check) flaws that doomed the WEP (Wired Equivalent Privacy) security standard. By relying on AES-CCMP, a block cipher, 802.11i ensures not only that the packet data payload is encrypted but also that selected packet header fields are protected. You may be familiar with and even using Wired Encryption Privacy (WEP) to secure your home wireless network. If so, you may not be as secure as you thought. Your wireless router should be WPA-enabled if it was purchased within the past year. A WPA-enabled router or wireless access point (WAP) will have a button labeled Edit Security Settings (or similar wording) on the main configuration page where an older one might have a WEP Settings button. If your router only has WEP Settings, you may want to see if there is a firmware update available for your router or WAP to bring it up-to-date with the new 802.11i wireless standard. Click the Edit Security Settings button to open a window which allows you to select a security mode and WPA algorithm.

The recommended security mode to use is WPA Pre-Shared Key or WPA-PSK for short. This security mode is compatible with most network cards available for PC’s today, and offers some of the strongest data encryption and network cracking protection available to defeat brute force attacks now commonplace with WEP. For WPA-PSK there are two algorithms available: Temporal Key Integrity Protocol and AES. Temporal Key Integrity Protocol or TKIP (pronounced ‘tee-kip’) for short is the preferred algorithm to use. Advanced Encryption Standard or AES is a military strength encryption methodology which may cause problems with certain hardware and is, therefore, the secondary algorithm to use. TKIP is preferable over AES, the standard used by the US Military, as TKIP is compatible with most commercially-available hardware. Once you have selected TKIP as the encryption algorithm to use, you must enter a WPA Shared Key consisting of between 8-63 characters. No more hex keys to contend with as in the WEP implementation. In the Group Key Renewal field of the configuration window, select 0 seconds and apply the settings. Your router is now configured to operate in WPA-PSK mode. Each Windows XP (SP-1 or higher) PC that will communicate with your router or WAP must also be configured to use WPA-PSK. To do this, click Start | Control Panel and select Network Connections. Right-click on the icon corresponding to your wireless network connection and select Status. Click the Wireless Network tab and in the lower list of preferred networks, select the appropriate one and click the Properties button. From the properties window, enter your router’s SSID. In the Wireless Network Key group, select WPA-PSK for network authentication and TKIP for data encryption. Enter the same 8-63 character network key you entered in your router or WAP setup, repeat it to confirm the key and click on OK. You should be connected to your router or WAP immediately and begin enjoying your new enhanced wireless network security available through WPA.

Copyright 2006, CAC Network Security Website, All Rights Reserved