First time home wireless - how to match PC to router - setup question

How would you match up the seemingly different NAMES for security protocols
between my PC and my wireless router?

I am hooking up my first wireless PC at home and I am confused about which
matching settings to use on the wireless router and the wireless PC.

HERE ARE THE AVAILABLE WIRELESS ROUTER OPTIONS:
a. Security Mode = Disabled, WPA Personal, WPA Enterprise, WPA2 Personal,
WPA2 Enterprise, Radius, or WEP
b. WPA Algorithms = AES, TKIP, or TKIP+AES

HERE ARE THE AVAILABLE WINDOWS WIRELESS PC OPTIONS:
a. Network Authentication = Open, Shared, WPA, or WPA-PSK
b. Data Encryption = AES, or TKIP

Given those choices, which would YOU choose for the router and for the PC?

I tried this settings but it didn't work:
ROUTER = WPA2 Personal, TKIP
PC = WPA-PSK, TKIP

And I tried this settings but it didn't work either:
ROUTER = WPA Personal, AES
PC = WPA-PSK, AES

Given what choices I have, what's the most secure WORKING combination I
should use?

On Sat, 09 Jun 2007 20:00:44 GMT, Julie Bove wrote:
> I am hooking up my first wireless PC at home and I am confused about which
> matching settings to use on the wireless router and the wireless PC.
>
> HERE ARE THE AVAILABLE WIRELESS ROUTER OPTIONS:
> a. Security Mode = Disabled, WPA Personal, WPA Enterprise, WPA2 Personal,
> WPA2 Enterprise, Radius, or WEP
> b. WPA Algorithms = AES, TKIP, or TKIP+AES
>
> HERE ARE THE AVAILABLE WINDOWS WIRELESS PC OPTIONS:
> a. Network Authentication = Open, Shared, WPA, or WPA-PSK
> b. Data Encryption = AES, or TKIP

I finally got it to work using AES and WPA.

The only problem is I found articles saying to use TKIP and not AES.
http://www.microsoft.com/windowsxp/u..._03july28.mspx

Do you know if TKIP or AES is more secure?

Julie Bove <(E-Mail Removed)> hath wroth:

>On Sat, 09 Jun 2007 20:00:44 GMT, Julie Bove wrote:
>> I am hooking up my first wireless PC at home and I am confused about which
>> matching settings to use on the wireless router and the wireless PC.
>>
>> HERE ARE THE AVAILABLE WIRELESS ROUTER OPTIONS:
>> a. Security Mode = Disabled, WPA Personal, WPA Enterprise, WPA2 Personal,
>> WPA2 Enterprise, Radius, or WEP
>> b. WPA Algorithms = AES, TKIP, or TKIP+AES
>>
>> HERE ARE THE AVAILABLE WINDOWS WIRELESS PC OPTIONS:
>> a. Network Authentication = Open, Shared, WPA, or WPA-PSK
>> b. Data Encryption = AES, or TKIP

>I finally got it to work using AES and WPA.
>
>The only problem is I found articles saying to use TKIP and not AES.
>http://www.microsoft.com/windowsxp/u..._03july28.mspx

That article is old and from 2003. MS has since then added WPA2
support to XP. See:
<http://support.microsoft.com/kb/893357>

However, I prefer TKIP because I've had some odd problems with AES.
Most AES implimentations are in hardware. I keep blundering into a
few odd "drivers" that have implimented AES encryption in software
which slows things down considerably. At this time, a long (>20 char)
pass phrase, with no dictionary words included, is quite safe with
TKIP. However, if you have reasonably modern hardware, I wouldn't
worry about it and stay with AES.

>Do you know if TKIP or AES is more secure?

WPA2 with AES encryption is more secure from decryption than TKIP.

For the best currently available, you'll need a RADIUS server, which
delivers user and session unique random WPA encryption keys. This
eliminates the potential for leaking a shared key. Note that it's
quite easy for an evil hacker (like me) to extract a shared key
directly from your PC.
<http://www.wirelessdefence.org/Contents/Aircrack-ng_WinWzcook.htm>


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On Sat, 09 Jun 2007 16:27:29 -0700, Jeff Liebermann wrote:

> That article is old and from 2003. MS has since then added WPA2
> support to XP. See:
> <http://support.microsoft.com/kb/893357>

I'm confused. I have my Windows XP set to update everything so I SHOULD
have that WPA2 update from Microsoft at
http://support.microsoft.com/kb/893357 but I DO NOT SEE WPA2 as an option
in my "wireless zero" interface.

All I see are options for "Open", "Shared", "WPA", & "WPA-PSK".

Do you know if WPA-PSK is the same as WPA2 or are they different?

On Sat, 09 Jun 2007 16:27:29 -0700, Jeff Liebermann wrote:

> For the best currently available, you'll need a RADIUS server, it's
> quite easy for an evil hacker (like me) to extract a shared key
> directly from your PC.
> <http://www.wirelessdefence.org/Contents/Aircrack-ng_WinWzcook.htm>

Oh my! And I live just north of Santa Cruz besides! I noticed that my
router, a linksys wrt54g, has the capability of that thing which you call
"radius".

How do I know if my Windows XP SP2 can support the radius method?

"Julie Bove" <(E-Mail Removed)> wrote in message
news:SlHai.26555$(E-Mail Removed). net...
> On Sat, 09 Jun 2007 16:27:29 -0700, Jeff Liebermann wrote:
>
>> That article is old and from 2003. MS has since then added WPA2
>> support to XP. See:
>> <http://support.microsoft.com/kb/893357>
>
> I'm confused. I have my Windows XP set to update everything so I SHOULD
> have that WPA2 update from Microsoft at
> http://support.microsoft.com/kb/893357 but I DO NOT SEE WPA2 as an option
> in my "wireless zero" interface.
>
> All I see are options for "Open", "Shared", "WPA", & "WPA-PSK".
>
> Do you know if WPA-PSK is the same as WPA2 or are they different?

