Skip to content

A comprehensive how-to set up a wireless network (securely) with Windows XP guide

I wrote this how-to guide a while back, however thought I would publish it on my blog in response to: Stop Internet Poachers from Stealing Your Wi-Fi by Rick Broida. My advice to people is diametrically opposed to Rick’s, so hopefully between the two there’s a solution that best meets your requirements ๐Ÿ™‚

Disclaimer: This is how I set up wireless networks, however I am sure that there are a lot of different ways to do this. Apart from any references to upgrading firmware (in short, don’t do it unless you have to!) there shouldn’t be anything in here that breaks your equipment and ends up costing you lots of money!

In the examples provided I have used:

– Intel(®) PRO/Wireless 3945ABG Network Connection wireless adapter
– Linksys WRT54G wireless router

This document is aimed at enabling secure, wireless access to a wired network that is already operational. While setting up a home network from scratch is beyond the scope of this document, I will say briefly that there are two main ways (that I know of) to get things working: either the modem does the authentication/DHCP etc. or the router does (and the modem is set to “full bridge” mode.) The following instructions should work irrespective of the method adopted.

First we need to gather some information about your network…

There are countless combinations of ISPs/modems/routers/wireless cards/PCs that are used when setting up a wireless network, however there are a number of basic principles that are common to all. This first thing to find out is the IP address of the router (also known in this context as the gateway). Almost all new routers will have a web interface that lets you configure your network. Also, keep in mind that it’s a lot easier to configure the router via the wired network than the wireless network (as there is no encryption, a permanent link etc.)

To do this and to find out the IP address of your router…

– Connect your computer to one of the wired ports on the router (i.e. not the uplink port) using a UTP cable (usually blue with a clear 8-pin RJ-45 connector on the end – kind of like a telephone connector but bigger.) Most home routers have 4 or 5 of these ports.
– Click on the Start Menu.
– Click on Run….
– Type cmd (or command for pre-Windows 2000 machines) and click OK.

Enter "cmd" in the "run" dialog box

Enter "cmd" in the "run" dialog box

The command prompt should open.

Command Prompt

Command Prompt

– Enter ipconfig and press the Enter key.

ipconfig

ipconfig

You’ll notice that there are three Ethernet adapters listed above (you may have more or less). These correspond to the number of ethernet network interfaces on the computer; here, two are for wired networks and one is for wireless networks.

As we are connected using the wired Local Area Connection adapter, we need to look at the information listed for that particular device. The default gateway (here, 192.168.1.1) is the IP address of the router.

– Record this number.

Now…

– Open your web browser (e.g. Internet Explorer, Mozilla Firefox, Safari, Opera)
– Enter in the address bar http:// followed by the IP address obtained earlier. Using the previous example you would enter http://192.168.1.1

Access the router's web interface

Access the router's web interface

This is where things become different for different arrangements. You will (hopefully) most likely be prompted for a username and password. This will usually be admin and admin or admin and no password at all. Sometimes you are solely prompted for a password (maybe simply try password?)

Router Credentials

Router Credentials

The default password will almost always come with any documentation that came with your router – otherwise, you’re router’s vendor will most certainly have it (so try their website or Google search your router model.) If the password has been set to something that you don’t know and can’t find out, you will have to reset the router (which is usually done by pressing a reset button on the router for around 10 seconds, however be warned that this will restore the factory default settings – except the firmware – and you will lose any changes you have previously made to your router.)

Once connected, you can use the web interface to configure your router for wireless access.

The first thing that you need to do is ensure that the Wireless radio (or similar) option is enabled. Once this has been confirmed, you need to decide upon, set and record the SSID (think of this as the name of your wireless access point). At home, mine is called rabbit. This is arbitrary, but you will need to enter this name when you set up the computers/printers for use in your wireless network (hereafter known as devices) so make it something you can remember.

**DON’T MAKE IT ANY OF YOUR PASSWORDS!**

Also, for reasons outlined later, it is good to set this to something other than the default factory setting (e.g. NETGEAR or WRT54G).

Now for the important information…

The four main components to wireless network security that I find most important (in order) are:

1. Using WPA (or greater) encryption
2. Changing the router’s admin password
3. Enabling access control
4. Not broadcasting the SSID

The first of these is an absolute must – the second and third strongly recommended preferable and the fourth, nice if you have time provided you can sustain good connectivity with its implementation ๐Ÿ™‚

Using WPA (or greater) encryption

I would suggest using WPA (as the mode of encryption (or WPA2 if your wireless card and router support it.) It is based on an algorithm (AES) that has not been broken (yet or as least not as far as I know!)

