You need to consider three basic options when configuring a Wi-Fi AP for home use: the radio settings, beam forming, and security. Figure 11-14 shows a typical configuration screen for a home Wi-Fi system.
Figure 11-14 Typical Wi-Fi Network Settings
The following sections consider each of these three areas of configuration.
The two most basic settings at the top of the screen are the network name, or SSID, and a password.
Note
You should always change the SSID and password to local settings; you should never leave them at whatever the factory sets them.
Select a long, but easy-to-remember, password. The password length matters more than symbols—although you should use symbols if possible. Try to make this password easy to remember; you will use it regularly.
Security
You should always use some form of encryption to protect the data traveling between a host and an AP. If this data is not encrypted, anyone receiving the signal can capture and process your data.
War Driving
War driving is driving around neighborhoods and business areas looking for Wi-Fi systems using common passwords or even open Wi-Fi systems. Once they have accessed the Wi-Fi system, hackers will either steal bandwidth from it or capture data for later use.
Most APs offer Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), and Wi-Fi Protected Access Pre-Shared Key (WPA-PSK).
WEP was initially ratified in 1999 to provide security equivalent to wired connections for Wi-Fi. Viable attacks against WEP’s security were quickly discovered, leading to multiple attempts to make the protocol more secure. These efforts failed; the Wi-Fi Alliance officially retired WEP in 2004.
You should reconfigure any Wi-Fi system using WEP to use some version of WPA. Operators should replace any AP that cannot be configured to support WPA.
WPA was initially ratified in 2003. WPA differs from WEP in three ways:
• WPA uses 256-bit keys rather than the 64- and 128-bit keys used by WEP.
• WPA includes a message integrity code on each packet to ensure hackers cannot tamper with data transmitted on the Wi-Fi network.
• WPA authenticates users and hosts rather than just encrypting traffic passing over the Wi-Fi network.
WPA begins when a session between a device and the AP starts.
A public key is selected in one of two ways:
• WPA uses a public key provided by an external server. This form of WPA is often called enterprise because of the external server requirements.
• WPA-PSK creates public key using the SSID and other
information. This form of WPA is sometimes called personal because it does not require any external servers.
WPA is more secure than WPA-PSK because attackers do not know the information used to create the initial public key.
The AP uses this public key to exchange private keys, which are then used to encrypt data transferred across the Wi-Fi network.
Operators should change the private key used to encrypt data regularly.
To snoop on a Wi-Fi data stream secured using WPA, an attacker must discover the current key and find some way to know the next key the AP will use. Attacks of this kind are possible but tend to be challenging to execute.
Note
Chapter 22, “Troubleshooting, ” considersencryption in more detail. Chapter 20, “Security Tools,” considers authentication in more detail.
WPA2 is a later, more secure version of WPA. The Wi-Fi Alliance is working on WPA3, which is more secure than WPA2.
You should use WPA-PSK for most home networks—unless you want to set up and manage a separate key server.
Configuring a Windows Host for Wi-Fi Connectivity You can configure Wi-Fi connectivity on a Windows 11 host in two places: the Quick Settings section of the task bar and Settings. Figure 11-15 shows the configuration steps using Settings.
Figure 11-15 Windows Wi-Fi Configuration Selecting Network & internet from Settings displays the current network connections. Selecting Wi-Fi will then display options related only to Wi-Fi connections. Several options are of interest here:
• Wi-Fi is a single selector allowing you to turn Wi-Fi on or off.
• Network properties will normally display the SSID of the Wi-Fi network to which this host is connected. This option will open another set of options and information, covered next in this section.
• Show available networks causes Windows 11 to search for every network. The complete list of networks might not include Wi-Fi networks that are not advertising their SSID.
• Selecting Manage known networks opens a screen listing every network this host has ever connected to. You can configure Windows to auto-connect to specific Wi-Fi networks or forget individual Wi-Fi networks.
• Hardware properties provides information about the Wi-Fi adapter connected to this host, including driver and hardware versions.
• Selecting Random hardware address causes the host to use a virtual physical (MAC) address when connecting to Wi-Fi APs.
This prevents the host from being tracked when roaming between multiple Wi-Fi networks.
To connect to a network, select the SSID from the list of available networks and enter the network password. If the network SSID is not shown, you can enter it manually.
Figure 11-16 illustrates the settings screen for a specific Wi-Fi network.
Figure 11-16 Windows 11 Wi-Fi Network Configuration and Information Screen
You can select whether the network is public or private on this screen. If you set a Wi-Fi network to public, this host will not advertise its presence to other hosts on the network, and the host will not permit connections from other devices on the same network.
If you set a Wi-Fi network to private, the host will advertise its presence on the network, and other devices can connect to the host.
You can also use the Windows 11 task bar to select a Wi-Fi network quickly. Selecting the network icon (a connected host, as shown in Figure 11-17, or a Wi-Fi icon) brings up a small screen.
Figure 11-17 Windows 11 Task Bar Wi-Fi Configuration Selecting the arrow on the right side of the Wi-Fi symbol brings up a second screen listing every available network. Select the correct SSID and enter the network’s password (configured on the AP) to connect to one of these networks. The Hidden Network is a Wi-Fi network configured not to advertise its SSID. You can only connect to this network if you know the SSID and password.