Introduction Wireless local area network (LAN) technologies such as IEEE 802.11a/b/g have become a popular networking method for connecting multiple computers in a home or small business. While wireless networks offer location flexibility, they also present security issues that are not present when using traditional wired network technologies such as Ethernet. These security issues are as follows: • Authentication Specify which computers can connect to the wireless network. • Encryption Specifies how the wireless framework is encrypted so that eavesdroppers cannot interpret the sent data or make it impossible for eavesdroppers to access network resources such as shared folders. For home or small offices, the following two authentication and encryption methods are recommended: • Open System Authentication and Wired Equivalent Privacy (WEP) encryption, hereinafter referred to as Open System/WEP • Wi- using Pre-Shared Key (PSK) Fi Protected Access (WPA) Authentication and Temporal Key Integrity Protocol (TKIP) encryption, hereinafter referred to as WPA-PSK/TKIP You should only use Open System/WEP if all network devices do not support WPA. Microsoft strongly recommends that you use WPA-enabled wireless devices and WPA-PSK/TKIP. For more information on WPA and TKIP, see the March 2003 Network Expert article Wi-Fi Protected Access (WPA) overview. WPA support is included in Windows XP Service Pack 2 (SP2); previously only computers running Windows XP with Service Pack 1 (SP1) were able to use WPA support that was free to download. Because home or small offices typically do not have a central authentication server, users at home or small offices must do one of the following: • For Open Systems/WEP, they must choose a strong WEP key and configure all computers and wireless devices to use Open system authentication, WEP encryption, and the same strong WEP key. • For WPA-PSK/TKIP, they must select strong WPA-PSK and configure all computers and wireless devices to use WPA-PSK authentication, TKIP encryption, and the same strong WPA-PSK. Note: A strong key is a key that uses a random set of hexadecimal digits (for WEP keys) or characters (for WPA-PSK) to get the largest possible key size. In either case, wireless network installation can be complicated for beginners because each wireless device has a different way of configuring authentication and encryption settings. For example, a wireless access point (AP) might use a wizard or a set of web browser pages to configure specific authentication methods, encryption methods, and WEP keys or WPA-PSK. If your computer is running Windows XP SP2 or Windows XP SP1, you can configure authentication, encryption, and WEP keys or WPA-PSK keys for specific wireless networks in the Wireless Network Properties dialog box; you can use Network Connections The "Wireless Network" tab of the Wireless LAN Adapter Properties in the folder enters this dialog. To make it easier to configure WEP keys or WPA-PSK, Windows XP SP2 supports Windows Intelligent Network Key (WSNK) — a new wireless device feature that automates the configuration of wireless networks. Windows XP SP2 supports WSNK through updates to wireless client software and the new Wireless Network Setup Wizard. The Wireless Network Setup Wizard guides you step-by-step through the configuration of your wireless network settings (wireless network name, authentication and encryption methods, and strong WEP key or WPA-PSK), then on a Universal Serial Bus (USB) flash drive (UFD) ) Write the configuration as a set of Extensible Markup Language (XML) files. You can then plug the UFD into other WSNK-enabled wireless devices in your home or small office. All wireless devices that support WSNK automatically read the settings from the XML file stored on the UFD and configure themselves with the same settings as the computer that originally ran the Wireless Network Setup Wizard. This new feature of Windows XP SP2 and other wireless devices with USB ports and support for WSNK greatly simplifies the configuration of enhanced security for wireless networks in homes or small offices. Configuring the wireless network using the Wireless Network Setup Wizard
To run the new Wireless Network Setup Wizard on a computer running Windows XP SP2, you can do one of the following: • Network and Internet connections in Control Panel Click the Wireless Network Setup task or icon in the folder • Click the Wireless Network Setup task or icon in the My Network Places window • Click Start, point to Programs, point to Accessories, point to "Communication", then click "Wireless Network Installation" • Click the "Wireless Network Installation" task in the new "Windows Provisioning Service Wizard" When you run the "Wireless Network Setup Wizard", it will display "Welcome to the Wireless Network Installation Wizard" "page, as shown below. Click Next. You will see the "Specify the name of your wireless network" page as shown below. Specify the name of the wireless network (also known as Service Group Identifier [SSID]) on this page to specify whether the Wireless Network Setup Wizard will automatically create a strong network key and whether to use WPA. If you want the Wireless Network Setup Wizard to create a strong network key and clear the Use WPA Encryption check box, the Wireless Network Setup Wizard creates