Upgrading our home wireless network

This weekend my son Eric and I replaced our aging Apple Airports with a new Linksys WRT54GX2, allowing us to upgrade our home network from 802.11b to 802.11g and upgrade the encryption from WEP to WPA2.

The Linksys box does an amazing amount of stuff for under $100.  In addition to being a wireless access point it includes a router, firewall, DHCP server and 4-port switch, all in a small package with management via a web page or SNMP.

Unless you don't need encryption at all (e.g. a public access point) you really should upgrade to WPA.  WEP has been around long enough now and so throughly hacked that there are numerous programs any kiddie can download that will grab your packets until it has enough to figure out your encryption key.  See www.wardrive.net/wardriving/tools for some good examples.   One note of caution:  the passphrase that you are asked to enter is used to create the initial encryption key.  The term "passphrase" may lead some people to think that this should be an easily remembered set of words that you can find in the dictionary.  On the contrary, you will only need to type it in once per computer so you can pick a random string of characters.  This will prevent some hacker from using a dictionary attack to guess your key.  Just type in a good amount of gibberish and copy it to a USB flash-disk or put it in a text file you can access via your (wired) network.

The above advice is for WPA-PSK, as in "Pre Shared Key" - sometimes called WPA-home).  If you are setting up a wireless network for a business, you should set up WPA for authentication via Radius - a feature found on most servers.  That way you don't need to distribute the keys to each machine but can hand them out when users log in.

If you have relatively recent hardware, you can use WPA2 which supports even stronger AES encryption.  You may need to upgrade your software.  For Windows XP this means downloading support.microsoft.com/?id=893357 which is not offered on Windows Update .  The Linksys router allows you to turn on WPA and WPA2 simultaneously.  Don't be tempted to enable WEP and the same time, as your network is only as secure as the weakest link.

For further reading, I recommend:

opetus.stadia
www.wifialliance.org
www.wi-fi.org
www.drizzle.com
Microsoft
Microsoft Windows Server

Finally, if you want to get an idea of why WiFi is not limited to a short distance around your house, check out www.usbwifi.orcon.net.nz.