Using WPA2-Personal (PSK)

To enable WPA2-Personal security, start by entering the IP address of your wireless router and/or access points into a web browser, login to the control panel, and find the wireless security settings.

If you don’t know the IP address of your router or don’t remember the password, refer to the notes in the previous section.

 

Once you find the wireless security settings, select WPA2 security and AES encryption. Then enter a Pre-Shared Key or Passphrase of 8 to 63 alphanumeric characters. The longer and more complex the more secure. Try to upper and lower case letters and numbers. Write this down and keep it safe. Don’t forget to save/apply the changes.

Now you must enter the same passphrase on your Wi-Fi equipped computers and devices. In Windows, you should be prompted to enter it when connecting. However, if you were previously using WEP or WPA, Windows may not connect until you edit the saved security settings:

In Windows XP, double-click the wireless network icon in the lower right corner of Windows, click Change the order of preferred networks. Then double-click the network name and change the Network Authentication to WPA2-PSK, Data Encryption to AES, and enter the passphrase twice in the Network Key felids. See Figure 4 for an example.

In Windows Vista and 7, bring up the list of available wireless networks, right-click the network, and select Properties. Then change Security Type to WPA2-Personal, Encryption Type to AES, and enter the passphrase as the Network Security Key. See Figure 5 for an example.

Using WPA2-Enterprise

Before you can use WPA2-Enterprise, you must choose and setup a RADIUS server. If you have a Windows Server, you should be able to use the IAS or NPS server. Other RADIUS servers include FreeRADIUS, Elektron, and ClearBox. Keep in mind; some business-class access points (such as theZyXEL ZyAIR G-2000 Plus v2) include integrated RADIUS servers. If you don’t have the money or expertise to run your own server, you can use a hosted service, such as AuthenticateMyWiFi.

For more help on deploying WPA2-Enterprise and 802.1X, refer a previous article of mine that discusses overcoming the common roadblocks. I’ve also written a series targeted toward deployment in small businesses.

Eric Geier is a freelance tech writer and author of many networking and computing books, for brands like For Dummies and Cisco Press. He also founded NoWiresSecurity, which helps businesses quickly and easily protect their Wi-Fi with enterprise-level security. Additionally, he’s a Field Technician for Fast-Teks, an on-site computer services company that has hundreds of locations across the U.S.

Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.