Wednesday, April 05, 2006
Wireless Security revisited
Ok, I *finally* got off my duff and decided to increase my wireless security at home. Not that I was too worried, mind you. I had already implemented WEP, which is admittedly better than nothing, but it has already been shown that WEP can be cracked fairly easily. I had also thought about implementing MAC filtering, but decided against it for the time being.
Anyway, the wireless router I use (Linksys WRT-54G with DD-WRT firmware) fully supports implementing additional wireless security levels, including WPA and WPA2. I figured what the heck - let's try and see if I can get WPA2 working. I enabled it on the router (WPA2 passphrase using AES as the encryption method - I could choose between AES and TKIP, but admittedly don't know if there is an advantage to choosing one over the other) and applied the changes, then made the change on my laptop running Vista. I was happy to see that the wireless drivers Vista has provide built-in support for WPA2 out of the box using either WPA2 Personal or Enterprise (Enterprise requires RADIUS authentication), but for some reason, I couldn't connect right away. It ended up taking about 5-10 minutes before I could connect with that laptop. In fact, while I was waiting for Vista to be able to connect, I tried getting my Work laptop (running XP Pro) on. Turns out the wireless drivers I was using were quite old, and they only supported WPA. No worries, as I checked Dell's website and found new drivers. I loaded the new drivers, rebooted, and enabled WPA2 and was able to connect right away. By the time I went back in and checked my Vista laptop, it was connected.
Do I feel like my wireless network is more secure? Sure. Was it harder to set up than WEP? Absolutely NOT. HOWEVER, one big current gotcha is that not all wireless cards support WPA2. I'd suspect that virtually all new wireless hardware supports it, but if you are using an older wireless card, you may find that it doesn't support WPA2. If this is the case, you may have to revert back to WPA instead, which is better than WEP, but not as secure as WPA2.
Also remember that if you are running Windows XP (Service Pack 2 required!), in order to enable WPA2 support, you must download and install an update that enables support for WPA2 in XP. You can find that update here: