Connecting to Wireless LAN using Win XP

Now we can start to configure your Windows XP.

I. To configure your builtin wireless LAN card:

1. On Start Menu , click Connect To and then Show all connections

2. Then you will see the screen as shown on left. Right click Wireless Network Connection and select
Properties

II. Click Wireless Networks tab and then click Advanced, deselect
Automatically connect to non-preferred networks and click Close.

and then click Add... in Preferred networks.

III. Fill in the name alumninet in the field Network name (SSID) and select
Disabled in Data Encryption

Click OK. If the network can be found, the status of the builtin wireless LAN card
show Connected and you can try to configure VPN. If you notice that you are
connected to network other than alumninet, please disable Wireless Network
Connection and enable again.
IV. Make a VPN New Connection using Internet Protocol Security (IPSec)
1. On Start Menu , click Connect To and then Show all connections

2. Then you will see the screen as shown on left. Click Create a new connection on the left.

V. After the Internet Connection Wizard started up, click next. Then choose the
option Connect to the network at my workplace in the screen as shown below.
Then press Next
 <>

VI. Choose Virtual Private Network connection. Click the Next button.

VI. Enter a name for this connection: Alumni Wireless VPN

VII. If your computer has set up another connection, then this step as shown
below may appear. (Only part of the users face this step.)

Choose Do not dial the initial connection. Click the Nextbutton.

VIII. Input the name vpn-wlan.alumni.cuhk.edu.hk to the field of Host

Name or IP address. Click the Next button.
IX. Check the option at the bottom of the dialog to add a short-cut on desktop.
Click the Finish button.

Connect VPN dialog box will appear. Click Properties and edit according to the
followings steps.

X. Edit a VPN Connection using Internet Protocol Security (IPSec). In the

Security tab of the Properties dialog box for the VPN connection, choose
Advanced (custom settings) and click Settings.
XI. For Data encryption, choose Require encryption(disconnect if server
declines). And choose Allow these protocols for Logon security. Check
Unencrypted password (PAP), Microsoft CHAP (MS-CHAP) and Microsoft
CHAP Version 2 (MS-CHAP v2). Then click OK button to finish the setting.

XII. Click IPSecSettings button. Choose Use pre-shared key for

authentication and enter ipsec-vpn. Then click OK to finish.
XIII. Click Networking tab. Under the Type of VPN, choose L2TP IPSec
VPN. Then press OK to finish it.

XIV. Now you can connect the Alumni Wireless LAN by double click the VPN
icon in the Network Connections Folder. Input your Alumni Internet e-mail
address and password in the dialog box. Click OK to connect.
If your computer connects to the network successfully, a message showing VPN
is now connected will be prompted in the system tray of the bottom-right-hand
corner. Click the cross to close it.

Do it
Once you have a business plan in place that defines how you
want to add wireless networking capabilities to your office, you
can begin setting up your wireless network. It's easier than you
might think.

Tip: Wireless networks require some sort of wired connection

to the internet. Before you put your wireless network in place,
be sure you have a T-1, DSL (digital subscriber line) cable or
broadband connection in place in your office.

Step 1: Equip yourself

A wireless LAN essentially consists of two main components:
wireless-enabled devices (integrated or add-in cards for desktop
and notebook PCs and handheld devices) and wireless access
points (or routers). Before you can set up your wireless network,
you should acquire at least one wireless access point.
Note: Most wireless access points can pick up signals within 150
feet or more, although many factors, such as dense walls and
furniture, can reduce the actual range. You might need two or
more access points if your office space is very large.
Then, be sure that every user who will connect to the network has
a wireless-enabled device. In addition, you must also take proper
security precautions against open access and unauthorized
usage (as discussed in the Use it section).

Step 2: Configure your wireless

LAN
Install the access point.
Connect the access point to your wired LAN with an Ethernet
cable. Use the software that ships with the access point to assign
an appropriate network name and an encryption key.
More information
Make sure you turn on and properly configure your access point
security settings so your internal network and the data that flows
across it are inaccessible by the rest of the world. The Use it
section provides more detail on how to use different wireless
security tools to secure your network.

Activate the connections.

Next, turn on the access point, activate the wireless connections
for your devices and verify that they're all transmitting a wireless
signal.

Review your user manual to find out how to be certain your

wireless connections are on and transmitting.

• On HP notebooks, a small blue light next to the wireless

icon at the top of the keyboard is on when the notebook's
wireless connection is operating.
• If you have problems making your wireless connection,
review the tips in your computer or handheld device's
wireless connection troubleshooting guide.

