Using Wireless Security & Configuring Wireless on Windows 7
One of the great strengths of mobile computers is
their ability to connect to wireless networks. Today, most mobile
computers come with built-in wireless capabilities, and you can connect
to wireless networks within the company and in public places.
Windows 7 supports all the
standard wireless protocols. If your wireless devices and wireless NICs
support it, so does Windows 7. This includes 802.11a, 802.11b, 802.11g,
and 802.11n. Windows 7 also supports the newer WPA2 authentication
options that significantly improve wireless network security. In this
section, you'll learn about
-
Using wireless security
-
-
-
Troubleshooting wireless connections
1. Using Wireless Security
When wireless networks
were first designed, the primary goal was ease of use. The designers
wanted to make it easy to discover, connect to, and use wireless
networks. They did a great job. However, security was more of an
afterthought.
They came up with Wired Equivalent Privacy (WEP)
to provide the same level of privacy for a wireless network as you'd
have in a wired network. Unfortunately, WEP had significant problems and
was later cracked. Attackers could download software from the Internet
and easily crack WEP-protected networks.
Wi-Fi Protected Access (WPA)
is the first improvement over WEP. One of the primary benefits of WPA
is that it is compatible with most of the same hardware that used WEP.
WPA was intended to be an interim fix for WEP until a more permanent
solution was identified. Although WPA is more secure than WEP, attackers
have cracked it.
Wi-Fi Protected Access 2 (WPA2)
is the permanent fix for WEP. It is also known as 802.11i. If you have a
choice among WEP, WPA, and WPA2, use WPA2. WPA2 provides the strongest
security.
When configuring Windows 7
to connect to a wireless network, you should have an understanding of
the security types and encryption types available. First, it's important
to understand what each of these is doing:
Security type
-
Encryption type
-
After the client connects,
the data can be encrypted. This provides confidentiality by preventing
others from being able to read the data. Advanced Encryption Standard
(AES) is a strong, efficient encryption algorithm. WEP can also be
selected as an encryption type for some security types. However, WEP is
the weakest.
Consider Figure 1.
It shows the security settings for a wireless profile named
WileyNetwork. As you can see, it is using the WPA2-Enterprise security
type and AES as the encryption type. These are the strongest settings
available.
Figure 1. Wireless profile security settings
This figure also shows the
Choose A Network Authentication Method drop-down box. These selections
are available only for the WPA-Enterprise and WPA2-Enterprise security
types. The Microsoft: Smart Card Or Other Certificate option (selected
in the figure) is the strongest authentication method available. You can
also choose the Microsoft: Protected EAP (PEAP) authentication method.
It's important to realize that
you must match these settings to the wireless network. In other words,
if your network is using a wireless access point with WPA2-Personal, you
must configure Windows 7 to use WPA2-Personal. Otherwise, the Windows 7
system won't connect.
Windows 7 supports the following security types:
- No Authentication (Open)
-
- Shared
-
- WPA-Personal
-
- WPA-Enterprise
-
WPA-Enterprise
is similar to WPA except that it uses an 802.1x server for
authentication. The 802.1x server will distribute the keys to each
client instead of the clients using a PSK. It can also use either smart
cards or Protected Extensible Authorization Protocol (PEAP) for
authentication. Smart cards provide better security, but they also
require more resources on your network. For example, you must have a
Public Key Infrastructure (PKI) to issue certificates for the smart
cards.
- WPA2-Personal
-
- WPA2-Enterprise
-
- 802.1x
-
The 802.1x security
type was intended to provide better protection for WEP by providing a
better authentication mechanism when WEP was used. With WEP no longer
recommended, this is also not recommended.
802.1x uses WEP for encryption.
Both WPA and WPA2 can use
either Personal or Enterprise mode. When Personal is used (as in
WPA-Personal or WPA2-Personal), it uses a pre-shared key (PSK). This PSK
can be a password or passphrase. When Enterprise is used (as in
WPA-Enterprise or WPA2-Enterprise), an 802.1x server is used.
2. Configuring Wireless on Windows 7
You can configure a Windows 7
computer to work with three different wireless configurations. You can
connect to wireless access point or a wireless router in a network. You
can also configure a Windows 7 system to connect to an ad hoc network.
2.1. Wireless Access Point
A wireless access point (WAP)
can be used to provide access from a wireless device to a wired
network. WAPs are commonly used in larger networks to provide this
access.
Figure 2
shows how a Windows 7 system can connect to a WAP in a network. Once
the Windows 7 system is connected, it can access resources in the
network just as if it were a wired computer.
