- slide 1 of 3
Wireless Access Point Security
Every administrator has a wide range of options for encryption and security on their wireless access points. Depending on a company or small business' profile and connectivity choices, this can make accessing the Internet from certain devices difficult. Smart phones, even with all of their features, still lack some of the automation provided by desktop operating systems. By knowing what each type of encryption is and what authentication details are required to access security-enabled wireless networks, you can either discover what you need to find out before connecting or what kind of network you are attempting to connect to based upon what the authentication query requests of you.
- slide 2 of 3
Wired Equivalent Privacy (WEP) is a largely deprecated form of wireless access point (AP or WAP) security. A number of security vulnerabilities have been found, allowing users to crack WEP keys in as little as under 60 seconds. Still, some administrators choose to use WEP because it provides an easy deterrant for non-technical users. WEP requires only a single, pre-shared key either in hexadecimal or plaintext.
Wi-Fi Protected Access (WPA) followed up WEP as a solution to WEP's many security flaws. WPA2, the second generation of WPA, has largely replaced the older protocol and implements a number of new algorithms and security features that were lacking in the first generation. Standard WPA/WPA2 methods require a pre-shared hexadecimal key, just like WEP, or a pre-shared passphrase. WPA has been extended in a number of ways to provide more secure enterprise-level access methods.
Sometimes you will see networks with the Extensible Authentication Protocol (EAP) prefix connected to Transport Layer Security (TLS) or prefixed by Lightweight (LEAP). This is an authentication framework that has been adopted by WPA and provides an additional layer of security on top of the passphrase or pre-shared key, establishing an encrypted tunnel to an authentication server. Depending on the administrator's specific set up, you will need to have an Identity, such as your corporate account name, password, and possibly an encryption certificate.
Protected EAP (PEAP) is the most commonly used implementation of the EAP standard with WPA for corporate networks. This requires a user identity and password like most EAP implementations, but further secures the communication by encrypting all handshakes. Many corporate networks allow users to connect to a PEAPv0 (EAP with MSCHAPv2, a common hash algorithm used with Microsoft Windows), without a certificate. The network will then require the installation of an access control client, like Cisco Clean Access, that will make sure that all necessary software is installed on a user's machine.
- slide 3 of 3
Now that you know what you need, you can connect using your operating system's network management utility. Under Microsoft Windows you can find this utility in the bottom-right corner of the screen on your desktop and under Mac OS X in the upper-right corner. Both look like radios or radio towers emitting waves. If you are using GNU/Linux, there are a number of network management utilities and depending on your desktop environment the utility could be anywhere. Consult your distribution's documentation for more information.
Click the utility's icon in your notification panel or toolbar.
Click the network you want to establish a connection with.
Enter the necessary authentication details, then press the "Enter" key to establish a connection.
Wait until a pop-up window announces a successful connection or for the icon to turn green to indicate success.
Source: author's own experience.