Implement WPA2-Personal wireless security on a Windows XP SP2-based computer
Published: August 29, 2005 | Updated: May 17, 2007
Wi-Fi Protected Access version 2 (WPA2) is the latest version of security for wireless networks. It's more secure than Wired Equivalent Privacy (WEP) and easy to set up using the features built into Microsoft Windows XP Service Pack 2 (SP2).
In addition to the update for Windows XP SP2, you need two components:
| • | A router or access point that supports WPA2-Personal |
| • | A wireless card with firmware and drivers that support WPA2-Personal A list of WPA2 certified products is available at the following web location: |
In this column, I explain how to:
| • | Verify or install the WPA2 upgrade for Windows XP SP2 |
| • | Find or upgrade a router or access point to support WPA2 |
| • | Install WPA2 driver support for a wireless notebook PC card |
| • | Install new WPA2 drivers for internal notebook cards |
| • | Use external USB wireless adapters that support WPA2 |
| • | Get help with WPA2 |
Install the WPA2 update for Windows XP SP2
Microsoft has released an update for Windows XP SP2 that provides operating system support for WPA2. You may have already installed this update. To see if it is installed, perform the following steps:
1. | Click Start, click Control Panel, and then click Add or Remove Programs. |
2. | If the Show Updates check box is not selected, select it to turn on this setting. |
3. | Scroll to Windows XP Hot fix KB893357. |
4. | If this update doesn't appear in the list, download KB 893357 and install the update to turn on WPA2 functionality. |
WPA2-Personal is backwards compatible with the original WPA. Routers and access points may have selectable settings for WPA2-Personal only or a mixed mode, which means that you can run both WPA2- and WPA-capable wireless devices on the same network. Most users need to select a mixed setting if they have computers or devices that are not WPA2-Personal compliant. Computers equipped with WPA2-Personal–capable wireless cards will use the stronger WPA2 Advanced Encryption Standard (AES) encryption, while WPA only–capable devices will fall back to WPA.
Note: If you're using an older version of Windows on other computers on your network and use wireless network cards, you need a new or updated third-party supplicant (that is, a special kind of driver application) to provide support for the new standard.
Upgrade your router or access point to offer WPA2 support
Not all residential routers are capable of supporting the WPA2 standard. For this support, a separate chip that handles AES in hardware is required, and the processor must be fast enough to handle the load. In addition, finding firmware upgrades for existing residential gateways/routers that support WPA2 is difficult, even though WPA2 was finalized in September 2004. In general, WPA2 support is far too slow in arriving for residential users. Forum posts to the Windows XP wireless networking newsgroup and to the equipment support vendor forums on Web sites such as DSL Reports demonstrate that residential users are actively looking for WPA2 support for routers and access points. However, by most reports, they are not finding upgrades readily available.
I was pleasantly surprised to find that firmware (Version 1.3) that has been available since April and already applied on the D-Link Gamer Lounge DGL-4300 wireless router supports WPA2-Personal. While the Wi-Fi Alliance has not yet certified this device, I am glad to see the beginning of support for WPA2 in a residential router.
If you have this router model and want to turn on WPA2-Personal, simply select WPA2 from the Gamer Lounge list.
Turn on WPA2 for the DGL-4300.
When I asked D-Link for information on other available WPA2-Personal products, they provided me with a fully WPA2-certified DWL-3200AP. This access point supports the full range of WPA2 options, both Enterprise and Personal.
WPA2 options for the DWL-3200AP.
I've been running the DWL-3200AP in WPA2-PSK mode on my network, and it has been performing well. While you won't find this particular access point on the shelves in retail outlets, stores such as Circuit City are distributing them by mail order from their Web sites. If you're running a home office or are a high-end residential user, I recommend this access point because it has a "guest mode" that employs wireless virtual LAN (VLAN) technology. With this technology, you can set up a separate, non-encrypted service set identifier (SSID) on the same device that is totally isolated from your own network.
While chasing down possible firmware updates for other D-Link routers, I found updates that turned on WPA2-Personal for hardware designed for use in the United Kingdom and Canada.
Important: I am not advocating that anyone apply an update not designed for the country in which the device is being used. Applying such an update will typically render your warranty void.
If you live in the UK and own a DI-624 Rev C router, download the 2.53 (or later) firmware from ftp://ftp.dlink.co.uk/di_broadband_gateways/DI-624_rev_cx/ to turn on WPA2 support. If you live in Canada, visit the Canadian support page for the DI-624 Rev C router and download the 2.53 WPA2-enabling firmware.
Install an updated wireless card driver that enables WPA2-Personal support for an external PC card
If you have a client wireless card with WPA2-capable firmware and WPA2 drivers, after installing the update and restarting your computer, Wireless Zero Configuration (WZC) displays a WPA2 designation when you View available wireless networks. The figure below shows two wireless networks with WPA2 capabilities.
Two WPA2-secured networks in range.
