Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Copyright (C) 2004 Robert C. Jones, M.D. All Rights Reserved. CIA XXIV
Update (6 Sep 04)
Copyright (C) 2004 Robert C. Jones, M.D. All Rights Reserved. CIA XXIV
If you have no idea what this
presentation is about…
•…then you need to read my extensive discussion of Wireless
Internet INsecurity here:
http://www.notbob.com/wlani/
•This presentation assumes some knowledge of the basics of
wireless security and some competence with computers (i.e.,
more than just the ability to turn them on)
• Why Windows XP and not Mac, Unix, BSD, Linux, Amiga…?
People who use Windows (of any kind) need more help
Most Windows users don’t RTFM: read the fine manual
Windows XP makes WPA much harder than it has to be
Windows XP has the largest installed base
•All legal disclaimers in my original talk apply to this addendum
Copyright (C) 2004 Robert C. Jones, M.D. All Rights Reserved. CIA XXIV
Brief introduction to WPA
Copyright (C) 2004 Robert C. Jones, M.D. All Rights Reserved. CIA XXIV
Step 2: Enable WPA on router
Never, ever
check this box!
Note: your router’s manual will give you the default password; if you lost it, you can find the
defaults by searching Google for: default router passwords (without quotes); if you changed the
default a long time ago and forgot it, then reset the router using the little button in the back
Copyright (C) 2004 Robert C. Jones, M.D. All Rights Reserved. CIA XXIV
Step 2: Enable WPA on router (cont’d)
• Note that the firmware version (2.07.1) supports WPA out of the box
• You must choose Pre-shared Key (PSK) for SOHO use (unless you have a RADIUS server)
• You can select TKIP or AES; TKIP is standards-based (AES implementation in WPA not
standardized; will become standardized in 802.11i); UPDATE: some client chips prefer AES
• Group renewal key can be left at whatever default your router manufacturer has set
Copyright (C) 2004 Robert C. Jones, M.D. All Rights Reserved. CIA XXIV
Step 2: Enable WPA on router (cont’d)
Copyright (C) 2004 Robert C. Jones, M.D. All Rights Reserved. CIA XXIV
Bond with your inner ostrich…
"This is one of these things that if I stop and think about it, it is not good, but
I do my best not to stop and think about it," said (Stevan), an information
technology manager in New York.”
http://www.cnn.com/2004/TECH/ptech/06/01/beyond.passwords.ap/index.html
(obnote: managers are generally clueless feebs when it comes to actual technology, clinical medicine, etc. If
they actually knew technology or medicine, they would be doing something useful with their lives instead of
micromanaging and writing meaningless policies QED. Yeah, pointy haired ex-boss, you’re so vain, I bet you
think this comment’s about you, don’t you?)
Copyright (C) 2004 Robert C. Jones, M.D. All Rights Reserved. CIA XXIV
Step 2: Enable WPA on router (cont’d)
• SMC: http://www.smc.com/index.cfm?sec=Products&pg=Product-List&cat=5&site=c
• Zyxel: http://us.zyxel.com/support/download.php
Note: representative sample of AP manufacturers; not in any particular order; if your manufacturer is not on this short list, then try their website!
Copyright (C) 2004 Robert C. Jones, M.D. All Rights Reserved. CIA XXIV
Step 2: Enable WPA on router (cont’d)
UPDATE! 17 June 04
After buying a Netegriti (Wistron) EM-500AG a/b/g mini-PCI card for my notebook from
http://www.discountechnology.com , it took quite a bit of struggling to enable WPA.
Turns out that some implementations of WPA require SSID broadcasting to be turned
on for supplicant authentication to work (i.e., you will get a strong signal and see the
connection, but you won’t be able to use the connection to do anything [like surfing the
Net]). Note that this is now safe with WPA in place (vs. during ancient WEP-only
era ca. 2002); WEP + No SSID broadcast <<< safe than WPA + SSID broadcast
Copyright (C) 2004 Robert C. Jones, M.D. All Rights Reserved. CIA XXIV
Step 3: Enable WPA on Client
start | settings | control panel | system | hardware | device manager | network adapters | your wireless adapter
• Your client card manufacturer should tell you whether their latest firmware supports WPA
• Follow the instructions given by your manufacturer to flash the firmware (don’t interrupt
power during flashing! Very bad karma!)
Copyright (C) 2004 Robert C. Jones, M.D. All Rights Reserved. CIA XXIV
Step 4: Enable WPA on WinXP SP1
Update 1
http://www.microsoft.com/downloads/details.aspx?FamilyID=009d8425-ce2b-47a4-abec-274845dc9e91&displaylang=en ;
download link is on right side of page
Update 2
http://support.microsoft.com/?kbid=826942 ; download
link is halfway down the page
Download and install these two updates; be sure to reboot after each one
(they don’t remind you to do so); again, as of late Aug 04, the brand
new Win XP SP2 update includes WPA functionality (about time!)
Copyright (C) 2004 Robert C. Jones, M.D. All Rights Reserved. CIA XXIV
Step 4: Enable WPA on WinXP (cont’d)
Make sure Wireless Zero Configuration service is running: start | run | open: services.msc
Step 4: Enable WPA on WinXP (cont’d)
Start | Settings | Control Panel | Network connections | Right click on wireless adapter | properties
Copyright (C) 2004 Robert C. Jones, M.D. All Rights Reserved. CIA XXIV
What’s Next in Wireless Security?
hint: be sure to view this as a slide show to
see the words behind the pictures
Copyright (C) 2004 Robert C. Jones, M.D. All Rights Reserved. CIA XXIV
“They that can give up essential
liberty to purchase a little
temporary safety, deserve
neither liberty
--Benjaminnor
Franklinsafety.”
Copyright (C) 2004 Robert C. Jones, M.D. All Rights Reserved. CIA XXIV
Addendum 2: WPA on MacOS X
Can’t forget my MacOS buddies…
Copyright (C) 2004 Robert C. Jones, M.D. All Rights Reserved. CIA XXIV