Figure 2. Wireless access point in a network
The wireless client will be
able to connect to servers in the network. If other clients have
Internet access, the wireless client will also have Internet access.
2.2. Wireless Routers
A wireless router is a WAP with additional capabilities. Many small offices, home offices (SOHOs) and home users commonly use a wireless router. Figure 3 shows how a wireless router can be used to provide connectivity for users in a network.
Figure 3. Wireless router in a network
The wireless client is able to
connect to the wireless router and have access to the same resources as
the wired user. Notice how the router has connectivity with the
Internet. On the Internet side, it would have a public IP address issued
from the Internet service provider. On the internal network side, it
would have a private IP address. In addition to being a router, it would
also have network address translation (NAT) capabilities to translate
the internal private IP addresses to external public IP addresses.
Most wireless routers also have
DHCP capabilities. DHCP is used to issue TCP/IP configuration to
internal clients. This includes IP addresses, subnet masks, default
gateway addresses, DNS addresses, and more.
2.3. Ad Hoc Network
Ad hoc
is a Latin phrase that essentially means "as needed." An ad hoc network
is a wireless network without a wireless access point or wireless
router. Imagine that you and a friend or two want to connect your
computers to share some data or even play a game. If all three of your
computers have wireless capabilities, you can create an ad hoc network.
Figure 4
shows three wireless users configured in an ad hoc wireless network.
One of the computers creates the ad hoc network, and the other two
computers connect to it.
An ad hoc network is created for a
specific purpose but is usually destroyed when users disconnect.
However, it is possible to save the network profile for later use.
Figure 5
shows the screen used to create the ad hoc network. You need to give
the network a name. In the figure, I've called it TempAdHoc. You also
need to identify the security type and the security key that will be
used. The security key is a pre-shared key such as a password or
passphrase. All participants in the ad hoc network need to use the same
security type and PSK.
Figure 4. A wireless ad hoc network
Figure 5. Creating a wireless ad hoc network
You can get to the screen shown in Figure 5 by clicking Control Panel => Network And Internet =>
Network And Sharing Center. You can also get to the Network and Sharing
Center by entering Network in the Control Panel Search box and
selecting Network And Sharing Center. From there, click Manage Wireless
Networks. Click Add and select Create An Ad Hoc Network.
- No Authentication (Open)
-
- WEP
-
- WPA2-Personal
-
NOTE
The security key is a shared
secret. Each user will need to enter the same security key in their
wireless profile to connect to the ad hoc network.
Last, if you want to save the ad hoc network for later use, you can check the Save This Network box, as shown in Figure 5 earlier. It will save this as an ad hoc profile that can be used later.
Only the first computer
needs to create the ad hoc network. Once it's created, other computers
can connect to it as if it was a wireless network connection.
3. Connecting to a Wireless Network
If you're running Windows 7
and want to connect to a wireless network, you'll need to create a
wireless profile. First, ensure you have the correct information on the
wireless network. You'll need to know the following:
-
-
-
The encryption type used by the wireless network
-
The security key if one is used
Figure 6
shows the screen used to create a wireless profile. For this figure,
the network name is WileyNetwork. It is using WPA2-Personal and AES. The
PSK is IL0veWindows7.
Figure 6. Creating a wireless profile
Notice in the figure that the
Start This Connection Automatically box is checked. This will ensure
that Windows 7 will connect to this wireless network when it is in
range. If WileyNetwork is configured to broadcast the SSID, the Windows 7
system will detect the broadcast and automatically connect.
You can get to the screen shown in Figure 6 by clicking Control Panel => Network And Internet => Network And Sharing Center. Click Manage Wireless Networks. Click Add and select Manually Create A Network Profile.
Once you have created the wireless profile, you can access it from the Network and Sharing Center. Figure 7 shows the Network and Sharing Center with a computer named DRG connected to a wireless network named HomeSweetHome.
Figure 7. Network and Sharing Center
You can click the Connect Or
Disconnect link to connect to another wireless network. If the system
wasn't connected, this link would be labeled Connect To A Network. You
can also click the Connect To A Network link in the Change Your
Networking Settings section.
As a reminder, the extra menu
item in the left pane, Manage Wireless Networks, will appear only if the
computer has a wireless adapter installed. If your computer doesn't
have a wireless adapter, you won't see it.
Exercise: Creating a Network Profile
-
-
-
-
-
-
-
-
4. Setting Up Connections
The Network and Sharing
Center includes other tools to make the setup and connection of
wireless networks easy. You can click Set Up A New Connection Or Network
in the Change Your Networking Settings section.
