Problem solve Get help with specific problems with your technologies, process and projects.

Steps to make WLAN security configuration easier

How can you secure a wireless network connection but also make it easy for authorized users to have access?

How can you secure a wireless network connection but also make it easy for authorized users to have access?
One of 802.11 Wired Equivalent Privacy's many short-comings is it relied on manually-configured static keys, often entered in hexadecimal. Many users had no idea how to configure WEP, and vendors did little to hide WEP details under user-friendly GUIs. WLAN administrators found manual WEP key configuration tedious, error-prone, and ultimately doomed to failure because keys had to be updated on hundreds of devices when just one is lost or stolen.

Wi-Fi Protected Access (WPA) has improved this situation to some degree. WPA-Personal PreShared Keys (PSKs) can be configured as simple text "passphrases" -- this is more intuitive than entering hex keys. WPA-Enterprise uses 802.1X to automatically generate fresh encryption keys for every wireless session, removing manual key entry entirely. Unfortunately, configuring the "back end" of 802.1X is even more complex and obtuse. How do users know if they should choose SmartCard or Protected EAP? Should they check Validate Server Certificate? If so, which Certificate Authority(s) should they trust?

Fortunately, there are ways to make WLAN security configuration easier:

  • Many "wizards" are now available to automate matching WEP key or WPA-PSK entry when setting up a home or small office WLAN. For example, see Atheros JumpStart, Broadcom SecureEZsetup, McAfee Wireless Home Network Security.

  • Those who prefer to WPA-Enterprise but can't be bothered with 802.1X configuration should check out Witopia SecureMyWiFi, Linksys Wireless Guard, or McAfee Wireless Security for Small Business. (Another great solution, LucidLink, is unfortunately no longer available.)

  • Hotspot users can look for programs like the T-Mobile Connnection Manager which automatically configures your card in hotspots that provide WPA security as an option.

  • Individuals and small businesses that want VPN protection without the hassle of installing their own VPN may be interested in services like Witopia Personal VPN, HotspotVPN, JiWire Spotlock, and Boingo Personal VPN.

  • Solutions like Sesame Networks Courtesy Wi-Fi Access can be used to easily issue temporary credentials to visitors without opening your business WLAN to unauthenticated use.
  • This was last published in January 2006

    Dig Deeper on WLAN Security

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.