You have to match the router settings with your own computer network
hardware settings. Does your wireless NIC support WPA2? You can only use
the higher of the settings that both peices of hardware(router and NIC)
support. In other words even though the router might support WPA2 + AES the
wireless network card in your computer might only support WPA-PSK, etc. If
your network card is much older it might only support WEP.

Julie Bove <(E-Mail Removed)> hath wroth:

>On Sat, 09 Jun 2007 16:27:29 -0700, Jeff Liebermann wrote:
>
>> That article is old and from 2003. MS has since then added WPA2
>> support to XP. See:
>> <http://support.microsoft.com/kb/893357>
>
>I'm confused. I have my Windows XP set to update everything so I SHOULD
>have that WPA2 update from Microsoft at
>http://support.microsoft.com/kb/893357 but I DO NOT SEE WPA2 as an option
>in my "wireless zero" interface.

You probably already have this update. Download and install Belarc
Advisor:
<http://www.belarc.com>
It will supply a list of updates, supplements, bug fixed, debris,
junk, and other stuff that Microsoft installs. It's quite a list. It
also marks what's missing and what failed to install. Also, a list of
every piece of hardware, and every software package and version. Very
handy.

>All I see are options for "Open", "Shared", "WPA", & "WPA-PSK".

Well, maybe you don't have the supplement installed. See:
<http://www.microsoft.com/windowsxp/using/security/expert/bowman_wirelesssecurity.mspx>
<http://support.microsoft.com/?id=893357>

>Do you know if WPA-PSK is the same as WPA2 or are they different?

Very different. You're also mixing a few things.

WPA is a temporary kludge thrown together by the Wi-Fi Alliance in an
attempt to do damage control after the WEP fiasco. The encryption is
TKIP/MIC/PPK/IV. The IEEE then adopted the standard as IEEE-802.11i
also known as WPA2. They then threw in a mess of authentication
protocols. AES/CCMP encryption was adopted for WPA2.

This might help fill in some of the details:
<http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/netqa0900aecd801e3e59.html>
The bottom line is that they're similar in function, but quite
different in implementation.

Ignoring authentication, the relevant combinations available in your
Linksys WRT54G are:
WPA-PSK or WPA-Personal
WPA-RADIUS or WPA-Enterprise
WPA2-PSK
WPA2-RADIUS

You probably won't be using the RADIUS server versions unless you have
an external RADIUS server to handle logins, passwords, and encryption
keys. So, that leaves WPA-PSK (pre-shared key) and WPA2-PSK. Your
choice.

Just to confuse things, the many router firmware implimentations have
an automatic setting for WPA, where it will automagically select
either TKIP or AES encryption, depending on the capeabilities of the
client. It's usually called "WPA2-PSK Mixed" or "WPA-RADIUS Mixed".
This way, you don't have to select one or the other. The router will
work with any of the WPA or WPA2 mutations. You didn't specify your
WRT54G hardware version or firmware version, so I can't check if yours
offers this selection.

A RADIUS server would be nice, but overkill for the typical home user
as it involves either a replacement router, or another box that's on
24 hours per day.

As for authentication protocols, that's usually handled by the client
computah. See:
<http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol>
for a large shopping list.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On Sat, 09 Jun 2007 18:54:25 -0700, Jeff Liebermann wrote:

> So, that leaves WPA-PSK (pre-shared key) and WPA2-PSK.
> Your choice.

Oh my. I THOUGHT I had all the latest windows xp patches but I didn't have
the Microsoft KB 893357 WPA2/WPA2-PSK additive patch you had suggested.
http://support.microsoft.com/kb/893357

This Microsoft KB893357 patch added TWO new options to my wireless zero
control panel (WPA2, & WPA2-PSK) so now my options are more even.

HERE ARE THE AVAILABLE WIRELESS ROUTER OPTIONS:
a. Security Mode = Disabled, WPA Personal, WPA Enterprise, WPA2 Personal,
WPA2 Enterprise, Radius, or WEP
b. WPA Algorithms = AES, TKIP, or TKIP+AES

HERE ARE THE NEWLY AVAILABLE WINDOWS WIRELESS PC OPTIONS:
a. Network Authentication = Open, Shared, WPA, WPA-PSK, WPA2, or WPA2-PSK
b. Data Encryption = AES, or TKIP

So I think I'll go with:
ROUTER: WPA2 Personal
WINDOWS: WPA2-PSK

The only problem left is that I'm assuming "WPA2 Personal" is the same as
"WPA2-PSK". Is it?

On Sat, 9 Jun 2007 20:47:18 -0500, Jbob wrote:

> You have to match the router settings with your own computer network
> hardware settings. Does your wireless NIC support WPA2?

After installing the Microsoft patch http://support.microsoft.com/kb/893357
the WINDOWS wireless NIC now supports WPA2 & WPA2-PSK.

The ROUTER supported WPA2-Personal & WPA2-Enterprise.

Can I now match the WINDOWS "WPA2-PSK" with the ROUTER "WPA2-Enterprise"?

I am thoroughly confused.

Julie

Jeff Liebermann wrote:

> That article is old and from 2003. MS has since then added WPA2
> support to XP. See:
> <http://support.microsoft.com/kb/893357>
>
kb893357 has been replaced by kb917021 if you have XP SP2
http://support.microsoft.com/?kbid=917021

This is also linked to in this page:-
http://www.microsoft.com/technet/net...fi/wrlsxp.mspx

"Wireless Client Update for Windows XP with Service Pack 2"