How to Attain WEP and WPA Simultaneously

First and foremost, I must give credit to one of my twitter pals, TroyBrownBBNews, without whom this post would not be possible. Without his help, I would not have gotten it to work.

So, you might be asking yourself, “Why would I want to have anything to do with WEP?” The answer is, you shouldn’t, but there are still many devices out there that have not yet made the switch to full WPA, let alone WPA2. Simply stated, much like the age-old adage about a chain and a weak link, your network can only be secured up to the level of the lowest security-enabled device. In other words, if you have a device that you must have on your network that’s highest level of encryption is WEP, the highest level of encryption you can enact would be WEP. A WEP-only device will not connect to a WPA network. For instance, and in my case, if you have a child who happens to own a Nintendo DS Lite or DSi, you understand why. For the longest time, I refused to lower my encryption for the home network to allow for online game play. However, in today’s market there are several games that cannot be fully played unless an internet connection is made available. Therein lays the conundrum. Do I lessen the level of protection, or do I deal with purchasing games that my son cannot fully enjoy (and also listen to the repeated pleas for internet connectivity)? The answer is: I can have both with a little work. And so can you. Let’s get started, shall we?

In this post we are going to discuss how to configure your home network to allow for both Wired Equivalency Protocol and Wi-Fi Protected Access on your home network. I will list everything you will need and step-by-step directions on how and why to do this. First, let’s discuss the difference between the two. The links below will take you to the corresponding Wikipedia page, which provides several points of reference for each topic.

Wired Equivalency Protocol

Wired Equivalency Protocol (a.k.a. Wired Equivalency Privacy), or WEP, is a level of encryption that was introduced in 1997 as a means to prevent unauthorized personnel from intercepting/viewing wireless communications between computers. By 2001, the integrity of WEP had been broken. There has been documentation that boasts that even a marginally experienced person using tools readily available in the internet could easily compromise a network solely protected WEP in less than 60 seconds. Not the best level of security, as you have undoubtedly ascertained.

Wi-Fi Protected Access

Wi-Fi Protected Access, or WPA, was introduced in 2003 as answer to WEP. It uses the Temporal Key Integrity Protocol (TKIP) by default as a way to encrypt packets. TKIP was a way to provide additional security to existing networks by implementing new hardware with legacy, WEP-driven security without having to replace any current hardware. It was only meant to be used in the interim between WEP and WPA2, which as introduced in 2004. TKIP is still vulnerable to a number of brute force attacks (e.g., ARP poisoning attacks or denial of service), thus so is WPA when TKIP is the chosen encryption method. However, it is still far more secure than WEP. WPA can also use the Advanced Encryption Standard, or AES, based algorithm. WPA2 uses the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol, or CCMP, by default which is an AES algorithm and is considered fully secure. Most current devices will allow WPA TKIP, but in my experience, only a handful of consumer-level products support WPA AES or WPA2. Thus, for this post, we will be using WPA and WEP.

What you will need at a minimum

  1. One WPA capable router (most current routers support WPA at a minimum)
  2. One WEP capable router
  3. One computer with a Network Interface Card (NIC)
  4. One computer with wireless capability
  5. Two straight (i.e., not crossover) network cables

WPA Router Connection

  1. Begin with your computer shut down.
  2. Connect one network cable from the NIC on the computer to one of the Local Area Network (LAN) ports on the back of the WPA router (the LAN ports are usually numbered). If you are unsure what the NIC is, just look at the back of the computer. If you find a place where the network cable will easily fit, that is the NIC.
  3. Connect the power cable from the router to the power outlet.
  4. Start up your computer and log on.
  5. Once you have successfully logged into your computer and it is fully started, open your web browser of choice and enter the IP address for your router in the address bar. One of the most complete listing of default router addresses I have been able to find is located here.

WPA Router Configuration

This will be your primary router. It will be the one that all of your devices will connect to, save for those that only have WEP. You should configure your network in accordance with the Owner’s Manual that came with your router. The steps required to make these changes will vary from router to router, so you may have to refer to your Owner’s Manual or the manufacturer’s website. The following settings are the absolute minimum you must take. Be sure to save after each change.

  1. Firmware Update. It is generally a good idea to check for firmware updates for your router before you configure it. Consult your Owner’s Manual or manufacturer’s website for details.
  2. DHCP Server. Make sure this option is enabled. It is what allows your router to assign IP addresses to your network devices.
  3. MAC Address Clone. This setting might have to be enabled for your router to work. You will have to check with your Internet Service Provider (ISP) to find out if they require it.
  4. Security Mode. Here is where you will choose your encryption method. Select the highest level of encryption that ALL of your devices allow. Ensuring they all will allow it will save you from having to go back and change it later, which would result in you having to change all the devices you may or may not have already joined to the network. In our case, we will be selecting WPA or WPA Personal.
  5. Passphrase or Pre-Shared Key (PSK). This string will be used in conjunction with your SSID to create your router’s hash (encryption algorithm). It must be a string of between 8 and 63 characters. The more random, the better. Once you have decided on an passphrase, write it down as we will need it later also.
  6. Admin Password. If there is one change I would recommend over any other, this would be it. You should DEFINITELY change the default admin password for your router. All one has to do to completely hijack your network is to have access to your router by way of the admin password. Once you decide on a password, write it down and keep it in a secure location. Without it, you will not be able to access your network to make any changes. If you have to change your settings without the admin password, your only option is to perform a hard reset of your router and return it to factory settings. Once this is done, you will have to completely reconfigure your network and manually rejoin all of your devices.

