First time home wireless - how to match PC to router - setup question

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
How would you match up the seemingly different NAMES for security protocols
between my PC and my wireless router?

I am hooking up my first wireless PC at home and I am confused about which
matching settings to use on the wireless router and the wireless PC.

HERE ARE THE AVAILABLE WIRELESS ROUTER OPTIONS:
a. Security Mode = Disabled, WPA Personal, WPA Enterprise, WPA2 Personal,
WPA2 Enterprise, Radius, or WEP
b. WPA Algorithms = AES, TKIP, or TKIP+AES

HERE ARE THE AVAILABLE WINDOWS WIRELESS PC OPTIONS:
a. Network Authentication = Open, Shared, WPA, or WPA-PSK
b. Data Encryption = AES, or TKIP

Given those choices, which would YOU choose for the router and for the PC?

I tried this settings but it didn't work:
ROUTER = WPA2 Personal, TKIP
PC = WPA-PSK, TKIP

And I tried this settings but it didn't work either:
ROUTER = WPA Personal, AES
PC = WPA-PSK, AES

Given what choices I have, what's the most secure WORKING combination I
should use?

Re: First time home wireless - how to match PC to router - setup question
On Sat, 09 Jun 2007 20:00:44 GMT, Julie Bove wrote:
Quoted text here. Click to load it

I finally got it to work using AES and WPA.

The only problem is I found articles saying to use TKIP and not AES.
http://www.microsoft.com/windowsxp/using/networking/expert/bowman_03july28.mspx

Do you know if TKIP or AES is more secure?

Re: First time home wireless - how to match PC to router - setup question

Quoted text here. Click to load it


That article is old and from 2003.  MS has since then added WPA2
support to XP.  See:  
<http://support.microsoft.com/kb/893357

However, I prefer TKIP because I've had some odd problems with AES.
Most AES implimentations are in hardware.  I keep blundering into a
few odd "drivers" that have implimented AES encryption in software
which slows things down considerably.  At this time, a long (>20 char)
pass phrase, with no dictionary words included, is quite safe with
TKIP.  However, if you have reasonably modern hardware, I wouldn't
worry about it and stay with AES.

Quoted text here. Click to load it

WPA2 with AES encryption is more secure from decryption than TKIP.

For the best currently available, you'll need a RADIUS server, which
delivers user and session unique random WPA encryption keys.  This
eliminates the potential for leaking a shared key.  Note that it's
quite easy for an evil hacker (like me) to extract a shared key
directly from your PC.
<http://www.wirelessdefence.org/Contents/Aircrack-ng_WinWzcook.htm


--
Jeff Liebermann     jeffl@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558

Re: First time home wireless - how to match PC to router - setup question
On Sat, 09 Jun 2007 16:27:29 -0700, Jeff Liebermann wrote:

Quoted text here. Click to load it

I'm confused. I have my Windows XP set to update everything so I SHOULD
have that WPA2 update from Microsoft at
http://support.microsoft.com/kb/893357 but I DO NOT SEE WPA2 as an option
in my "wireless zero" interface.

All I see are options for "Open", "Shared", "WPA", & "WPA-PSK".

Do you know if WPA-PSK is the same as WPA2 or are they different?

Re: First time home wireless - how to match PC to router - setup question
Quoted text here. Click to load it

You have to match the router settings with your own computer network
hardware settings.  Does your wireless NIC support WPA2?  You can only use
the higher of the settings that both peices of hardware(router and NIC)
support.  In other words even though the router might support WPA2 + AES the
wireless network card in your computer might only support WPA-PSK, etc.  If
your network card is much older it might only support WEP.



Re: First time home wireless - how to match PC to router - setup question


On Sat, 9 Jun 2007 20:47:18 -0500, Jbob wrote:

Quoted text here. Click to load it

After installing the Microsoft patch http://support.microsoft.com/kb/893357
the WINDOWS wireless NIC now supports WPA2 & WPA2-PSK.

The ROUTER supported WPA2-Personal & WPA2-Enterprise.

Can I now match the WINDOWS "WPA2-PSK" with the ROUTER "WPA2-Enterprise"?