Connect a Windows notebook or desktop PC to

the network.
To make a wireless connection from a desktop or notebook PC
running Windows Vista, select Start > Connect To. The Connect
to a network dialog box appears. Click the Set up a connection
or network link and follow the prompts.
To make a wireless connection from a desktop or notebook PC
running Windows XP, select Start > Control Panel > Network
Connections, and then click the Wireless Network Connection
icon to open the Wireless Network Connection dialog box. Follow
the prompts to connect to the wireless network.

Connect other devices to the network.

Other devices, such as printers and PDAs, use different methods
to make a wireless connection. Review your manual for specific
instructions on how to connect each one.
If you don't have a wireless printer, most ordinary printers
manufactured within the last year work well with wireless print
servers. Just connect the printer to the wireless print server with a
USB (Universal Serial Bus) or Ethernet cable, configure the print
server as a node on your WLAN, set up the printer's port on the
print server and then load the appropriate printer driver on the
PCs and other devices that need access to the printer.

Secure your connections.

After you install a wireless access point, you need to perform the
initial setup on the device by:
• Entering an IP (Internet Protocol) address with a port number
(usually port 80) into a web browser to access a web page.
• Issuing commands at a command prompt
The devices are usually shipped from the manufacturer with
default settings that are generally known or easily learned by the
public, so you should change these immediately:
• Default user name and password: Every boxed unit has
some or no factory-specified administrative login and
password. Change these to meet your company's
administrative policy. That way, no casual or criminal
discovery of your devices will provide an easy means for
intrusion.
• Default SSID (service set identifier): An SSID is the name
you give each router or access point in your organization. The
default name is usually specific to the manufacturer, which
you should change to be site-specific but not easily discerned
by the public. This includes eliminating any generic identifiers
that can be spoofed or imitated by attacker-controlled wireless
devices.
• Default broadcast beacons: Many wireless devices
announce their presence to the world, which can have a
significant security impact on your business. Unless you offer
an on-demand open-access wireless network, you should turn
off beacon broadcasting, at least to the outside world, even
though there are ways to still determine the SSID.
• Automatic setup or zero-configuration: Some devices
provide automatic connectivity or zero-configuration options
for users to instantly bind to those networks it detects in its
service area. Turn off this feature if your company doesn't
need it for specific reasons.
• Integrated firewall: In lieu of a proper organization-wide
firewall, use any onboard functionality related to perimeter
defense. Wireless access points and routers generally provide
this level of capability, and you should particularly be
concerned where wireless contact meets the wire.
• Product placement: Perhaps the most crucial aspect to
functionality – and to some extent, security – of a wireless
access point or router is in its placement. Keep devices well
out of reach from anyone who could change its settings or
inputs, preferably secured within an enclosure. Also keep the
devices far from outside walls and windows, whenever
possible, to prevent accidental extension of your network
beyond your building perimeters.
• Access cut-off times: You can regulate if and when wireless
access is provided to clients. If your business has no need for
Wi-Fi after closing hours, schedule periods of inactivity so the
device isn't available during those times.

Step 3: Test your setup

Once you set up your network and devices, you should test your
new wireless setup. A good test is not unlike a rehearsal for a
play – you want to make sure everything's working before you go
live. With several users and devices, work up a realistic scenario
for an exchange of data, such as email and large files over the
wireless LAN. Using link test software provided by such vendors
as Agilent Technologies, you should test for the percent of data
sent correctly, the time it takes to receive a response from the
destination device and the strength of the transmitted signal.
 Use it
Data exchange on a wireless network functions just like data
exchange on a wired network. However, because wireless
communications are transmitted through the air rather than over a
closed cable, you need to implement some wireless-specific
security measures to ensure that your wireless communications
are as secure as your wired communications. Wireless solutions
use these primary tactics to maintain network integrity:
• Encryption – WEP (at a minimum; not recommended), WPA or WPA2 encryption (highly
recommended)
• MAC address filtering
• VPN security

Encryption
Wireless products originally used the less-secure WEP (Wired
Equivalent Privacy) protocol to help protect data transmissions
from prying eyes. However, hackers quickly learned how to crack
the 40-bit WEP encryption. Although WEP 128-bit encryption is
stronger and more resistant to hacking, WEP is considered a non-
viable security solution for most environments, most critically
those with a business impact, and has been replaced by the
much stronger WPA (Wi-Fi Protected Access) protocol. WPA and
WPA2 (version 2) are available. Both are essentially built of a
complicated software algorithm that scrambles data as it's sent
and unscrambles it as soon as it's received, keeping data safe in
transit.
Tip: When you evaluate access points and wireless network
adapters, be certain that you can integrate or at least easily
upgrade to WPA/WPA2 encryption or newer standards as they
emerge.

