Securing Networks with WPA-PSK and WPA2-PSK

The simplest method of securing your network using the WPA or WPA2 standard is with the use of Pre-Shared Key (PSK) Authentication (called WPA-PSK and WPA2-PSK, respectively). Using WPA in this manner is similar to using Wired Equivalent Privacy (WEP), but you get the added benefit of the security advancements in WPA and 802.11i, including stronger authentication and better encryption algorithms.

Related: Secure Your Wireless Network

To use WPA-PSK or WPA2-PSK for your wireless network, you must first have an Access Point (AP) that supports one or both of the standards. Many APs now include support for both simultaneously, which is useful if you have a mixture of wireless clients. Some high-end APs even support the simultaneous use of WPA, WPA2, and WEP. Follow the instructions that came with your AP to set the Service Set Identifier (SSID—the identity of the wireless network), select WPA or WPA2 or both as appropriate, and enter the pre-shared key. Select a key that is strong and not easily guessed by a rogue wireless client .

After you configure the AP, I recommend you use a single laptop or desktop wireless client to test connectivity. First, ensure that the wireless client supports WPA or WPA2. You do this by opening Control Panel, Network Connections, and right-clicking a wireless network adapter. Select Properties from the menu and select the Wireless Networks tab. Try to find your network by clicking the View Wireless Networks button, or you can click Add to manually add your network. Figure A shows the WPA-PSK configuration for a new network.

Although you can use Group Policy to distribute WPA-PSK and WPA-PSK2 settings to wireless network clients, you can't use it to distribute shared keys. Nor do I recommend that you give the pre-shared key to users to enter themselves. Instead, you can use the Wireless Network Setup Wizard from Control Panel to record your wireless network settings and configure other wireless network clients.

When you launch the wizard, you'll see two task options: Set up a new wireless network and Add new computers or devices to network . Select the option to add new computers and click Next. Select Use a USB flash drive (recommended) and click Next. Insert a flash drive into a USB port on your computer and select it from the Flash drive drop-down list once it is discovered, then click Next. Your wireless settings and a small utility program are copied to the flash drive, and the drive is configured to autorun the utility each time it's inserted into a machine. Disconnect the flash drive and insert it into each of your wireless clients (you must log on as the user who will use the machine first). Alternatively, if your users are mixed wired and wireless network users, you can copy the program (setupSNK.exe) and the folder smrtntky and its contents to a shared folder. Then configure a logon script to map the folder to a drive letter on the user's machine and run setupSNK.exe.

Related: Wireless Controller to Manage Access Points?

After you run the program, you can disconnect machines from the wired network and access your wireless network. A note of caution: The pre-shared key is stored in plain text in two files in the smrtntky folder. Don't lose the flash device, and I recommend that you physically destroy it once you finish configuring your wireless clients. It's very easy to read the deleted contents of flash drives, and they're difficult to wipe properly. If you create a logon script to configure your wireless network clients, ensure that you delete the files and remove the logon script after configuring your clients.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.