Figure 8
shows this screen. You can use this to launch several different wizards
for different types of connectivity. Some of these wizards are for
wireless connections. Some are for remote access connections.
- Connect To The Internet
-
- Set Up A New Network
-
- Manually Connect To A Wireless Network
-
You can use this to
connect to a hidden network, connect to an ad hoc network, or create a
new wireless profile. A hidden network is one where the SSID is not
broadcasting. You saw this screen earlier in Figure 6.
This is just a different path to get to the same place. After you enter
the network name, the security type, encryption type, and security key
(if used), you'll be able to connect.
- Connect To A Workplace
-
- Set Up A Dial-up Connection
-
- Set Up A Wireless Ad Hoc (Computer-To-Computer) Network
-
Figure 8. Creating connections
5. Troubleshooting Wireless Connections
Occasionally, things don't work as planned. There are a few things you can check to troubleshoot the connection:
-
Signal strength
-
Security settings
-
Network diagnostics
5.1. Signal Strength
If the signal strength of
the wireless network is low, your computer may not be able to connect to
it. If you're unable to connect, you can easily check the signal
strength.
As background,
wireless technologies often advertise specific speeds. For example,
802.11g advertises speeds of 54 Mbps. However, this is not the
guaranteed speed. Instead, this is the fastest speed it can achieve
without errors.
When a wireless system
connects with the wireless device, it attempts to connect at the fastest
speed without errors. If the WAP and the wireless client are close,
they may use the maximum speed. However, if distance and barriers such
as walls separate the two devices, the speed may be substantially
slower.
NOTE
Hobbyists and attackers
have played around with methods to increase the range of wireless
networks for a long time. One well-known method uses a directional
Pringles potato chip can. A wire is attached to the base of an empty
Pringles can and then to the wireless NIC. The Pringles can is then
pointed to the wireless network. Some people have reported getting a
signal from more than a mile away using this method.
At some point, the devices
will determine that the signal is just not strong enough and they can't
connect. You can check the signal strength by clicking Connect To A
Network from the Network and Sharing Center. You can hover your mouse
over any of the connections to see additional details. Figure 9 shows the display.
Figure 9. Checking signal strength
Although not apparent in a
black-and-white picture, the strength is shown by colored bars. The more
colored bars, the better the signal strength. If the signal is not
readable, it will be listed as No Signal.
In the figure, I've
hovered over the HomeSweetHome connection. It shows Signal Strength as
Excellent. Notice that it also shows Security Type, Radio Type, and
SSID.
5.2. Security Settings
In addition to checking the
signal, you can also verify the security settings of the wireless
profile.
The simplest thing to do is double-check the settings.
You can access the settings for
a wireless profile after clicking Manage Wireless Networks from the
Network and Sharing Center. You can also access these profiles by
launching Control Panel, entering Wireless in the Control Panel Search
box, and selecting Manage Wireless Networks. Right-click any profile and
select Properties.
Double-check the following settings:
-
Network Name
-
Security Type
-
Encryption Type
-
Security Key
A common problem you may see
with mobile computers is that the wireless capability is turned off.
Some mobile computers do this automatically to save power. You can
usually turn it on from a switch somewhere on the laptop. For example,
my HP Pavilion laptop has a touch switch. When I touch it, it turns
orange indicating it's off. If I touch it again, it turns blue
indicating it's on.
5.3. Network Diagnostics
Network Diagnostics in Windows
7 can identify and resolve many problems with network connections. This
includes both wired and wireless connectivity issues.
Some of the troubleshooting
wizards in earlier Windows versions didn't always provide real help for
professional administrators. They may have been useful for basic users
but not for the professionals. However, the Network Diagnostics tool is
clearly valuable to both basic users and advanced troubleshooters.
Microsoft mentions
that the Network Diagnostics tool can diagnose more than 180 different
issues. I'm stressing this because you may think of the older wizards
and overlook this tool. This and other troubleshooting wizards are truly
valuable.
Network Diagnostics works best
with native Wi-Fi drivers. You can check to ensure that your system is
using native drivers with the following command prompt command: netsh wlan show drivers.
The type should be listed as Native Wi-Fi Driver. If it is listed as
Legacy Wi-Fi Driver, you should update the driver to get the best
performance from the diagnostics.
Exercise: Running Network Diagnostics on a Wireless Connector
-
Launch
the Network and Sharing Center. Click Start => Control Panel =>
Network And Internet => Network And Sharing Center.
