Chapter 10: Securing Your Wireless Home Network 197
Looking Into the Crystal Ball
The limitations of WEP have become a bit of an embarrassment to the wireless industry. Although a whole big boatload of businesses has begun using wireless LANs, many are waiting on the sidelines until security issues are a bit better sorted out. And although we think that WEP is okay (but not great) for home use, it’s certainly not good enough for a business that relies upon the security of its data.
Several efforts are underway to create newer, better, and more secure ways of protecting wireless LANs . . . efforts that will pay off for home users in the long run. In this section, we talk about some of the most important of these efforts and give you a quick overview of them.
This is our “Gaze into the crystal ball and chant voodoo incantations” section of the chapter. None of this stuff is available yet (although some of it is due in 2003 . . . sometime . . .).
Waiting for WPA
The Institute for Electrical and Electronics Engineers (IEEE — the group that developed the standards for 802.11 networks; see Chapter 2) is working on a long-term solution to WEP’s weaknesses (which we discuss in the following section about 802.11i). In the meantime, the Wi-Fi Alliance (the group of vendors that ensure the compatibility of Wi-Fi gear) has put together its own interim solution for wireless LAN security called Wi-Fi Protected Access (WPA).
WPA is a new set of forward-compatible encryption and authentication enhancements for 802.11 networks. Forward-compatible means that WPA will work with newer systems that are currently being developed by the IEEE. Other reasons to get excited about WPA include the following features that it will offer:
More random encryption techniques: WPA has basically been designed as an answer for all the current weaknesses of WEP, with significantly increased encryption techniques. One of WEP’s fatal flaws is that its encryption is not sufficiently random, meaning that an observer can more easily find patterns and break the encryption. WPA’s encryption techniques will basically be more random — and thus harder to break.
Automatic key changes: WPA also has a huge security advantage in the fact that it automatically changes the key (although you, as a user, get to
198 Part III: Installing a Wireless Network
keep using the same password to access the system). So by the time a bad guy has figured out your key, your system would have already moved on to a new one.
More user-friendly: WPA will also be easier for consumers to use because there’s no hexadecimal stuff to deal with . . . just a plain text password. The idea is to make WPA much easier to deal with than WEP, which takes a bit of effort to get up and running (depending on how good your access point’s configuration software is).
Backward compatibility: The best thing about WPA is that it’s being designed to be backward compatible, too. Thus, existing Wi-Fi certified equipment should be able to be upgraded to WPA by just installing a downloadable software update.
The Wi-Fi alliance expects to begin certifying WPA equipment sometime in early 2003. (We haven’t seen any yet, but it’s just a matter of time, as we write.)
The future: 802.11i
WPA is a great next step in wireless LAN security (see the preceding section), but it’s not the end of the road. Well, face it . . . there is no end of the road. Computers get more powerful, and the bad guys in the black hats who want to break into the networks get smarter — so no system is going to be immune to security breakdowns forever. Don’t think of security as something that you can just figure out and put behind you; security is a continuous trek of upgrades and refinements — and it always will be.
802.1x: The corporate solution
Another new standard that’s being slowly rolled out into the Wi-Fi world is 802.1x. This isn’t an encryption system but instead, an authentication system. An 802.1x system, when built into an access point, would allow users to connect to the access point but give them only extremely limited access (at least initially). In an 802.1x system, the user would be able to connect to only a single network port (or service). Specifically, the only traffic that the user could send over the network would be to an authentication server, which would exchange information (such as passwords and encrypted keys) with the user to establish that he was actually allowed on the
network. After this authentication process has been satisfactorily completed, the user is given full (or partial, depending on what policies the authentication server has recorded for the user) access to the network.
802.1x is not something that we expect to see in any wireless home LAN anytime soon. It’s really a business-class kind of thing, requiring lots of fancy servers and professional installation and configuration. Just thought we’d mention it because you’ll no doubt hear about it when you search the Web for wireless LAN security information.
Chapter 10: Securing Your Wireless Home Network 199
The next step on this road, after WPA, is 802.11i. This is an entirely new reconfiguration of wireless LAN security. Unlike WPA, it likely won’t work on existing access points and network adapters, at least not all aspects of the system. But sometime down the road, probably in 2004, you should start seeing new generations of wireless LAN gear that incorporates 802.11i security systems.
Perhaps the biggest advance that you’ll see when 802.11i hits the streets is the system’s adoption of the Advanced Encryption Standard (AES). AES uses very sophisticated encryption techniques and super-long keys (much bigger than the 128-bit keys used by WEP) that take a really, really long time (even with really fast computers) to break. With today’s technology, at least the technology available to regular people, AES is essentially unbreakable.
802.11i also includes other security measures (like support for 802.1x, which we discuss in a nearby sidebar) that help really tighten up wireless LAN security. So 802.11i should be worth the wait. In the meantime, use what you have (WEP), and you’ll be fine.
200 Part III: Installing a Wireless Network
Part IV
Using a Wireless
Network
In this part . . .
And here’s where things get fun: After you get your wireless home network installed and running, you probably can’t wait to use it, both in practical and fun ways. In this part, we cover the basics on what you can do with your network, such as sharing printers, files, folders, and even hard drives. But there are many other cool things that you can do over a wireless network, too, such as playing multiuser computer games, connecting your audio-visual equipment, and operating various types of “smart home” conveniences. We cover all these great topics here. This part also contains a chapter on using Bluetooth-enabled devices and another chapter that describes how to find and use wireless hot spots so that you can access the Internet in public locations.
Chapter 11
Putting Your Wireless Home
Network To Work
In This Chapter
Checking out Network Neighborhood
Finding files on other computers
Sharing printers and other peripherals
Securing your network through sensible sharing
Exploring Mac-friendly sharing
Remember that old Cracker Jack commercial of the guy sitting in the bed when the kid comes home from school? “What’d you learn in school
today?” he asks. “Sharing,” says the kid. And then out of either guilt or good manners, the old guy shares his sole box of caramel popcorn with the kid.
You shouldn’t hog your caramel popcorn, and you shouldn’t hog your network resources, either. We’re going to help you share your Cracker Jacks now! (After all, that’s kinda the purpose of the network, right?) You’ve got a wireless network installed. It’s secure. It’s connected. Now you can share all sorts of stuff with others in your family — not just your Internet connection, but printers, faxes, extra disk space, Telephony Application Programming Interface (TAPI) devices (telephone-to-computer interfaces and vice versa for everybody else), games, A/V controls . . . oodles and oodles of devices.
In this chapter, we give you a taste of how you can really put your wireless network to work. We talk about accessing shared network resources, setting up user profiles, accessing peripheral devices across the network (such as network printing), checking out your Network Neighborhood, and other such goodies.
Entire books have been written about sharing your network, such as Home Networking For Dummies (by Kathy Ivens), and other books, such as Mac OS X All-In-One Desk Reference For Dummies (by Mark L. Chambers, Erick Tejkowski, and Michael L. Williams) and Windows XP For Dummies (by Andy Rathbone; all