WSEC Lab 3 Wireless encryption and testing Student _________________________________
The purpose of this Lab is to configure data encryption on a WLAN. This is used to encrypt data sent across the AP – WLAN link (to/from WLAN clients). The client/AP link will then be tested to determine whether the encryption will prevent unauthorized WLAN access.
1. Minimally two PCs.
· Infrastructure LAN PC #1 with ethernet NIC configured, and connected to the router/switch.
· WLAN Laptop PC #2 (WINXP) with Cisco 350 Series WNIC and ACU installed.
More PCs are suggested so that all students can fully participate simultaneously. Laptops recommended.
1. The 40 bit KEY 0123456789 (Hex) will be used. 10 hex characters X 4bits/char = 40 bits.
2. For practice create three valid 40 bit hex KEYS here: _____________________ ______________________________ ______________________________
3. Is 297af013bC a valid KEY? Explain ____________________________________
4. Is 9ADE175G14 a valid KEY? Explain ___________________________________
5. Turn on all PCs, router/switch, and AP. Use configurations of Lab 5 (BSS infrastructure mode). Allow a minute for the system to stabilize. Check that WLAN laptop (PC #2) is associated to the AP and that it communicates with the LAN (PC #1) via the router/switch. Troubleshoot any problems.
6. Direct the browser of PC #1 to the IP address of the router/switch (http://192.168.1.1) to open the router’s setup page. Logon. Open the DHCP tab and the DHCP table to obtain the IP address of the AP.
7. Write the IP address here: _____________________________
8. Now direct the browser on PC #1 to the IP address of the AP and open the Management Pages:
· Set the Configuration Server Protocol to “DHCP”
· Set the Role in Radio Network to “ROOT Access Point”.
· Set the AP RF power level to “100mW”.
· Set the SSID to ENT-116A
· Set the Allow Broadcast SSID to Associate to “NO”
· Set Radio Channel to “11” with “NO” to Search for less-congested Radio Channel.
· All other settings should be in the default state
9. Now open “Setup” Management page, then “Security”, and finally “Radio Data Encryption ” page.
10. Select the following settings:
· FULL ENCRYPTION (clients must use WEP to communicate with the AP)
· KEY Size of 64 bits (actually 40 bit encryption plus overhead)
· Enter for KEY 1 the hex string 0123456789
11. Click “APPLY”, then “OK”. AP is now set for encryption.
PART 3. Configuring the WLAN Client for Encryption.
12. Open “Wireless Network Connection” on the WLAN laptop (PC#2). Open “Wireless Network Connection (2) Properties”, then open the “Wireless Networks” tab.
13. Click on “ENT-116A” as available network. Click on “Properties”.
14. Make the following settings:
· This network requires a key for the following Data Encryption
· Network KEY 0123456789
· KEY Format Hexadecimal digits
· KEY Length 40 bits (10 digits)
15. Click “OK” twice to exit. Close the Wireless Network windows. Encryption is now configured on the client.
PART 4. Testing of Encryption
16. Open the ACU on the WLAN laptop. You should see that the AP has associated to the laptop. If not, make sure that “Allow windows to configure my wireless network settings” has been selected in the ACU Profile Manager. Open “Status” tab of ACU and confirm that there is good RF signal between the AP and the laptop. What is the S/N ratio? _______________. What is the data rate? _________________. Authentication type is listed as what? _________________________. Has encryption been enabled? ____________
17. Direct the browser of the WLAN laptop to the IP address of the router’s ethernet interface. Logon. Does the router setup page appear? ________. If not troubleshoot. This insures that data is flowing from laptop via AP to router/switch of the infrastructure LAN.
18. Now we will change the KEY on the WLAN laptop without changing the AP’s KEY. This simulates unauthorized attempted access. Repeat steps 12, and 13. Repeat step 14 but substitute the KEY 0012345678. Perform step 15 again.
19. Open the ACU on the WLAN laptop. Has the AP associated the laptop? ____ Explain. ______________________________________________________________________
20. Repeat step 17. Can you reach the router? ________. Explain ______________________________________________________________________________________________________________________________________________
21. Change the WLAN laptop’s KEY back to 0123456789 and confirm proper operation. Practice configuration on both AP and clients until you are fluent.
22. Does the encryption prevent unauthorized access in this situation? ____. Explain ______________________________________________________________________________________________________________________________________________
23. Is the WEP encryption utilized a “full-proof” security measure that will prevent access from knowledgeable hackers with plenty of access to the RF data transmissions? ______. Explain. What is the best encryption available currently for WSEC? ____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________