a strong WEP key. If you want the Wireless Network Setup Wizard to create a strong network key and the Use WPA Encryption check box is selected, the Wireless Network Setup Wizard creates a strong WPA-PSK. Click Next. If you choose to have the Wireless Network Setup Wizard automatically assign a network key, the Wireless Network Setup Wizard displays the How do you want to set up your network? page, as shown in the following figure. If you select Use a USB flash drive, the Wireless Network Setup Wizard prompts you to insert a UFD to create an XML file for your wireless network configuration, including wireless network name, authentication and encryption methods, and WEP key or WPA-PSK. If you select Manual Network Setup, the Wireless Network Setup Wizard prompts you to print your wireless network settings so that you can manually configure each wireless device with the printed wireless network configuration. Click Next. If you choose to use UFD, the Wireless Network Setup Wizard will display the Save Settings to Flash Drive page as shown below. When you insert a UFD into your computer's USB port, the Wireless Network Setup Wizard automatically displays the drive letter assigned to that UFD in the Flash Drive. Click Next. The Wireless Network Setup Wizard writes the wireless network settings to the UFD as an XML file and then displays the Transfer network settings to another computer or device page, as shown in the following figure. Unplug the UFD from your computer and plug it into each of the other wireless devices that support WSNK (such as wireless APs and network printers) and other wireless computers running Windows XP SP2. When you plug a UFD into a wireless device that supports WSNK, the device's status light flashes three times, indicating that it has configured itself with the wireless network settings stored on the UFD. When you insert a UFD into a computer running Windows XP SP2, the Wireless Network Setup Wizard runs and asks if you want to access the wireless network. If you accept, the Wireless Network Setup Wizard creates a wireless profile and connects the computer to your home network. As a rule of thumb, you should configure your wireless AP before configuring other computers and other wireless devices running Windows XP SP2. After completing the configuration of other computers and wireless devices with UFD, plug the UFD back onto the computer that originally started the Wireless Network Setup Wizard, and then click on the "Transfer network settings to another computer or device" page. step". The Wireless Network Setup Wizard displays the Wizard Completed Successfully page, as shown in the following figure. In "You have successfully set up the following devices," the Wireless Network Setup Wizard lists the wireless computers and devices that have been configured through the Wireless Network Setup Wizard and UFD. To remove wireless network settings (including WEP keys or WPA-PSK) from the UFD, select the "Remove network settings from flash drive for security" checkbox. Clear this check box if you want to configure more wireless computers or devices with UFD later. Click Finish. This Wireless Network Setup Wizard example performs an initial configuration of a wireless network with an automatically assigned WEP key or WPA-PSK. You can also use the Wireless Network Setup Wizard to do the following: • Configure a new device that supports WSNK after running the Wireless Network Setup Wizard. In this case, the Windows Network Setup Wizard guides you through rewriting the current wireless network settings to a UFD that you can plug into your new wireless device or computer. • Configure the wireless network with a manually assigned WEP key or WPA-PSK. You can do this by selecting the "Manually assign network key" option on the "Specify the name of your wireless network" page. • Print current wireless network settings for configuring wireless devices that do not support WSNK, or to configure computers running some older versions of Windows that cannot perform configuration files stored on UFDs. You can do this by selecting "Set up the network manually" on the "How do you want to set up your network?" page. • Reconfigure your wireless network settings. Although the Wireless Network Setup Wizard creates a strong key, it is still a good idea to change the password every few months to prevent eavesdroppers from collecting encrypted information and using an encryption tool to crack the WEP key or WPA-PSK. When you run the Wireless Network Setup Wizard again, it asks if you want to keep existing settings or create new ones. If you specify that you want to create a new setting, the Wireless Network Setup Wizard displays the Specify the name of the wireless network page, and then you can configure the wireless network in the same way as the original configuration. The Wireless Network Setup Wizard automatically assigns a new set of strong keys. XML file stored on UFD
Whenever you run the Wireless Network Setup Wizard to create a new wireless network setup and click Next on the Save Settings to Flash Drive page The wizard writes the following files to the UFD: • \\Autorun.inf Starts the \\Smrtntky\\Setupsnk.exe file when the UFD is inserted into a computer running Windows. If an Autorun.inf file already exists, the Wireless Network Setup Wizard