I am thoroughly confused.

Julie

Re: First time home wireless - how to match PC to router - setup question

Quoted text here. Click to load it

You probably already have this update.  Download and install Belarc
Advisor:
<http://www.belarc.com
It will supply a list of updates, supplements, bug fixed, debris,
junk, and other stuff that Microsoft installs.  It's quite a list.  It
also marks what's missing and what failed to install.  Also, a list of
every piece of hardware, and every software package and version.  Very
handy.

Quoted text here. Click to load it

Well, maybe you don't have the supplement installed.  See:
<http://www.microsoft.com/windowsxp/using/security/expert/bowman_wirelesssecurity.mspx
<http://support.microsoft.com/?id=893357

Quoted text here. Click to load it

Very different.  You're also mixing a few things.

WPA is a temporary kludge thrown together by the Wi-Fi Alliance in an
attempt to do damage control after the WEP fiasco.  The encryption is
TKIP/MIC/PPK/IV.  The IEEE then adopted the standard as IEEE-802.11i
also known as WPA2.  They then threw in a mess of authentication
protocols.  AES/CCMP encryption was adopted for WPA2.  

This might help fill in some of the details:
<http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/netqa0900aecd801e3e59.html>
The bottom line is that they're similar in function, but quite
different in implementation.

Ignoring authentication, the relevant combinations available in your
Linksys WRT54G are:
  WPA-PSK or WPA-Personal
  WPA-RADIUS or WPA-Enterprise
  WPA2-PSK
  WPA2-RADIUS

You probably won't be using the RADIUS server versions unless you have
an external RADIUS server to handle logins, passwords, and encryption
keys.  So, that leaves WPA-PSK (pre-shared key) and WPA2-PSK.  Your
choice.  

Just to confuse things, the many router firmware implimentations have
an automatic setting for WPA, where it will automagically select
either TKIP or AES encryption, depending on the capeabilities of the
client.  It's usually called "WPA2-PSK Mixed" or "WPA-RADIUS Mixed".
This way, you don't have to select one or the other.  The router will
work with any of the WPA or WPA2 mutations.  You didn't specify your
WRT54G hardware version or firmware version, so I can't check if yours
offers this selection.

A RADIUS server would be nice, but overkill for the typical home user
as it involves either a replacement router, or another box that's on
24 hours per day.

As for authentication protocols, that's usually handled by the client
computah.  See:
<http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol
for a large shopping list.

--
Jeff Liebermann     jeffl@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558

Re: First time home wireless - how to match PC to router - setup question

Quoted text here. Click to load it

Correct.  The names have been changed to confuse the innocent.

WPA2-PSK and WPA2-Personal are the same thing.
WPA2-RADIUS and WPA2-Enterprise are the same thing.


--
Jeff Liebermann     jeffl@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558

Re: First time home wireless - how to match PC to router - setup question
On Sat, 09 Jun 2007 18:54:25 -0700, Jeff Liebermann wrote:

Quoted text here. Click to load it

I'm going to guess that's why my router has a setting for "TKIP+AES" in
addition to "AES" and "TKIP" separately???

Julie

Re: First time home wireless - how to match PC to router - setup question


On Sat, 09 Jun 2007 18:54:25 -0700, Jeff Liebermann wrote:

Quoted text here. Click to load it

Oh my. I THOUGHT I had all the latest windows xp patches but I didn't have
the Microsoft KB 893357 WPA2/WPA2-PSK additive patch you had suggested.
 http://support.microsoft.com/kb/893357

This Microsoft KB893357 patch added TWO new options to my wireless zero
control panel (WPA2, & WPA2-PSK) so now my options are more even.

HERE ARE THE AVAILABLE WIRELESS ROUTER OPTIONS:
a. Security Mode = Disabled, WPA Personal, WPA Enterprise, WPA2 Personal,
WPA2 Enterprise, Radius, or WEP
b. WPA Algorithms = AES, TKIP, or TKIP+AES

HERE ARE THE NEWLY AVAILABLE WINDOWS WIRELESS PC OPTIONS:
a. Network Authentication = Open, Shared, WPA, WPA-PSK, WPA2, or WPA2-PSK
b. Data Encryption = AES, or TKIP

So I think I'll go with:
ROUTER: WPA2 Personal
WINDOWS: WPA2-PSK

The only problem left is that I'm assuming "WPA2 Personal" is the same as
"WPA2-PSK". Is it?