You make a connection to a WPA2-secured network using the same steps as for a WPA-secured network:
1. | Select the network you want to access. |
2. | Click Connect. |
3. | In the dialog box that appears, type the WPA-Personal pass phrase in the Network Key and Confirm network key text boxes, then select the Connect option. The connection should be made automatically. |
Wireless network client card vendors are not making it easy to find updated drivers that support WPA2. In many cases, release notes for drivers that do support WPA2 don't explicitly mention this new feature. I have several D-Link 802.11g and a/g wireless PC cards that I use on my portable computers, including:
| • | DWL-G650 Rev B1 |
| • | DWL-G650 Rev B5 |
| • | DWL-G680 Rev A1 |
| • | DWL-AG660 Rev A1 |
I had to hunt for drivers on the D-Link US FTP site. Fortunately, I found exactly what I needed at ftp://ftp.dlink.com/Wireless/dwlg520_revB/Drivers in the file called dwlg520_revB3_drivers_318.zip.
Tip: Read the information in the .inf file to determine which cards might be supported.
During installation for the DWL-G650 B1/B5 cards, I had to explicitly override a Windows message that the driver was not designed for this (Rev B) hardware, although it has the same chipset as Rev C. Because Windows XP automatically sets a restore point when a non-explicitly supported driver is installed, I had a back-out plan. All four wireless cards now have full WPA2-Personal support.
The driver supports multiple D-Link cards. If you have one of these cards and a WPA2-capable router or access point, you may want to download and install this driver. A section from the .inf file that shows all supported wireless devices is below.
G650.DeviceDesc = "D-Link AirPlus DWL-G650 Wireless Cardbus Adapter(rev.C)"
G520.DeviceDesc = "D-Link AirPlus DWL-G520 Wireless PCI Adapter(rev.B)"
AG530.DeviceDesc = "D-Link AirPremier DWL-AG530 Wireless PCI Adapter"
AG530B.DeviceDesc = "D-Link AirPremier AG DWL-AG530 Wireless PCI Adapter"
AG660.DeviceDesc = "D-Link AirPremier DWL-AG660 Wireless Cardbus Adapter"
AG660B.DeviceDesc = "D-Link AirPremier AG DWL-AG660 Wireless Cardbus Adapter"
G510.DeviceDesc = "D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.B)"
G630.DeviceDesc = "D-Link AirPlus G DWL-G630 Wireless Cardbus Adapter(rev.D)"
G680.DeviceDesc = "D-Link AirPremier DWL-G680 Wireless Cardbus Adapter"
G550.DeviceDesc = "D-Link AirPremier DWL-G550 Wireless PCI Adapter"
G520P.DeviceDesc = "D-Link AirPlus G DWL-G520+A Wireless PCI Adapter"
G650P.DeviceDesc = "D-Link AirPlus G DWL-G650+A Wireless Cardbus Adapter"
Install an updated driver to provide WPA2 support for an internal notebook mini-PCI wireless adapter
I use the D-Link DWL-AG660 in my IBM ThinkPad T40p portable computer because the built-in mini-PCI card wireless adapter is 802.11a/b compliant rather than 802.11a/g compliant, and I run all my 802.11g networks in a G-only mode that does not allow 802.11b only devices to connect. I periodically check the ThinkPad driver page for updates but had not seen any new wireless driver release notes that specifically referred to support for WPA2. However, WPA2 support is present in the latest universal driver for various ThinkPad portable computers.
Tip: I've always ignored the suggestion to use IBM's utility to manage the built-in wireless technology and used the WZC service.
For my Dell Lattitude D600 portable computer, I found new drivers on the Dell support site that supported most of the Broadcom chip-based internal mini-PCI cards. Again, the release notes did not explicitly mention WPA2 support, but after installing the driver and restarting my computer, I was able to see and connect to WPA2-enabled networks.
Add an external USB 2.0 wireless adapter with support for WPA2
I have a new Media Center computer in my living room. This small computer has no available internal expansion slots but plenty of available USB 2.0 ports. D-Link sent me an engineering sample of a DWL-AG132 wireless adapter that adds support for 802.11a and came with a recent set of drivers. When I examined the .inf file, I found support for other models, including the DWL-G132 that I had. I removed the drivers and utility that I'd previously installed for this wireless adapter, and then installed those provided for the DWL-AG132. Now, I have rock-solid WPA2-Personal connectivity.
Discuss WPA2-Personal in the Windows XP newsgroups
With a little detective work and new wireless adapters from D-Link Systems, I’ve turned on WPA2-Personal on all my portable and desktop computers. You may be able to do the same. If you’re looking for assistance with WPA2 and your Windows XP SP2–based computers, post a message in the Windows wireless networking newsgroup. See you there!
 | Barb Bowman enjoys sharing her own experiences and insights into today's leading edge technologies. She is a product development manager for Comcast High-Speed Internet, but her views here are strictly personal.
|
