That’s why I’m excited that companies are starting to offer easy-to-use Wi-Fi security services for free. The first user-friendly, industrial-strength ID-and-password system — which hasn’t even been formally announced yet — is from WiTopia, a company that’s young but is run by some very experienced network talent.
You may already own secure devices
In an article entitled “Wi-Finally” — published in the May 26, 2005, issue of the Windows Secrets Newsletter — I described the three pieces that have finally come together this year to make Wi-Fi safe to use. Let’s summarize the components you need:
• A Wi-Fi router or access point that supports the new WPA or WPA2 standard (the older, obsolete WEP standard is now considered useless);
• A Wi-Fi adapter that supports WPA and/or WPA2; and
• Wi-Fi client software that’s updated to support either standard;
If you have such a set — most of today’s “g” products and some older “b” products qualify — you’re ready to use Wi-Fi safely.
To find out which devices support or can be upgraded to the new specs, visit the Wi-Fi Alliance’s Certified Product Listing page, select the WPA or WPA2 check boxes, and run a query. To find an updated Wi-Fi client software driver or "supplicant," visit Microsoft (for Windows XP SP2) or Funk or Meetinghouse (for other Windows versions). If you need more help, see the original article.
Let good users in, keep bad people out
With the above pieces, you have a choice of two kinds of secure encryption:
• WPA uses a method of encryption called TKIP, which almost all "g" products are capable of supporting.
• WPA2 uses AES, an encryption standard that requires hardware support that some "g" devices don’t have.
Using either WPA or WPA2, there are two kinds of user authentication:
• WPA-Personal and WPA2-Personal use a pre-shared key (PSK). The PSK is a password, which should be at least 32 characters long and completely random, that you enter into your wireless router/access point and all of your Wi-Fi devices.
• WPA-Enterprise and WPA2-Enterprise require the entry of a valid username and password combination before wireless resources can be accessed. This rule is usually enforced by a server running so-called RADIUS software.
Almost anyone who can follow printed instructions can enter a PSK into each access point and each desktop or laptop computer that will wirelessly use it. This is called Personal Mode. The drawback to Personal Mode is that all users must be given the same PSK. When an employee is terminated, you must change the PSK in every access point and in every client device.
Companies with a number of employees who come and go should require a separate username and password for each one who uses wireless resources. This is called Enterprise Mode.
Unfortunately, setting up a RADIUS server can be a daunting task for a small business. The acronym stands for Remote Authentication Dial-In User Service. It no longer has much to do with dial-up modems but is used for all kinds of broadband and wireless connectivity. But it’s a technical challenge that few people have experience setting up.
If you’d like to configure a RADIUS server yourself, software to do so is built into Microsoft’s Internet Authentication Service (IAS) for Windows 2000 Server and Windows Server 2003.
On the other hand, if you’d like to take advantage of someone else’s work and have the benefits of full username-and-password authentication of Wi-Fi users in just 10 minutes or so, the new free service from WiTopia is probably just what you need.
Free Wi-Fi security for up to 5users
WiTopia quietly started offering its SecureMyWiFi service free of charge for home users and small business just a couple of weeks ago. The gratis level of service supports one wireless router or access point and up to five users.
If you have more devices than that, each additional access point costs a mere $10 a year. Each additional block of five users is a bargain at $5 a year ($1/yr. per user).
If you have WPA- or WPA2-capable devices, WiTopia has made it surprisingly easy to get Enterprise Mode working. You create an account online, then enter each of your username-password combinations (see image at right). To connect to your Wi-Fi signal, a user must authenticate through Witopia’s RADIUS server, which the company maintains 24/7 at its Reston, Virginia, location. You can add and subtract users and change passwords at any time.
No one without a proper username and password is able to authenticate. In addition, WiTopia supports remote MAC address filtering, granting access only to authorized users on specific laptops or desktops. Intruders, therefore, are blocked from gaining access to your Wi-Fi network.
Full Mesh Networks, a "sister company" to WiTopia, was founded in 2003 by Bill Bullock and Steve Shippa. The two entrepreneurs formerly spent more than seven years in management at UUNET, which at that time handled as many as 25 million sessions a day, making it arguably the largest RADIUS infrastructure in the world.
The WiTopia executives are making a calculated gamble that offering a free RADIUS service to individuals and small businesses will eventually produce paying customers. The no-cost service is billed as being for a limited time, and Bullock said in an interview that the offer would probably last only through the end of this year. Everyone who signs up, however, will be guaranteed free service for at least a full 12 months, he said.
For those with obsolete, non-WPA equipment, or who want the simplest possible experience, WiTopia will sell you an updated Wi-Fi router, configure it in-house, and ship it to you. For example, the site currently sells the Linksys WRT54G router for $64 and the D-Link AirPlus G Wireless Pocket Router for $70. There’s a one-time $59 charge for custom configuration.
More fun tricks withWi-Fi
WiTopia also maintains a PersonalVPN service. It’s beyond the scope of this article to explain how a virtual private network works, but think of SecureMyWiFi as protecting wireless access in your own building and PersonalVPN as protecting you when you’re using someone else’s wireless router to access your usual network remotely.
The company’s PersonalVPN formerly cost $79 per year, but during WiTopia’s current "Secure the World" promotion, it’s as low as $39.50.
Windows Secrets reader Stephen Charme recently tested PersonalVPN and HotSpotVPN1, a competing service that costs $89 per year. He and the company both confirmed that they have no business relationship other than as a customer and a provider. Here’s his report:
- "WiTopia uses OpenVPN, which you can download for free as another reader did and set up yourself. But WiTopia streamlines and simplifies the process, and more importantly, retains half of the security certificate generated, which makes it virtually impossible for someone to get your data.
"HotSpot uses PPTP while WiTopia uses SSL, which is much more secure. I used the Gibson Research Corporation’s Shields Up to test each service. HotSpotVPN showed most of the ports as closed, with a few in stealth mode, but also a few that were open. However, with WiTopia, all ports showed up in stealth mode, which is the optimum result.
"Technical support for both companies was responsive to my e-mails. WiTopia was particularly responsive to numerous e-mails that I sent when I mistakenly believed there was a glitch, when all along I had neglected to check something out that I should have. (Unknown to me, the setup wizard is in the registration file, rather than the installation file, and since I routinely ignore readme and registration files, etc., I missed it and mistakenly thought there was a problem with the software. WiTopia was very patient, and also offers a money-back guarantee.)"
For more information on WiTopia’s offerings, and its current fire sale of sharply lowered prices, visit WiTopia.net. I believe we haven’t yet seen the last startup seeking to build a customer base of Wi-Fi users by cutting its fees to the bone or positioning its services as completely free.
Reader Charme will receive a gift certificate for a book, CD, or DVD of his choice for submitting a comment that we printed.
To send us more information about the ways you’re using Wi-Fi, or to send us a tip on any other subject, visit WindowsSecrets.com/contact. Thanks in advance.
Brian Livingston is editor of the Windows Secrets Newsletter and the coauthor of Windows 2000 Secrets, Windows Me Secrets, and eight other books.