DO NOT use WEP. WEP is based on a weaker algorithm and if enough packets are collected can be broken.

Anecdotal: I have been told that there were competitions for breaking WEP encryption schemes that resulted in the password being discovered within 6 minutes!

DO NOT use nothing! (This kind of goes without saying ๐Ÿ™‚ – or does it? See: Stop Internet Poachers from Stealing Your Wi-Fi by Rick Broida)

If your wireless card or router don’t support WPA (although if it was bought in the last 5 years it should!) you may have to upgrade the firmware of the device in question. This is like a software update for your hardware, but can be extremely dangerous and render your equipment useless. If your equipment is this old, you’re probably better off buying new equipment, although be absolutely sure that your equipment doesn’t permit this before spending money needlessly. For legal reasons I am not going to write any instructions on upgrading firmware ๐Ÿ˜› Also, it should be noted that anything before Windows XP with Service Pack 2 may have limited WPA capabilities. To check if you have Service Pack 2 (or above) installed…

– Right-click on My Computer. This may be on your Desktop or in the Start Menu.
– Click on Properties.

Windows System Properties

Windows System Properties

The information should be listed under System: under the General tab.

Back to the web interface of the router…

When using WPA you want to look for something on the web interface of the router that says WPA-PSK, WPA shared key or WPA passphrase.

Once you set this passphrase, record it as this will be what you use to set up the devices on your network. I generally get Windows to handle my wireless connections. Using Windows to do something is probably a first, but from experience the software utilities that come with most network cards seem to provide intermittent connectivity.

Once this information has been set, we need to configure the device. The instructions below are for setting up a Windows XP machine (with Service Pack 2).

– Click on the Start Menu.
– Click on the Control Panel.

Control Panel in the Start Menu

Control Panel in the Start Menu

– Double-click on Network Connections. If you can’t see this icon, click on the Switch to Classic View link in the top-left hand corner under Control Panel.

Network Connections in the Control Panel

Network Connections in the Control Panel

Switch to Classic View

Switch to Classic View

Network Connections Control Panel

Network Connections Control Panel

– Right-click on the Wireless Network Connection icon and click on Properties.

Wireless Network Properties

Wireless Network Properties

– Click on the Wireless Networks tab.
– Ensure that the Use Windows to configure my wireless network settings checkbox is checked.
– Under Preferred networks click on the Add… button.

Wireless Networks Tab

Wireless Networks Tab

– Enter the SSID set when configuring the router.
– Change the Network Authentication to WPA-PSK.
– Change the Data encryption to TKIP.
– Enter your WPA passphrase as the Network key.
– Confirm network key.

Add Wireless Network

Add Wireless Network

– Click the OK button to confirm.

You should now be connected via your wireless adapter.

Wireless Network is now connected

Wireless Network is now connected

Wireless Connected (mouseover)

Wireless Connected (mouseover)

You may need to restart the machine to get the computer to connect to your router. Alternatively, you may need to repair your wireless connection…

Repairing the connection

It has been my experience that sometimes the wireless connection won’t be active immediately, so repairing the connection is a way to give things a bit of a kick-start without having to restart.

Wireless Connection Not Connected

Wireless Connection Not Connected

– Right-click on the wireless icon (with the three (3) yellow waves emanating out) in the system tray.
– Left-click on Repair.

Repair broken Wireless Connection

Repair broken Wireless Connection

This will initiate Windows running through the “wireless repair” motions. You should see dialog boxes indicating that the network adapter is being disabled, then enabled. This is followed by the adapter connecting to the wireless network, the wireless network adapters ip address being renewed, the NetBT being cleared and refreshed and the same for the DNS cache.

Example:

Enabling your Wireless Adapter

Enabling your Wireless Adapter

Refreshing NetBT

Refreshing NetBT

Hopefully you’ll now see our happy friend, the Windows Network Connection is now connected speech bubble.

Wireless Network is now connected

Wireless Network is now connected

Still not connected?!?

