4. Sniff Out WiFi Hotspots
The centerpiece of Windows' built-in wireless networking is the "Connect to a network" window shown in Figure 8, which basically serves as a WiFi sniffer.
To display the "Connect to a network" window, open the Start menu and click Connect To (if it's there). Or, click the network icon to the right of the notification area (tray) and then click the Connect to a network link. Or, if you're in Control Panel, open the Network and Sharing Center, and click the Connect to a network
link on the Tasks pane on the left side. (Note that this window is not
needed at all if you're connecting your PC to a network with a cable.) |
|
A
WiFi sniffer is a program (or device) that scans for and lists the WiFi
networks within range.
Just highlight an entry in the list and click Connect. Now, if a network is identified as a Security-enabled network,
you'll need its encryption passphrase or key to connect to it. Provided
it's your own network, you can just paste the passphrase from step 13; otherwise, you'll have to get it from the
administrator of that particular hotspot. Naturally, you won't need a
key for non-encrypted networks, only the patience to click through the
security warning Vista displays every time you try.
If you connect successfully, Vista will give you the opportunity to Save this network. To see a list of saved networks, open the Manage Wireless Networks window. |
|
Things
are a little different if you've disabled your router's SSID broadcast
option. For one, your WiFi network will either show up as Unnamed Network
in the sniffer window, or it won't show up at all. But more
importantly, you may have to go a different route to connect to your
hidden network (particularly if there's more than one "unnamed" network
in range).
On the "Connect to a network" page, click the Set up a connection or network link on the bottom. Then, select Manually connect to a wireless network in the list, and click Next to open the page shown in Figure 9.
In the Network name field, type the SSID exactly as it appears in your router setup page, and then choose the Security type (e.g., WEP, WPA2) that matches the one used by your router.
Next comes the encryption key or passphrase. Now, despite the fact that it clearly says Passphrase
here, Windows Vista will only accept a passphrase if you're using WPA
or WPA2 encryption; with WEP, you're only allowed to type the formal 10-
or 26-digit WEP encryption key in the Security Key/Passphrase field.
Below, turn on the Start this connection automatically
option, and then pause while you try to figure out what Microsoft means
when it warns you that "Your computer's privacy might be at risk" if
you turn on the Connect even if the network is not broadcasting option.
Give
up? It turns out that Microsoft's stated position—one not explained
anywhere on this window, but rather only published online at http://www.microsoft.com/technet/network/wifi/hiddennet.mspx—is that if you turn off your router's SSID broadcast feature, bad things can happen.
It
works like this: when connecting to a normal, broadcasting network,
Windows waits until it sees a network you've already set up before it
attempts to connect. But when you turn off SSID broadcast to hide your wireless network, Windows continually
sends out a signal with the hidden SSID until it finds your network.
And as you may have guessed, someone wrote a program that "listens" for a
PC that's trying to connect to a hidden network and records any SSIDs
it encounters.
Now, in
order for someone to discover your network's hidden SSID, the hacker
must be within range of your PC when it's on, and listening at the
moment it attempts to connect to your wireless network. If you're
already connected at home or if you're surfing the Web at the coffee
shop, Windows won't send out any signals. But more importantly, if
someone discovers your SSID, she still won't be able to connect to your
network as long as you've enabled encryption. As it is, a hidden SSID
won't adequately protect your network if it's the sole security measure,
and that's what Microsoft means by its vague warning.
The aforementioned Connect even if the network is not broadcasting
option is a new feature in Windows Vista. If you have any older PCs on
your network running, say, Windows XP, there is no such option unless
you install the Wireless Client Update at http://support.microsoft.com/?kbid=917021. |
|
So, to connect to your home network with a hidden SSID, you have four choices:
Take Microsoft's advice and configure your wireless router to broadcast its SSID. Rely on encryption, and authentication, to protect your privacy. Then, connect to your network as described earlier in this section.
Turn off your router's SSID Broadcast setting and enable the Connect even if the network is not broadcasting
option. This way, your PC will automatically connect to your hidden
network whenever it's in range, but you'll run the risk of exposing your
"secret" SSID. If you do this, make sure you encrypt your network and
that you employ authentication in full force.
Turn off your router's SSID Broadcast setting, but don't use the Connect even if the network is not broadcasting option. But beware: it's a trap!
Here's
the problem: since your network is not broadcasting, Windows won't ever
connect to it automatically. So, you need to connect by hand, but how?
When you click Next
on this page, Vista saves the network you've just set up in the Manage
Wireless Networks window (discussed in the next section), but there's no
Connect button
there. Don't try using the "Manually connect to a wireless network"
window either, as it'll just ask you to set up another new network. And
since your network isn't broadcasting, it won't show up in the "Connect
to a network" window, at least not yet.
The solution is to wait. Eventually,
the "Connect to a network" window will list your hidden network,
assuming it's in range. (It knows when it's in range, by the way,
because it continually polls the airwaves for the network, using the
process described earlier in this section that supposedly compromises
your privacy.) If you don't see your new network entry after a few
minutes, close all open network windows and then reopen the "Connect to a
network" window; if that doesn't help, restart Windows and try again.
If your hidden network entry never shows up, you'll need to either turn on the SSID Broadcast option in your router (the first bullet point in this list) or use the Connect even if the network is not broadcasting option (the second bullet point).
Your
final option is to abandon wireless altogether and use a cable. Cables
are a pain, but intruders won't be able to break into your wireless-less
network without cables of their own. And that's about as secure as it
gets.
Back on Earth, or more specifically, the "Manually connect to a wireless network" window, click Next when you're done toiling with these settings. If you see a message at this point that reads, "A network called xxx already exists. Otherwise, Vista should tell you that it has "successfully added" your network.
If you used the Start this connection automatically option on the last page, Vista should be connecting as you read these words, and you can just click Close here. Otherwise, click Connect to to return to the "Connect to a network" window, select your new network, and click Connect. Of course, if it's a hidden network as described earlier, it won't show up there, so you'll have to click Change connection settings and then turn on the Connect even if the network is not broadcasting option in order to connect.