-
-
-
Using wireless security
Troubleshooting wireless connections
Security type
Encryption type
After the client connects,
the data can be encrypted. This provides confidentiality by preventing
others from being able to read the data. Advanced Encryption Standard
(AES) is a strong, efficient encryption algorithm. WEP can also be
selected as an encryption type for some security types. However, WEP is
the weakest.
Figure 1. Wireless profile security settings
WPA-Enterprise
is similar to WPA except that it uses an 802.1x server for
authentication. The 802.1x server will distribute the keys to each
client instead of the clients using a PSK. It can also use either smart
cards or Protected Extensible Authorization Protocol (PEAP) for
authentication. Smart cards provide better security, but they also
require more resources on your network. For example, you must have a
Public Key Infrastructure (PKI) to issue certificates for the smart
cards.
The 802.1x security
type was intended to provide better protection for WEP by providing a
better authentication mechanism when WEP was used. With WEP no longer
recommended, this is also not recommended.
802.1x uses WEP for encryption.
Figure 2. Wireless access point in a network
Figure 3. Wireless router in a network
Figure 4. A wireless ad hoc network
Figure 5. Creating a wireless ad hoc network
NOTE
3. Connecting to a Wireless Network
If you're running Windows 7
and want to connect to a wireless network, you'll need to create a
wireless profile. First, ensure you have the correct information on the
wireless network. You'll need to know the following:
-
-
-
The encryption type used by the wireless network
-
The security key if one is used
Figure 6
shows the screen used to create a wireless profile. For this figure,
the network name is WileyNetwork. It is using WPA2-Personal and AES. The
PSK is IL0veWindows7.
Figure 6. Creating a wireless profile
Notice in the figure that the
Start This Connection Automatically box is checked. This will ensure
that Windows 7 will connect to this wireless network when it is in
range. If WileyNetwork is configured to broadcast the SSID, the Windows 7
system will detect the broadcast and automatically connect.
You can get to the screen shown in Figure 6 by clicking Control Panel => Network And Internet => Network And Sharing Center. Click Manage Wireless Networks. Click Add and select Manually Create A Network Profile.
Once you have created the wireless profile, you can access it from the Network and Sharing Center. Figure 7 shows the Network and Sharing Center with a computer named DRG connected to a wireless network named HomeSweetHome.
Figure 7. Network and Sharing Center
You can click the Connect Or
Disconnect link to connect to another wireless network. If the system
wasn't connected, this link would be labeled Connect To A Network. You
can also click the Connect To A Network link in the Change Your
Networking Settings section.
As a reminder, the extra menu
item in the left pane, Manage Wireless Networks, will appear only if the
computer has a wireless adapter installed. If your computer doesn't
have a wireless adapter, you won't see it.
Exercise: Creating a Network Profile
-
-
-
-
-
-
-
-
4. Setting Up Connections
The Network and Sharing
Center includes other tools to make the setup and connection of
wireless networks easy. You can click Set Up A New Connection Or Network
in the Change Your Networking Settings section.
Figure 8
shows this screen. You can use this to launch several different wizards
for different types of connectivity. Some of these wizards are for
wireless connections. Some are for remote access connections.
- Connect To The Internet
-
- Set Up A New Network
-
- Manually Connect To A Wireless Network
-
You can use this to
connect to a hidden network, connect to an ad hoc network, or create a
new wireless profile. A hidden network is one where the SSID is not
broadcasting. You saw this screen earlier in Figure 6.
This is just a different path to get to the same place. After you enter
the network name, the security type, encryption type, and security key
(if used), you'll be able to connect.
- Connect To A Workplace
-
- Set Up A Dial-up Connection
-
- Set Up A Wireless Ad Hoc (Computer-To-Computer) Network
-
Figure 8. Creating connections
The encryption type used by the wireless network
The security key if one is used
Figure 6. Creating a wireless profile
Figure 7. Network and Sharing Center
Exercise: Creating a Network Profile
You can use this to
connect to a hidden network, connect to an ad hoc network, or create a
new wireless profile. A hidden network is one where the SSID is not
broadcasting. You saw this screen earlier in Figure 6.
This is just a different path to get to the same place. After you enter
the network name, the security type, encryption type, and security key
(if used), you'll be able to connect.
Figure 8. Creating connections
5. Troubleshooting Wireless Connections
Occasionally, things don't work as planned. There are a few things you can check to troubleshoot the connection:
-
Signal strength
-
Security settings
-
Network diagnostics
5.1. Signal Strength
If the signal strength of
the wireless network is low, your computer may not be able to connect to
it. If you're unable to connect, you can easily check the signal
strength.
