Securing my wireless network

Posted on By Mark Wilson

Last week I wrote about upgrading my wireless network. It’s been running well since then, so this afternoon I decided to go ahead with stage 3 – configuring wifi protected access (WPA). As I haven’t set up a RADIUS server here, and to be honest, it would be overkill for a small network like mine, I decided to implement WPA-PSK (pre-shared key), as detailed in Steve Lamb’s post (and blogcast) on the subject.

Initially, it all went well, simply setting the access point to use WPA-PSK and defining a passphrase. Within a few minutes, I had entered the passphrase on two of my notebook PCs and all was working well (one using a Compaq WLAN MultiPort W200 and one using an Intel PRO/Wireless 2200BG network connection) but then I hit some real problems. My wife’s PC (the whole reason for us having a wireless network) and my server were refusing to play with the access point displaying the following message when I selected the wireless network and entered the network key:

Wireless configuration

The network password needs to be 40 bits or 104 bits depending on your network configuration.

This can be entered as 5 or 13 ASCII characters or 10 or 26 hexadecimal characters.

This seemed strange to me – there was no mention of any no such restrictions when I set up the WPA-PSK passphrase (the network key). With one machine running Windows XP SP2 and the other running Windows Server 2003 SP1, WPA support shouldn’t have been a problem (I double-checked the server with the D-Link AirPlus DWL-520+ wireless PCI adapter and once I’d manually switched the properties to WPA-PSK using TKIP, I was able to enter the network key and connect as normal).

It seems that for some reason, the D-Link card had defaulted to using WEP, and sure enough, once I set it to use WPA-PSK, the network description changed from security-enabled wireless network to security-enabled wireless network (WPA).

So, three machines working, one to go.

I read in Kathryn Tewson and Steve Riley’s security watch: a guide to wireless security article that WPA is “both more secure and easier to configure than WEP, but most network cards made before mid-2003 won’t support it unless the manufacturer has produced a firmware update”. The problem machine was using a Compaq WL110 Wireless PC Card, which I was given around 2002/3 (when we first put in the 802.11b network) so it sounded plausible that I might need a firmware update. A little more googling turned up the does/can the WL110 support WPA? thread on the HP IT Resource Center which gave me the answer. No, there is no firmware upgrade (card support was dropped before the WPA specification was finalised), but if you download the Agere version of the drivers, and tell Windows XP that the WL110 is a 2Wire Wireless PC Card, WPA is available and it works (even inside the WL210 PCI adapter)!

So, that’s all done – a working, (hopefully) secure, wireless network, all for the price of a new access point.

Didn’t get far with Linux so trying Solaris 10 now

Posted on By Mark Wilson

Sun SolarisLast year, I blogged about how I was starting to look at Linux… well, I installed SUSE Linux but never really got much further. I didn’t like the interface, I didn’t like that all the tools had weird or mis-spelt names, and it all felt a bit amateur (Linux zealots, please don’t flame me).

Still wanting to have a play with a Unix-based system and rebuild some long-lost skills, I had another go a few nights back and installed the x86 version of Sun Solaris 10 (the idea being that I’ll get used to a real Unix system and then maybe take another look at Linux later). It took an age to install, but I do now have a running system. I’m sure I’ve missed some essential configuration somewhere, but I’ll find my way through! First impressions are good, and I’m very proud of myself for managing to successfully install the Macromedia flash plug-in for Mozilla just by following the readme file (believe me, extracting files from an archive, finding out where Mozilla is installed, and then successfully running the installer is a big deal for a Unix newbie, even if it does sound trivial).

I still need to use Windows on my everyday systems, but maybe I’ll move my e-mail and browsing at home over onto the Solaris box once I feel comfortable with it all (after a couple of weeks’ use I’m not over-impressed with Mozilla Thunderbird on Windows XP so changing e-mail clients again won’t really upset me). In the meantime, if anyone out there has any Solaris hints and tips, good ‘net resources, etc., I’d be pleased to hear from you.