As mentioned earlier, the wireless standards specify authentication
and encryption methods to secure the link. While these are no
barrier to somebody wishing to obtain access, they will stop the
accidental neighbour connecting up. In fact, the steps applied
in the previous page (not broadcasting ESSID and limiting MAC
addresses allowed access) will stop the accidental user.
For the sake of completeness, however, using WEP and authentication
will be covered next.
Wired Equivalent Privacy requires setting a key at both the access
point and the client. The LinkSys access point will generate a
key from a string. However, there are many ways to generate the
key, for example the command
will generate a 32 hex digit number, likely not guessable from
some other machine and/or the same machine at a different time.
The highest common key length supported among the hardware used
here is 128 bits. Which means that 104 bits, or 26 hex digits,
are required. Thus, the md5sum program provides more than needed.
Start the configuration program and select
to set the WEP mode and keys. Set the
Standard encryption mechanism
then set the
Default WEP Key
Fill in the first key with the value determined above.
to send the values to the access point, and then go to
to apply the changes to the access point operation.
LinkSys WAP-11 v2.2
Point your browser to the access point, and the default first page is
tab. About mid page is the
then click on the
WEP Key Setting
which creates a pop-up window for setting the WEP keys.
Then enter the 26 hex digits of the key into the
field. There is no need to fill in the other keys, but make sure
Default TX Key
is set to 1. Finally, click
to set the values into the access point and make it active.
Changing the client is quite simple. Edit the file
and add the following line to the section which defines the card in use:-
Add this before the line containing the two semi-colons.
The stirng of "x" above should be replaced by the 26 hex digits
set into the access point as its key. By default, these will be
key 1 on the wireless card.
Remove the wireless card and re-insert. The link should come
back to life, but now with encrypted traffic. Success can be
determined using the
program. The output from
may also be useful. If you are root, the output will now also show
the key in use.
If the link does not start, the most likely cause is mistyping of keys.
The link is now more secure from the nosy neighbour, but not a
determined attacker. It is also possible to set authentication,
but I could not make this work with the Orinoco card.
explains how to do this.
Version: $Revision: 1.6 $;
Updated at 15:47 EST on Tue Apr 11, 2006
Copyright (C) 2002 - 2006, Lindsay Harris