Push-Button Wireless Security

By Joseph Moran | Posted December 02, 2005

Walk around your neighborhood with a wireless notebook, and you'll probably detect the presence of many wireless networks. You're also likely to find that many of them are not encrypted and open to use or abuse. It's a pretty safe bet that many of those unrestricted networks were left that way due to the difficulty, real or perceived, of configuring wireless encryption.

Linksys is aiming to remedy this problem and increase the number of secure networks with the SecureEasySetup (SES) feature now available on a number of the company's products, including the WRT54GS router (hardware version 3), an 802.11g device Linksys sent to us for testing. SES is also available on the WRT54G (which lacks the SpeedBooster feature) and the WRT54C compact router.

The idea behind SES is fairly simple. Rather than forcing you to deal with the details of a router's security configuration, SES lets you configure the SSID and encryption keys on both the router and the client with the press of a button (two buttons, actually: one on the router and one on the client).

SES is actually a technology developed by Broadcom, the vendor that supplies the chipset found in the WRT54GS and many other Linksys products. The technology is similar in concept to AOSS (AirStation One-Touch Security System), which Buffalo Technology introduced last year. Although Buffalo products also use Broadcom chipsets, Buffalo developed AOSS. Broadcom also is responsible for the SpeedBooster feature.

On the outside, the SES-enabled WRT54GS looks almost identical to its predecessors. The only new characteristic is that the device's Cisco logo (Linksys is a division of Cisco) is actually an illuminated button that initiates the SES process. This logo glows orange when you first power on the router (and SES is inactive), and white when SES is functioning.

The setup wizard included with the WRT54GS caused some problems during the install process. When we started the wizard, an error message appeared advising that the router's "drivers" did not support SES. This was in spite of the fact that the wizard prominently displayed the SES logo. It prompted us to click a button to enable SES. Doing so inexplicably launched a generic Broadcom WLAN client utility installation from the CD and, after a reboot, the exact same sequence of events happened again. Despite this hiccup, we were able to bypass the setup wizard and get the router up and running manually, and upon doing this discovered that, as suspected, the router was in fact SES-capable.

Using SES
To take advantage of SES, you must use a client adapter that's also SES-capable, like the WPC54GS CardBus adapter (Linksys also offers SES-compatible PCI and USB adapters). After a press of the router's SES button, which causes the logo light to blink white, you click the corresponding button on the client hardware. Well, the clients don't actually have physical buttons; you instead click a button located in the devices' client software interface. This starts the SES negotiation process between the two devices.

After about 15 to 20 seconds, the logo light changes from blinking to solid white, indicating an established connection. We tried this process repeatedly, and it worked flawlessly each time. Although you can only add one client at a time with this method, you can repeat the process as many times as necessary to add additional clients.

The WRT54GS supports a range of wireless encryption options, including WPA Enterprise (a.k.a. WPA-RADIUS) and the more recent WPA2, but when you use SES to configure your wireless network, it's automatically set up to use WPA Personal encryption and the TKIP algorithm (though it also supports AES).

After setting up your first client via SES, the SSID and WPA key are displayed for you to print or save as a text file. You can use this information to manually configure any non-SES clients on the network, provided that they also support WPA Personal. We were able to successfully add third-party clients to an SES network this way, but if you have any clients or operating systems that lack WPA support, you can't use SES at all.

Once a router has been set up via SES, it's essentially acting as a normal router, so you are still free to access the unit via the administration console and view or modify any configuration setting (including the SSID and encryption key) even while it's operating in SES mode. Just like a conventional router, should the device temporarily lose power, it retains its SES-configured information, so you don't need to reconfigure your clients. If you do want to disable SES, holding down the router button for five seconds will do the trick, though the next time you activate it, your SSID and encryption key will have changed, requiring you to reconfigure any non-SES clients.

Not a Panacea
SES greatly simplifies the setup of a secure wireless network and the process of adding clients to it, but it doesn't cover all aspects of security, and so it doesn't quite absolve you of all responsibility regarding security. For example, it doesn't disable the SSID broadcast, which is generally considered a helpful (albeit modest) security measure. It also doesn't enable MAC filtering or force you to change the router's default administrator password. These tasks will have to be performed manually in order to achieve comprehensive security.

If have existing Linksys WLAN hardware, you may be able to upgrade it to include SES. Linksys is retroactively adding the feature via firmware to a number of their Broadcom-based products, so check the company's Web site for your specific model and hardware version. This means limiting yourself to products from a single vendor, however — not exactly what we're supposed to be striving for in this world of interoperability. If you have the patience to hold out for a couple of years, the Wi-Fi Alliance is cooking up something similar to SES for future Wi-Fi products from multiple vendors — but if you've got sensitive data or a desire to keep your broadband to yourself, don't wait.

Model: WRT54GS (v3)
Price: $89.99 (MSRP)
Pros: Speeds up and simplifies setup of secure WLAN.
Cons: Security setup requires compatible client hardware; only supports WPA Personal encryption when using SES.

Adapted from wi-fiplanet.com.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!


Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date