Web U-M ITSS only
ITSS: Information Technology Security Services - Keeping IT Safe at U-M
Events
Training
Services
Tools & Tips
Resources
Report an IT Security Incident
About ITSS
Contact Us

ITSS Home IT Security Tools and Tips Security Shorts

How to Secure Your Wireless Network

Estimated time to complete: 30 minutes

You’re wireless! You can now access your e-mail, bank account and school records with freedom, convenience and complete ease…along with any criminal in your neighborhood who has a few Radio Shack gadgets. By default, wireless networks are easy to access—the qualities that make them accessible to you also make them accessible to everyone else. So if you want to take advantage of wireless technology, be smart and secure your network so that you and only you will benefit from it.

The way to do this is to secure your communications by scrambling or encrypting it so no one else can view it. And if you’re going to use a secret language, both you and the person you are communicating with need a way to decipher it. This "secret decoder ring" concept is what is explained here: how to create and give an encryption key to both your laptop and your router so they can talk to each other confidentially.

BEFORE YOU PROCEED:

Your Equipment

This example uses the equipment that the vast majority of users will already own or can easily acquire: a laptop with a Windows XP Service Pack 2 (SP2) operating system and a Linksys router (see More Information). Your configuration (and therefore screen shots) may vary, but hopefully, the overall concept and information presented will still provide valuable guidance.

Windows XP SP2

If you are using Windows XP as your operating system, you will need to have Microsoft’s updated patches, Windows XP SP2, installed. Running SP2 is even more important than securing your wireless network as it eliminates identified security vulnerabilities in the system. Also note that these instructions may not work unless you are running SP2.

Step 1: Disconnect from Your Wireless Network

To start this process, first take a step backward: disconnect from the wireless network and use a wired connection instead. You’ll do this because:

  • Your wireless connection will be dropped as you secure it, but the wired connection will remain intact throughout this process.
  • Your wireless connection has the default name Linksys, and if a few of your neighbors have a wireless connection with the default name Linksys, it will be difficult to figure out which is yours.
To disconnect, note how your computer is connected to the network—this is called the network configuration.

The screen shot below shows what the initial network configuration looks like on a Windows laptop computer. To get this view:

  1. From the Start menu, select Settings > Control Panel. Click Network and Internet Connections (if present), then Network Connections.
  2. Highlight the Wireless Network Connection icon.
  3. From the Network Tasks menu, select View available wireless networks.
    4. network tasks

    The Wireless Network Connection window shows all the connections that are available to your computer, including the wireless systems your neighbors are running at the moment. (Example: funkymonkey).

    Note:  If you haven’t changed the name of your wireless network, it still has the default name given to it by the manufacturer—in this case, Linksys. Also note that the Linksys connection is unsecured.

  4. Disconnect from your wireless connection by highlighting the name of the wireless network that the system is connected to and click Disconnect at the bottom right corner.

Showstopper Alert:  Please note that if you get this message instead of one that says Network and Internet Connections, your machine isn’t configured to use built-in Windows Wireless Configuration tools. In this case, you should contact your system manufacturer and ask for instructions for letting Windows manage your wireless network card.

choose wireless netwrok

Step 2: Create Encryption Key

Use the Wireless Network Setup Wizard to create the encryption key. From the Network Tasks menu on the Wireless Network Connection dialog:

  1. Click Set up a wireless network for a home or small office (see screen shot on page 2).
  2. In the first window of the Network Setup Wizard, click Next to skip the Welcome page.
  3. Choose Set up a new wireless network if presented with a choice.
  4. In the Create a name for your wireless network dialog, type in a name (a.k.a. Service Set Identifier, or SSID) for your wireless network. Be creative if you’d like.
  5. Turn on the Automatically assign a network key (recommended) radio button.
  6. Check the Use WPA encryption instead of WEP checkbox (see More Information).
  7. Click Next.

    8. wifi setup wizard

  8. In the How do you want to setup your network window, choose the option to Set up a network manually and click Next.
  9. In the Wizard completion window, select the option to Print Network Settings. You’ll see a Notepad document that looks like this:

WiNet settings

This Notepad document is the first encryption key. You’ll need this information soon, so minimize his window for now.

