Wireless ethernet (WI-FI) makes Internet access convenient, easy, and more pervasive. However, the nature of WI-FI exposes users to dramatically increased security risk compared to traditional ethernet connections. Wireless connections can be intercepted and “sniffed” by any party within range of the signal. An attacker need not have physical access to a victim’s computer or LAN and could even be mobile (wardriving). One way to mitigate the risk associated with wireless Internet access is to encrypt the WI-FI connection. There are several commonly supported methods for WI-FI encryption. WPA2 (aka 802.11i) is the latest method but you must download and install special software to enable WPA2 support in Windows XP.
Prior to WPA2 there were WEP and WPA. WEP has many known weaknesses. WPA is improved but it is widely reported that WPA is only secure “if you do it right.” WPA2 is the latest standard and offers improvements over WPA that make it easier to “get it right.”
WPA2 support is available under Windows XP but only if you download an install special software from Microsoft. Microsoft Support has an article that explains the process. You will need to prove that your version of Windows XP is “genuine” before you are allowed to download the WPA2 software. And how do you prove that? You need the Microsoft Genuine Advantage thingy that they recently started forcing users to install in order to get updates.
When I tried to the download the WPA2 software I was asked to copy a code from a windows dialog box into the download page. It was not at all clear what that code meant or what generated it. The bizarre public-relations-speak wording on the download page made me guess that it had something to do with the recent “windows genuine advantage” campaign and the activex control that all Microsoft customers must have in order to get software updates.
After copying the code, I was able to download the WPA2 software and install it. The install went smoothly and after a reboot I was able to switch my laptop and Linksys WRT54G wireless access point over to using WPA2.
One question that comes to mind is: why isn’t the WPA2 software available through windows/microsoft update?! The genuine advantage software seems like a genuine disadvantage if I am going to be required to manually download all software updates myself.
One final note, beyond implementing WPA2 there are others steps you can take. You can enable MAC address filtering, disable SSID broadcasting, change your pre-shared key often, and run an encrypted VPN over your encrypted wireless connection.