Re: First time home wireless - how to match PC to router - setup question
On Sat, 09 Jun 2007 16:27:29 -0700, Jeff Liebermann wrote:

Quoted text here. Click to load it

Oh my! And I live just north of Santa Cruz besides! I noticed that my
router, a linksys wrt54g, has the capability of that thing which you call
"radius".

How do I know if my Windows XP SP2 can support the radius method?

Re: First time home wireless - how to match PC to router - setup question
On Sun, 10 Jun 2007 09:09:48 +0100, kev wrote:

Quoted text here. Click to load it

Oh my! The reference article helps greatly!
http://www.microsoft.com/technet/network/wifi/wrlsxp.mspx

In that article, it basically says "WPA2-Personal" uses "PSK" so now I
*finally* have a correlation on the router side with the PC side!

ROUTER = WPA2-Personal, TKIP + AES (which the article says also uses PSK)
WINDOWS = WPA2-PSK, TKIP (with the patch listed in KB893357 & KB917021)

Finally, if you see this message, then I have a match between the 802.11g
abbreviations used on the router side and the newly patched 802.11i
abbreviations used on the Windows XP SP2 PC side!

May I ask why they all don't just use the same abbreviations?

Julie

Re: First time home wireless - how to match PC to router - setup question
On Sun, 10 Jun 2007 03:11:37 -0700, Julie Bove wrote:

[snip]

Quoted text here. Click to load it

The abbreviations are mostly the same, the main difference is
that some vendors think "Personal" is a better word than PSK,
or 'pre-shared key'.

As far as I know, there is no other official name for PSK than
PSK. I've done some unsuccessful attempts to locate the origin of
this "personal" terminology. Would appreciate it if anyone could
provide some insight on this... I'd like to know who to blame :)


- Eirik


Re: First time home wireless - how to match PC to router - setup question
eirik@mi.uib.no (Eirik Seim) hath wroth:

Quoted text here. Click to load it

Can I guess?

Personal and Enterprise are all over the Wi-Fi.org web site.  For
example, see:
<http://www.wi-fi.org/knowledge_center/wpa2
Searching the web pile, PSK appears in one press release (probably an
accident) and in the glossary, which points to WPA-Personal.  I
suspect (not sure) that they will not issue certification unless the
product uses their terminology.

PSK and RADIUS are all over IEEE-802.11i-2004 which is the controlling
document for WPA2.  
<http://standards.ieee.org/getieee802/download/802.11i-2004.pdf>

My guess(tm) is that the Wi-Fi alliance is more consumer oriented than
the acronym infested IEEE.  I'm guilty of using them interchangeably,
depending on whom I'm addressing.



--
Jeff Liebermann     jeffl@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558

Re: First time home wireless - how to match PC to router - setup question
On Sun, 10 Jun 2007 08:52:48 -0700, Jeff Liebermann wrote:

Quoted text here. Click to load it

Oh yeah! I researched (as in searched again) the google 'pile' using the
fact that I now knew the answer (that "PSK" is the same as "Personal") and
now, indeed, I can see that the dummy and wikipedia guides (my first stop
shopping) do say that "personal" is the *same* as "psk" (even though the p
stands for something else entirely).

http://www.dummies.com/WileyCDA/DummiesArticle/id-4766.html
 "WPA Personal is equivalent to WPA-PSK, which is used by many
  wireless access points. WPA Enterprise requires that a RADIUS
  server be running on your network, something your home network
  is not likely to have."

http://en.wikipedia.org/wiki/WPA2
 "Pre-shared key mode (PSK, also known as personal mode) is
  designed for home and small office networks"

If I would *hazard* a guess, I might infer that the friendlier-sounding
"Personal" description arose for the Macintosh community while the
acronym-lased "PSK" was relegated to the Windows clientelle based on some
search results such as that at
http://security.itbusinessnet.com/articles/viewarticle.jsp?id=89612
 "WPA-PSK (Windows) and WPA-Personal (Mac) Encryption ... In this
 first section we look at WPA-PSK (Windows) Encryption ...
 Next Page: WPA-Personal (Mac) Encryption ..."