As background,
wireless technologies often advertise specific speeds. For example,
802.11g advertises speeds of 54 Mbps. However, this is not the
guaranteed speed. Instead, this is the fastest speed it can achieve
without errors.
When a wireless system
connects with the wireless device, it attempts to connect at the fastest
speed without errors. If the WAP and the wireless client are close,
they may use the maximum speed. However, if distance and barriers such
as walls separate the two devices, the speed may be substantially
slower.
NOTE
Hobbyists and attackers
have played around with methods to increase the range of wireless
networks for a long time. One well-known method uses a directional
Pringles potato chip can. A wire is attached to the base of an empty
Pringles can and then to the wireless NIC. The Pringles can is then
pointed to the wireless network. Some people have reported getting a
signal from more than a mile away using this method.
At some point, the devices
will determine that the signal is just not strong enough and they can't
connect. You can check the signal strength by clicking Connect To A
Network from the Network and Sharing Center. You can hover your mouse
over any of the connections to see additional details. Figure 9 shows the display.
Figure 9. Checking signal strength
Although not apparent in a
black-and-white picture, the strength is shown by colored bars. The more
colored bars, the better the signal strength. If the signal is not
readable, it will be listed as No Signal.
In the figure, I've
hovered over the HomeSweetHome connection. It shows Signal Strength as
Excellent. Notice that it also shows Security Type, Radio Type, and
SSID.
5.2. Security Settings
In addition to checking the
signal, you can also verify the security settings of the wireless
profile.
The simplest thing to do is double-check the settings.
You can access the settings for
a wireless profile after clicking Manage Wireless Networks from the
Network and Sharing Center. You can also access these profiles by
launching Control Panel, entering Wireless in the Control Panel Search
box, and selecting Manage Wireless Networks. Right-click any profile and
select Properties.
Double-check the following settings:
-
Network Name
-
Security Type
-
Encryption Type
-
Security Key
A common problem you may see
with mobile computers is that the wireless capability is turned off.
Some mobile computers do this automatically to save power. You can
usually turn it on from a switch somewhere on the laptop. For example,
my HP Pavilion laptop has a touch switch. When I touch it, it turns
orange indicating it's off. If I touch it again, it turns blue
indicating it's on.
5.3. Network Diagnostics
Network Diagnostics in Windows
7 can identify and resolve many problems with network connections. This
includes both wired and wireless connectivity issues.
Some of the troubleshooting
wizards in earlier Windows versions didn't always provide real help for
professional administrators. They may have been useful for basic users
but not for the professionals. However, the Network Diagnostics tool is
clearly valuable to both basic users and advanced troubleshooters.
Microsoft mentions
that the Network Diagnostics tool can diagnose more than 180 different
issues. I'm stressing this because you may think of the older wizards
and overlook this tool. This and other troubleshooting wizards are truly
valuable.
Network Diagnostics works best
with native Wi-Fi drivers. You can check to ensure that your system is
using native drivers with the following command prompt command: netsh wlan show drivers.
The type should be listed as Native Wi-Fi Driver. If it is listed as
Legacy Wi-Fi Driver, you should update the driver to get the best
performance from the diagnostics.
Exercise: Running Network Diagnostics on a Wireless Connector
-
Launch
the Network and Sharing Center. Click Start => Control Panel =>
Network And Internet => Network And Sharing Center.
-
-
-
Signal strength
Security settings
Network diagnostics
NOTE
Hobbyists and attackers
have played around with methods to increase the range of wireless
networks for a long time. One well-known method uses a directional
Pringles potato chip can. A wire is attached to the base of an empty
Pringles can and then to the wireless NIC. The Pringles can is then
pointed to the wireless network. Some people have reported getting a
signal from more than a mile away using this method.
Figure 9. Checking signal strength
Network Name
Security Type
Encryption Type
Security Key
A common problem you may see
with mobile computers is that the wireless capability is turned off.
Some mobile computers do this automatically to save power. You can
usually turn it on from a switch somewhere on the laptop. For example,
my HP Pavilion laptop has a touch switch. When I touch it, it turns
orange indicating it's off. If I touch it again, it turns blue
indicating it's on.
|
Launch
the Network and Sharing Center. Click Start => Control Panel =>
Network And Internet => Network And Sharing Center.
Get comprehensive round-the clock QuickBooks Support for all issues. The QuickBooks technical support team offers immediate assistance and can be reached by calling the toll-free QuickBooks support .
ReplyDelete