Chapter 10: Securing Your Wireless Home Network 195
Figure 10-2:
Setting up
WEP on an
ORiNOCO
PC Card.
One area that is consistently confusing when setting up a WEP key — and often a real pain in the rear end — is the tendency of different vendors to use different formats for the keys. The most common way to format a key is to use hexadecimal (hex) characters. This format represents numbers and letters by using combinations of the numbers 0–9 and the letters A–F. (For example, the name of Pat’s dog, Opie, would be represented in hexadecimal as 4f 70 69 65.) A few other vendors use ASCII, which is simply the letters and numbers on your keyboard.
Although ASCII is an easier-to-understand system for entering WEP codes (it’s really just plain text), most systems make you use hexadecimal: It’s the standard. The easiest way to enter hex keys on your computers connecting to your access point is to use the pass phrase that we discuss previously. If your network adapter client software lets you do this, do it! If it doesn’t, try entering the WEP key itself that you wrote down when you generated it (it’s probably hexadecimal). If that doesn’t work either, you might have to dig into the user’s manual and see whether you need to add any special codes before or after the WEP key to make it work. Some software requires you to put the WEP key inside quotation marks; others might require you to put an 0h or 0x (that’s a zero and an h or an x character) before the key or an h after it (both without quotation marks).
Closing your network
The last step that we recommend you take in the process of securing your wireless home network (if your access point allows it) is to create a closed network — a network that allows only specific, pre-designated computers and devices onto it. You can do two things to close down your network, which makes it harder for strangers to find your network and gain access to it:
196 Part III: Installing a Wireless Network
Turn off SSID broadcast: By default, most access points broadcast their SSID out onto the airwaves. This makes it easier for users to find the network and associate with it. If the SSID is being broadcast and you’re in range, you should see the SSID on your computer’s network adapter client software and be able to select it and connect to it. That is, assuming that you have the right WEP key, if WEP is configured on that access point. When you create a closed network, you turn off this broadcast so that only people who know the exact name of the access point can connect to it.
You can find access points even if they’re not broadcasting their SSID (by observing other traffic on the network with a network sniffer program), so this is an imperfect security measure — and no substitute for enabling WEP. But it’s another layer of security for your network. Also, if you’re in an area where you will have a lot of people coming into your home and wanting to share your connection, you might not want to close off the network, thus balancing convenience for your friends against the small exposure of a more open network.
Set access control at the MAC layer: Every network adapter in the world has a unique number assigned to it known as a Media Access Controller (MAC) address. You can find the MAC address of your network adapter either by looking at it (it’s usually physically printed on the device) or using software on your computer:
•Open a DOS window and use the winipcnfg command in Windows 95/98/Me or the ipconfig/all command on Windows NT/2000/XP.
•Look in the Network Control Panel/System Preference on a Mac.
With some access points, you can type in the MAC addresses of all the devices that you want to connect to your access point and block connections from any other MAC addresses.
Again, if you support MAC layer filtering, you’ll make it harder for friends to log on to when visiting. If you’ve got some buddies who like to come over and mooch off your broadband connection, you’ll need to add their MAC addresses as well, or they won’t be able to get on your network. Luckily, you need to enter their MAC address only one time to get them “on the list,” so to speak, so you won’t need to do it every time they show up — at least until you have to reset the access point (which shouldn’t be that often).
Neither of these “closed” network approaches is absolutely secure. MAC addresses can be spoofed (imitated by a device with a different MAC address, for example), but both are good ways to add to your overall security strategy.