Hooray! You're now ready for non-encrypted communications. Anyone in range can now effortlessly log everything you do online (in many cases, from a couple of miles away!).
Wanna encrypt? Read on.
The Lucent Silver and Gold cards support link-level encryption. Why encrypt? Anything that is sent via radio without encryption is "in the clear." This means that anybody with similar equipment can eavesdrop on your conversation, log data, potentially disrupt your communications, and even hijack your connection.
The 802.11b specification allows for encryption and MAC-based access control. Together, these are referred to as WEP, or Wired Equivalent Privacy. The encryption it employs is a 40-bit shared-key RC4 PRNG algorithm from RSA Data Security. Most cards that talk 802.11b (the WaveLan cards, Mac Airport, Cisco Aironet, to name a few) will support this encryption standard.
Lucent's Wavelan Wireless LAN Card.
There are a couple of big points to worth mentioning here.
- The encryption provided happens at the link layer, not at the application layer. This means that your communications are protected up to the access point, but no further. Once it hits the wire, your packets are in the clear, and the regular warnings about sending passwords and sensitive information over untrustworthy networks still apply. Always use application layer encryption (such as SSH, SSL, a virtual private network, anything) rather than send sensitive data over the network!
- There have been a couple of reports (see references below) that WEP may be easily crackable with a moderate amount of hardware and effort. While a full discussion of these implications is well beyond the scope of this introduction, only allowing SSH or VPN traffic on your gateway and firewalling it off will go a long way toward preventing unwanted access. Of course, too much paranoia results in a network that is so secure it's impossible to use (and therefore, no one uses it). Let's just leave it there for now; you've been warned.
When not to use encryption
Wireless News - from Meerkat
At large gatherings (like a Conference or other meeting) where open Net access is permitted, it's unfeasible to distribute an encryption key to every attendant. And it wouldn't help much anyway, as everyone would know the key!
In these settings, it makes sense to allow traffic with no encryption. This has an added benefit of allowing many more types of wireless cards to participate. It is safest to assume that any network you use is hostile and being monitored. Always use secure protocols (like SSH or SSL) to protect yourself, with or without a wire.
Enabling encryption under Windows
Double-click the strength meter on the taskbar and select Actions -> Add/Edit Configuration Profile. Alternatively, go to Start -> Settings -> Control Panel -> Wireless Network. These are profiles you can set up to quickly choose between available network settings. I usually set up at least two, one for conferences (unencrypted, grab any network) and another for work (encrypted, and on a specific network).
Name the first profile
Conferences and click Edit Profile.
Under Network Name, type
ANY. Click OK.
Now select the next radio button down, and name this one
Work. Edit the profile, and under Network Name, either type
ANY (to enable roaming to any available network) or type in the
name of your wireless network, as provided by your friendly local sysadmin.
Click the Encryption tab. Check the Enable Data Security box, and type in
the proper password in the Key 1 box. Again, contact your local sysadmin
for details. Click OK.
Now you can always come back to this window and select one radio box or the other to enable or disable encryption. Note that the password must be exactly 5 characters long (for 40-bit WEP). It will complain if your password is the wrong length.
Enabling encryption under Linux
KEY= line in
/etc/pcmcia/wireless.opts? That's where the WEP keys get set. Just prepend your key with an s: (short for String, as opposed to Hexcode) and away you go. Again, remember that it
must be exactly 5 characters long (cAsE sEnSiTiVe) for 40-bit WEP encryption.
You can also manipulate the encryption key, power settings, and virtually any other aspect of wireless communications with the iwconfig command. Be sure to at least check out the man pages for
iwspy; they're worth a read.
Enabling encryption on the Mac
The driver will automatically determine if encryption is enabled on your local access point. If it is, it will prompt you for the password. Enter it, and have fun. Keep in mind that the Mac Airport cards support 40-bit WEP only.
Don't waste your time fiddling with modem-quality pay services to get online. Set up your own private, encrypted, inexpensive wireless network and get yourself (your friends, your neighborhood, your universe) connected.
Additional Info and References
Wireless News - from Meerkat
Return to the Wireless DevCenter.