Does my guess pan out that "Personal" was originally styled for Macintosh
computers while the more gruff acronym "PSK" was for Windows PCs?

Julie



Re: First time home wireless - how to match PC to router - setup question

Quoted text here. Click to load it

Nope.  Wi-Fi is platform agnostic.  If anything, Unix and Linux would
be the most favored operating system of the standards producers.  I'm
going to preserve my sanity and NOT lookup when the first mention of
either term appeared.  My foggy memory seems to recall that WPA-PSK
was first used, which later mutated into WPA-Personal, as apparently
required for router certification.

--
Jeff Liebermann     jeffl@cruzio.com
150 Felker St #D    http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann     AE6KS    831-336-2558

Re: First time home wireless - how to match PC to router - setup question
On 10 Jun 2007 14:29:57 GMT, Eirik Seim wrote:

Quoted text here. Click to load it

Wow! Why didn't the world provide me this secret decoder ring *before* I
confusified myself and everyone else! LOL!

Seriously, before you, I hadn't known that "Security Mode = WPA2 Personal"
on my Cisco router is actually the same thing as "Network Authentication =
WPA2-PSK" in my patched Windows XP PC. Am I the only one to not get with
the program?

While this hidden 1:1 translation knowledge simplifies things greatly, I
wonder aloud whether the same kind of inverted translational logic applies
to the encryption algoritm too???

For example, I've set my corresponding router & windows settings to:
a. ROUTER: WPA Algorithms = TKIP+AES
b. WINXP:  Data Encryption = TKIP

The convoluted reason I did this was that I was told TKIP is better but
having TKIP plus AES "seemed" more secure to me. Am I ditzing out again?

Or should I have just chosen a router "wpa algorithm" of TKIP and a Windows
XP "data encryption" of TKIP?

Does setting the router to "TKIP+AES" buy me anything over setting the
router to just "TKIP"?

Julie

Re: First time home wireless - how to match PC to router - setup question
On 10 Jun 2007 19:43:36 GMT, Eirik Seim wrote:
Quoted text here. Click to load it

Thanks to all of you, here is what I ended up with, after taking in all of
the (sometimes conflicting) advice.

1. Wireless ROUTER is set to WPA2 Personal "Security Mode"
2. Wireless ROUTER is set to AES "WPA Algorithm"
3. WinXP PC is patched to Microsoft KB917021 level
4. Newly patched WinXP PC is set to WPA2-PSK "Network Authentication"
5. Newly patched WinXP PC is set to AES "Data Encryption"
6. Preselected key is set as "Four score & seven years ago"
7. ROUTER SSID is set to not broadcast (adds very minimal protection)
8. MAC Address Filtering is turned on (adds very minimal protection)
9. DHCP is set to allow only the number of available computers (useful?)
 
Does setting the number of allowed DHCP clients equal to the number of
available computers afford me any protection from intrusion?

That is, if I have three computers and I set the DHCP range from
192.168.1.1 to 192.168.1.3 - doesn't that protect me from intrustion by a
fourth computer?

Re: First time home wireless - how to match PC to router - setup question

Quoted text here. Click to load it

Not really, I hope.  Where do you live?<G>  We could be driving by right
now.(NOT)

Quoted text here. Click to load it

Perhaps, but only if all three computers are left on all the time.  
Otherwise, if your other security settings don't stop unauthorized
computers from connecting (and it should), that IP would be available for
DHCP assignment.

--
                                          John Gray

If you don't have a reason, at least have an excuse.

Re: First time home wireless - how to match PC to router - setup question
On 11 Jun 2007 14:13:26 GMT, John Gray wrote:
Quoted text here. Click to load it

 
Quoted text here. Click to load it


How can someone set an IP address manually?

Site Timeline