MAC addressing
MAC (Media Access Control) address filtering restricts network
access to authorized devices by assigning each network interface
a unique hardware identification number. You can program the
network access point to communicate only with approved MAC
addresses, and it maintains these approved addresses in a
password-protected table. Any attempts to access the wireless
network by devices with unauthorized MAC addresses are
denied.
By itself, MAC address filtering doesn't adequately or fully provide
a secure network medium; it merely provides a single component
in a much larger security framework that must be consistent
throughout the network. In addition, creating the MAC address
filter list can be a time-consuming, mostly manual effort.
Therefore, consider it a complementary security solution mainly
for businesses with a relatively small number of networked
devices.
Tip: If you decide to incorporate MAC address filtering in your
security setup, enable it as soon as you set up the access point.

VPN
The best practice in wireless network security is to begin your
security efforts at the front door to the network. You can use VPN
(virtual private networking) technology to control which users
outside of your system have access to it. A VPN is like a gateway
to your network that authorized users who are on the outside (on
the road, at a client site or working from home, for example) have
to pass through before they can access any part of your network,
wired or otherwise. Before any user is granted access to your
wireless network, they should have to log on to your VPN and
pass its authentication requirements.
Organizations that enable remote access to networks almost
always use VPN for control. Because VPN technology has been
available for several years, many resources and tools are
available to help you set up VPN access. Don't view a VPN as a
barrier to a wireless network, but rather as a common component
that any network that allows outside access should include.
Combined with MAC address filtering and WPA/WPA2 or newer
wireless LAN protocols, VPN can make your wireless network
highly secure.

Takeaway: Walk through the process of setting up a WLAN network card in XP.

"I love it when things work like they're supposed to!"

That has long been my favorite little catch phrase when setting up and configuring new
IT solutions. Sadly enough, that phrase has become even more special to me because it's
so rare that I actually get to say it when working with today's technologies.

However, I was able to enthusiastically utter this phrase when configuring a wireless
LAN connection using Windows XP. As I recently wrote, the most valuable new feature
of Windows XP is the way that it seamlessly handles WLAN configuration and roaming.
Now it's time to walk you through the process of setting up a WLAN network card in XP
to prove just how intuitive it is.

Install the WLAN network card

Of course, the first thing to do is pop a WLAN network adapter into your system—and
it's still best to do this while the system is shutdown. In most cases, you'll probably be
putting a PC Card adapter into a laptop system. However, there are also PCI and USB
adapters for desktop systems.

For this example, I am installing an ORiNOCO Gold PC Card into a Dell laptop. I chose
the ORiNOCO card because it had good reviews from industry experts and buyers, and I
was happy with the choice; the card proved to have excellent range while holding a
strong signal. I highly recommend the card for corporate installs.

In my case, Windows XP was already installed on the system before I added the WLAN
network adapter, but for the purposes of this tutorial, you will achieve the same effect by
installing the WLAN card before loading Windows XP. If you had already installed a
WLAN card (and its drivers and utilities) in a previous version of Windows, and you are
now upgrading to XP, you need to watch out for a gotcha. Before upgrading to XP,
uninstall the drivers and utilities that came with the WLAN card. If you don't, then you
could run into some errors and conflicts with your WLAN configuration when you
upgrade to XP.

Verify that XP recognizes the WLAN card

Once you power on your system, Windows XP should automatically recognize your
WLAN card. (It has a vast database of WLAN adapter drivers built in.) After it is
recognized, Windows will automatically add it to the list of available interfaces in
Network Connections. To verify this:

1. Click Start | Control Panel.

2. Click Network And Internet Connections.
3. Click Network Connections.

You should then see an icon that says Wireless Network Connection. Double-click that
icon to bring up the Wireless Network Connection Status dialog box (Figure A). This
should look familiar. It's basically the same as the Local Area Connection Status dialog
box you see when you double-click on a standard Ethernet NIC, but there's one
distinction. The wireless version has a nice little graphic with green bars to show the
signal strength of your radio wave connection.

