Chris Szurgot's Blog

(Caveat: I've only had experience with a few wireless routers, and Windows XP and my Tivo, but there are an awful lot of Open access points in my neighborhood, so I can imagine the problems are still out there.)

(There was a great article on Securing a wireless network from MS, but I can't find it. Here's another one that outlines the same steps, however: http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm)

I've worked on a few wireless networks recently, and all of them have been unsecured (except mine), and there are a lot of Access Points popping up from around my neighborhood, almost all of them unsecured. Whenever I encounter a wireless network, I always lock it down, but it's a pain (especially on the client side) And as with most things, people aren't going to research Wireless Security, so most Networks are going to remain unsecured because they just stick with the default.

So here's my request to the Wireless Networking Industry. Fix it! Make it secure by defaut.

To wireless router and acess point manufacturers:

1. Don't allow the defaults. When the user first logs in, have them change the password. When they setup wireless networking, step them through picking a SSID and WEP password.
2. Encourage the user to disable SSID broadcast.
3. Encourage WEP. (See above about WEP password)

To Microsoft: It's difficult to setup wireless security on Windows XP, especially when SSID broadcast is disabled. Make it easier.

1. Create a Wizard to step through connecting to a wireless network. It'll allow them to enter the SSID, security type (most likely WEP, but still), and password/passkey.
2. Allow them to type in the password used to enter the WEP key. Not the 26 HEX characters (or however long it is) generated by the router.
3. If you must require the HEX string, create a popup that allows them to see it as they are typing. I usually have to go through it 3 or 4 times before I can get it right, and not being able ot see it is a real pain. Even if you have the password blanked out on detail screens, it should be easy to enter somewhere. The person is going to have a piece of paper or email with the key in front of them anyway, so it's not like anything is being hidden.
4. Make the password boxes long enough to show all of hte digits of the string. (This wouldn't be necessary if 2 or 3 is done, but...) The first couple of times I typed in my passcode, I bumped into the fact that the password box displays two less than the total # of characters in the string. And since they are all starred out, you can't see that it allows more than what it displays. And when I've already typed in the password a couple of times, this is frustrating.
5. Do something to make it easy to set and change the passwords. If the password on the router is changed, you have to go through the darn 26 digit key all over again.

The Tivo gets it right. It's easy to set up, and enter the passwords, even with just a remote. Windows should be just as easy to set up or extend to a new network.