Step 3: Share Encryption Key with Your Router

Now that your laptop has created its encryption key, the next step is to tell the router what it is. You can do this by using your browser.

  1. Launch your browser.
  2. Use the default address, http://192.168.1.1, to connect—not to the Internet—but to the Linksys router. Connecting could take up to 10 seconds.
  3. You’ll be prompted to enter a username and password. Linksys wireless routers don’t require a user name, so skip to the password text box and type the default password admin.

    4. pw is admin

    If you see the Basic Setup window similar to the one below, you’re in.

    basic setup


  4. From the Wireless tab, click Basic Wireless Settings.
  5. To tell the router the name of your wireless network, fill in your SSID (Example: SOLNET) and click Save Settings

    6. Note: Be sure to click Save Settings on each page.

    SOLNET

    Note:  You will fill in the Linksys fields with information from the Notepad document, but the same things are referred to by different names.

  6. Next click Wireless Security (next to Basic Wireless settings). This is where you’ll need the encryption key info from the Notepad document, so maximize that window.

    7. encryption key info


  7. On the Linksys screen, from the Security Mode dropdown menu, select WPA Personal.
  8. From the WPA Algorithm dropdown menu, select TKIP. This is called the data encryption type on your Notepad document.
  9. In the WPA Shared Key box, paste the Network Key copied from the Notepad doc.
  10. Click Save Settings.
  11. Finally, from Administration tab, click Management in the menu bar.

    12. Management in the menu bar

  12. Change the default password from admin to something new that you make up.

    13. Security Best Practice:  Use a unique and robust password for everything that you need to access.

  13. Note the Remote Management option: this allows you to manage your wireless router over the Internet. Confirm the default setting of Disable.
  14. Click Save Settings. Close out of the browser.

Step 4: Give Your Encryption Key to Your Laptop

The only thing left to do now is tell your laptop that your router is speaking its language.

  1. From Start, select Settings > Control Panel > Network Connections. Right-click Wireless Network Connection and click Properties:

    2. Right-click Wireless Network Connection and click Properties

  2. In the dialog box, select the Wireless Networks tab, and then click Add.

    3. Wireless Networks tab

  3. Give the laptop the same information from the Notepad document that you gave the router:
    • Network Name: ex. SOLNET
    • Network Authentication Type: ex. WPA-PSK
    • Data encryption: ex. TKIP
    • Network (Encryption) Key: ex. The long code cut and pasted from the Notepad doc
  4. Now Windows does the rest. Close these two windows and open the Wireless Network Connections window to confirm that everything went as planned.
Wireless Network Connections window

Step 5: Success

On the Wireless Network Connection page you can see if your network (SOLNET) shows up on the list. Confirm that (WPA) is written after the name of your network. If not, your network isn’t secure. In this case, double-check the settings (SSID, Encryption Key, Authentication type and Data encryption).

Wireless Network Connection page

Emergency Back-Out Plan

If you’ve given the Windows wireless connection and the router the correct information, Windows should automatically and securely connect. But what if something goes wrong? Here are the steps to take:

  1. On the router, find the Reset button. It will be recessed so it can’t be accidentally pushed.
  2. Use a paperclip or ball-point pen to press it down. Hold it for 10 seconds, then release.
  3. Delete the wireless connection you created in Step 4 by selecting it in the Preferred Networks area of the Wireless Network Connection Properties dialog box and clicking Remove.
  4. Start over from Step One.

More Information

Windows XP Service Pack 2 (SP2): A free update from Microsoft for Windows XP, offering enhancements and better protection against viruses, hackers, and worms.

Router: For this example we suggest a Linksys Wireless Broadband Router (Model #WRT54GS). Linksys wireless routers are extremely popular. Even if you don’t have this exact hardware model, the software used inside the router will be very similar, if not identical.

WPA Encryption: This configuration is called WiFi-Protected Access or WPA. In this configuration, your router essentially password protects and encrypts the signals your computer sends and receives, so that your information can not be read or “sniffed” as it travels

 
Last modified January 21, 2008