Figure A
 The WLAN status box shows the signal strength of the wireless connection.

Configuring wireless networks

When you're ready to configure your WLAN settings, click the Properties button. This
will bring up the network settings properties (Figure B) that you're probably familiar
with. They're the same as the network properties for a standard Ethernet NIC, but with
one important addition: When you are configuring a WLAN network card, you will see a
tab called Wireless Networks.

Figure B

WLAN adapters have an additional configuration tab, Wireless Networks.

Click on this tab, as we've done in Figure C. Now, you can configure your WLAN
adapter to connect to various wireless access points (WAPs).

Figure C
 The Wireless Networks tab is where you handle WLAN setup.

First, you'll need to make sure the Use Windows To Configure My Wireless Network
Settings check box is selected. (This is the default setting.) You'll notice that there are
two sections to this tab: Available Networks and Preferred Networks. In the Preferred
Networks section, you can manually set up a connection to a WAP by clicking the Add
button. You can then enter the Network Name (SSID) for the access point and set up
Wireless Encryption Privacy (WEP), as shown in Figure D.

Figure D

The Wireless Network Properties screen enables you to set up a connection to an access
point.
Another way to connect to a WAP is to click the Refresh button in the Available
Networks section. Windows will go out and look for nearby access points and give you a
list of them. Just click on the one you want to use and then click Configure. This will pull
up the same Wireless Network Properties screen that you saw in Figure D, only the
Network Name will automatically be populated. After you tinker with the settings and
click OK, the WAP will be placed on your list of Preferred Networks.

Now, when you roam to new locations (especially ones that you'll probably be returning
to later), you can simply let Available Connections find the access points, and you can
add them to your preferred networks with a few clicks. When you return to that location,
your laptop should then automatically connect you to the WAP, and you'll have network
access without having to do any special reconfiguration.

If you have multiple access points in a single location, you can add them all to your
Preferred Networks list and simply use the Move Up and Move Down buttons to
prioritize them.

There's one more setting you should be aware of on this screen, which you can access by
clicking the Advanced button. Here, you set your preference in terms of connecting to
WLANs powered by access points or connecting to peer-to-peer WLANs (basically just
connecting to other client machines that have WLAN network adapters installed). You
also have a third option of connecting to Any Available Network, which will show you
both of these categories. Obviously, in a corporate environment, you'll probably want to
rely on access points. You'll also probably want to leave the Automatically Connect To
Non-preferred Networks check box deselected.

WLAN authentication and security

Another nice feature of the Windows XP implementation of WLANs is that it has built-in
support for IEEE 802.1X security. This makes it easy to require identity verification for
WLAN adapters via a variety of standard authentication mechanisms including RADIUS,
smart cards, and certificates. This can be configured on the Authentication tab (Figure E)
of the network adapter's properties page.

Figure E

The Authentication tab makes it easy to configure 802.1X security.

It's important to note that 802.1X security is not limited to WLANs. It can be used for
standard 10/100 Ethernet connections as well.

Basic monitoring and troubleshooting

Once you make your WLAN connection, you can easily monitor the reception and
bandwidth of your connection. First, go into the properties of your WLAN network
adapter (which appears in Figure B). Then, select the Show Icon In Notification Area
When Connected check box. This will put a small icon with two computers in the System
Tray (in the lower right-hand corner of your screen). The icon will indicate when data is
being sent over this network interface by changing colors. (The little computer screens
change from navy blue to sky blue when data is moving.) When you hover your mouse
over this icon, you'll see a screen tip displaying connection information. This includes the
name of the wireless network that you are connected to (usually the WAP), the
connection speed (in Mbps), and the signal strength of your radio wave connection (from
Very Low to Excellent).

Summary
All in all, Windows XP greatly streamlines the configuration and implementation of
WLANs. In addition, it improves functionality (especially roaming) and makes it easier
to implement security features such as WEP and RADIUS. To my surprise, I even found
that the WLAN client software that's built into XP is superior to the third-party drivers
and utilities that come with WLAN cards for use in older versions of Windows. I found
that in XP, the WLAN cards have an easier time locating and holding wireless
connections, and they don't suffer from as many inconsistencies and hiccups.

I have not been a huge fan of XP. However, its WLAN implementation is the one area
where XP is head-and-shoulders above all previous versions of Windows client operating
systems. If you want to configure laptops for extensive use of WLANs, you should
definitely consider upgrading them to XP, especially if they are going to be roaming
among different access points and/or different physical locations.