There could be many reasons why this hasn’t worked. Some common problems:

  • The adapter is disabled. With laptops, there is often a physical switch located that disables (usu. Bluetooth and) wireless network devices. Ensure that this is switched on (mine has a light that turns blue when on, orange when off.) These switches can also be controlled using function keys. Look for icons (also, usually blue) above some of your function keys. It will generally look like the wireless icon (with the “radio waves”) in the system tray. Hold down the “function” key on your keyboard and press this button – continually pressing this button should cycle through the different adapter enabled/disabled modes. The adapter may also be disabled under Windows.

(I’ll update this list as best I can)

Changing the router’s admin password

Almost every router has this in a different place in it web interface, but in all of the router’s I’ve configured it’s in there somewhere. You may need to enter the old password (as mentioned above, usually admin or nothing at all!) beforehand. Record this, or you won’t be able to make changes to your router without having to resort to reset the router and starting all over again. This is the username and password that you will use to connect to your router via the web interface.

Enabling access control

Each network adapter (wireless and wired) has a unique hardware address. You might have heard of this as a MAC address or physical address. We want to limit wireless network access to only those devices you own. To find this address using Windows…

– Click on the Start Menu.
– Click on Run….
– Type cmd and click OK.

Enter "cmd" in the "run" dialog box

Enter "cmd" in the "run" dialog box

The command prompt should open.

– Enter ipconfig/all and press the Enter key.

Wireless Adapter MAC address

Wireless Adapter MAC address

– Under Ethernet adapter Wireless Network Connection: look for the value of the Physical Address.

This is the MAC or Hardware address mentioned earlier. The address needs to be entered in to an Access List or Access Control List of permitted MAC addresses using the web interface for the router. Another phrase to look for is MAC address filtering or Hardware address filtering.

In this example, the address is 00-18-DE-20-C2-E7. The format that your router requires may be different, although this is usually given. You may need to separate the address pairs by using colons (:) (e.g. 00:18:DE:20:C2:E7) or nothing at all (e.g. 0018DE20C2E7). This should be case insensitive, but some routers might be more picky than others ๐Ÿ™‚

Not broadcasting the SSID

Generally there is an option using the web interface of the router to disable the broadcast of the SSID. The idea behind this is that if people can’t find your router then they won’t be able to connect to it. This is also why I mentioned earlier that changing the SSID from the default is a good idea. Despite this, pretty much all modern network cards will be able to connect to a router without the SSID and furthermore, if someone is looking to hack your network then the notion that “security by obscurity” not working rings true. Another upshot of this is that occasionally your network card might not be very good at remembering what wireless access point it should be connecting to and you will experience intermittent connectivity.

Anecdotal: In the last dozen or so wireless networks that I’ve set up there have been a number of physical impediments between the wireless adapters and the router. All of these were initially set to use the wireless utility that came with the network card (c.f. letting Windows handle wireless networking) and also, were on networks where the SSID was not broadcast. Removing the vendor’s wireless utility, letting Windows handle the wireless network and setting the SSID to broadcast solved the problem in every instance.

Do not worry too much about any security risks that might be associated with broadcasting the SSID – even if a person can “see” your wireless access point, they will still need the WPA passphrase and their wireless card’s MAC address won’t be in your access control list.

More often than not, after making changes such as this you will be required to reboot or restart the router. Note that this is different to resetting the router.

Final words

I’ll finish by saying that I don’t think security by obscurity works (to use a catchphrase of doyen, mentor and networking guru, John Dodson.) Be it for closed-source software (did someone say Microsoft?) or by hiding your wireless network’s SSID. This is not to say that using Linux and OpenOffice will save you from security breaches, nor will there never be an occurence that broadcasting your SSID was solely responsible for someone stealing your Wi-Fi. It’s all about probability and taking sensible measures. It’s also about acceptance that if you couldn’t be bothered taking measures then you should live with the consequences.

MAC address spoofing will bypass any MAC address filtering measures and I’m sure there are encryption specialists who will talk down the imperviousness of WPA (sequential IVs? Or is that WEP?) For my mind, it’s all about maintaining the balance between what is easy to implement for your average user, yet secure enough that people won’t connect to your wireless network (sometimes even unintentionally via connect-automatically-to-wireless-networks-in-range-happy Windows!)

Fingers crossed after all of this youโ€™re in business ๐Ÿ™‚ and a little bit more secure.


Feel free to add any comments. If you require further clarification on any part of this how-to guide, please leave a comment, or you can email me at: ryan@kirgs.com

Ryan Kirgan is from Sydney, Australia.

Ryan Kirgan

Ryan Kirgan

Share

Post a Comment

Your email is never published nor shared. Required fields are marked *
*