Notice on preventing convenience from becoming a threat to wireless LAN Settings (1)

The security of wireless networks has become a topic that cannot be ignored. We will discuss in detail the details of WPA, especially for home and small enterprise users. Next we will introduce the wireless setting wizard for Windows XP SP2, the wizard greatly simplifies the security setting process of the wireless LAN by using the USB Flash technology.

WPA Overview

Before getting started, let's take a look at WPA. WPA can solve security problems that WEP cannot solve. The details are not clear in a few words. Simply put, the problem with WEP comes from the sharing of one key by each device on the network. This key is vulnerable to insecurity. Its scheduling algorithm's weakness allows malicious hackers to easily intercept and destroy the WEP password, and then access the internal resources of the LAN.

WPA solves the above problem by using a new protocol called TKIP temporary Key Integrity Protocol. The key used is combined with the MAC address of each device on the network and a larger initialization vector to ensure that each site uses a different cipher stream to encrypt its data. Subsequently, TKIP uses the RC4 encryption algorithm to encrypt data. However, unlike WEP, TKIP modifies Common keys, making the network more secure and vulnerable to damage.

WPA also includes the integrity check function to ensure that the key has not been attacked, and also enhances the user authentication function provided by WEP, which is equivalent to the function of 802. 1x and EAP (Extended Authentication Protocol) support. In this way, WPA can authenticate wireless users through external Radius dial-in user remote authentication. You can also use the Radius protocol to automatically update and assign keys in large networks.

Implement WPA

Before supporting the emergence of new IEEE 802.11i security standard hardware, as a matter of privilege, WPA mainly targets enterprise networks with relatively easy to capture and destroy keys. Compared with a home or a small enterprise LAN, the process of stealing an enterprise's network key is relatively easy. hackers only need to collect and create information required for attacks from the network traffic for a few days to complete key theft. Similarly, WPA applies to small networks that do not require external authentication and use simple shared keys. The original intention of the designer is to upgrade the device firmware or related client software by adding WPA to an existing wireless device. However, unfortunately, the development of this technology takes time and the implementation of this technology is also the case. If you want to use WPA, you 'd better first check whether your service provider supports this technology. Most service providers support, but not all. More importantly, some older devices may not be upgraded. Therefore, you should first contact the service provider and verify the relevant matters.

Do not forget that you need to upgrade all devices to support WPA, including access points, wireless routers, client network adapters, wireless bridges, and printer servers, any device with wireless interfaces must be upgraded and cannot be used with WEP. In addition, if you are a Windows XP user, you also need to upgrade the software to add WPA support. You can use Windows automatic upgrade service or directly install SP2. For more information, see article 815,485th in the Microsoft Knowledge Base. Http://support.microsoft.com /? Kbid = 815485)

Network and SP2

Undoubtedly, Windows XP SP2 brings great improvements to wireless networks. Next we will discuss the Windows Smart network key technology in its wireless network settings wizard. This technology allows users to save Wireless settings including WEP and WPA keys in an XML file, you can also use this file to customize all wireless devices, including Access Point routers and wireless PCs.

This technology supports the use of USB flash memory, so to set up a wireless device, you only need to insert a USB flash disk containing the set data.

Some may have questions about this, because access points and routers rarely provide USB interfaces. I have seen several USB-enabled devices that use USB interfaces to connect to a broadband modem or printer. However, I believe that it will not take long for the manufacturer to realize the market potential and make up for the small shortcomings of the device functions-not to mention that it is not complicated to add USB interfaces to these devices.

Next, you can use the new wireless network settings Wizard to automatically customize your device. Of course, the premise is that you have installed SP2. Microsoft's official website already provides free SP2 download resources, but the file size is very large, and it takes about one hour to download bandwidth.

Wireless wizard

In the XP SP2 system, the wireless network setting wizard can be started in several ways. You can find it in "network and Internet connection" on the control panel, and "Network neighbors" also have a shortcut to start the wizard. You do not need to start the wireless interface when running the wizard on the PC, but if you want to automatically convert the settings to other devices, you must use the USB port.

If you have already set up a wireless network, the wizard will first ask if you want to add a new computer or device to the network. Otherwise, a new network setting will be added by default. This is identified by the Service Set Identifier/SSID), regardless of the type and level of encryption you choose to perform, a valid wireless network name is required.

As shown in figure 3, the network has a wireless SSID. You can either allow the Wizard to automatically assign the network key recommendation option) or manually assign it. This wizard is only used to set public facilities for wireless LAN that uses one or more access points to access the network. It cannot be used in ad-hoc networks. Although WEP encryption is the default, you can also choose to use restricted WPA. Note that WPA is different from WEP and does not support all devices.

Figure 4 shows the operation interface for manually allocating network keys. This is for WPA, but when WEP is selected, the length of the key provides two options, and the rest are basically the same.

You can use common ASCII characters such as numbers, letters, and symbols on the keyboard. You can also use hexadecimal numbers, the wizard identifies the types of characters by entering 8 to 63 characters as the WPA key. If you enter 5 or 13 characters as the WEP key, it is recognized as a hexadecimal number. Similarly, the hexadecimal key has 64 characters in WPA, 10 characters in WEP, 64 characters in 10 characters in 10 characters, and 128 characters in 26 characters in 10 characters ). You can also select to display the entered Characters During input to avoid mistakes.

Next, you need to select between automatic and manual allocation. Here we will introduce automatic allocation. First, prepare a USB flash drive and select the "use USB flash drive" option. Then, you are asked to insert the USB flash drive and select the drive letter allocated by the system. The wizard then saves the wireless network settings together with several other required files to the USB flash drive and saves them as an XML file.

The rest of the work is simple. If you insert a USB flash drive into a Wireless AP or any wireless device you want to use in a wireless LAN, the settings in the XML file will be automatically updated to these devices.

For a PC using XP SP2, after inserting a USB flash disk, the system can set the wireless network of the PC when identifying the device. The Wireless Network Setting Wizard starts automatically and asks if you want to add a computer to the wireless network. Click OK to complete the setting process by using the backup settings in the USB flash drive.

After setting up all devices on the LAN, you should insert the USB flash drive back to the PC running the wireless network setting wizard and click Next. For security, when you click Finish, The Wizard will require you to delete the XML file containing the settings. You can back up these files or print a document on a network printing device for future use.

Figure 1

Older Wireless hardware may need to be upgraded to support WPA. The US Robotics access point shown in the figure is easy to upgrade, but some vendors only support WPA in new products.