Your router is now configured with basic WPA security. However, for added security, it is highly recommended that you read this post as well.

Add your devices

Once your WPA router is set up completely, you will need to add your other devices. As stated above, this process will be easiest if you leave SSID Broadcast enabled during setup, just be sure to disable it after all of your devices are joined. Steps to accomplish this will vary from device to device, so you might have to consult your Owner’s Manual or the manufacturer’s website. Each one will require the SSID and passphrase you wrote down earlier. For computers, the setup will be dependant on your operating system (OS).

For Windows Vista, the steps will be something similar to this:

  1. Go to the Control Panel (Usually accessed by clicking “Start” then selecting “Control Panel” from the menu)
  2. Select “Network and Internet”
  3. Click on “Connect to a network” under “Network and Sharing Center”
  4. You should see your SSID listed in the window that pops up. Select it and click “Connect”. If you do not see your SSID, go back to your router settings and make sure the “SSID Broadcast” option is enabled.
  5. Enter the passphrase you wrote down from above and click “Connect”.
  6. Your Windows Vista computer should now be connected to your network.

For Windows XP, follow these steps:

  1. Go to Start > Settings > Network Connections.
  2. Double click the wireless network connection. The wireless network connections window will appear. This window shows you the wireless networks that are within range.
  3. You should see your wireless network in the list.
  4. Click “Change advanced settings” in the bottom-left corner of the window. A new window will appear. Select the “Wireless Networks” tab.
  5. Select your network’s SSID from the list and click the “Properties” button. This will bring up the window that allows you to fill out the network key.
  6. Enter your passphrase in both the “Network Key” fields at the bottom.
  7. Set “Key index” to 1 if it is not already.”
  8. “The key is provided to me automatically” should be turned off as should the lower “Computer-to-Computer (Ad Hoc)” option.
  9. Click “OK”
  10. Your Windows XP computer should now be connected to the network.

Configuring your WEP router

Before you can connect your WEP router to the network, it must be configured. The steps are very similar to those for your WPA router. There are, however, some differences.

Step 1. Connect your WEP router to a computer

  1. First, perform a 30/30/30 reset on your router. This will return your router to manufacturer’s settings and erase any previous ones. Even if you had the router configured for WEP prior to this, it is still a step you should take.
  2. Remove the power cable from your router.
  3. Disconnect one of your computers (one with a NIC) from your WPA network and shut it down.
  4. Using the other network cable, connect your WEP router from the LAN port to the NIC in the computer.
  5. Connect the power cable from the router to the power outlet.
  6. Start up your computer and log on.
  7. Once you have successfully logged into your computer and it is fully started, open your web browser of choice and enter the IP address for your router in the address bar. One of the most complete listing of default router addresses I have been able to find is located here.

Step 2. Configure your WEP router. Be sure to save after each change.

  1. Firmware Update. Same as above, it is generally a good idea to check for firmware updates for any router before you configure it. Consult your Owner’s Manual or manufacturer’s website for details.
  2. DHCP Server. Make sure this option is disabled. Your WPA router is the one we want assigning the IP addresses to the devices connecting to your network, not the WEP.
  3. Security Mode. Select WEP with Shared Key authentication. If there is not option for Shared Key, it likely is set to that by default. Bottom line, Shared Key allows you to select your passphrase and Open Key allows any device to set their own key, thus defeating the purpose. Essentially, Open Key allows any device to connect and the only thing that is encrypted is the data packets when they are transmitted between the device and the router.
  4. WEP Encryption. Select your encryption level (usually 64 or 128). The higher, the better.
  5. Passphrase. If your router gives you the option to use a passphrase, enter one. Just like above, the more random, the better. Once you have decided on a passphrase, click the “Generate” (or equivalent) button. This will produce a key. If you are not given the option for a passphrase, you must create your own key. Once your key has been generated, write it down.
  6. Admin Password. Same as above, probably the most important step.
  7. Wireless MAC Filter. Every network enabled device is supposed to have a Media Access Control (MAC) address assigned to it. Since WEP is so easily cracked, enabling MAC filtering on your WEP router is absolutely essential to your network security. The MAC addresses for all of your WEP-only devices should be added to your “allow” list. It will attempt to match the MAC address of any network device that is attempting to access your network to those on the list. If there is no match, the device is denied access. There are ways around this for an attacker, such as cloning a MAC that is already on your network, but it requires a lot of time and experience.

Step 3. Connect your WEP router to your WPA router.

  1. Disconnect the power from the router.
  2. Disconnect the network cable from the computer.
  3. Plug the network cable into one of the LAN ports of the WPA router. Ensure that the connection between routers is LAN to LAN. For some networking-type people, a flag just went up. No, that is not a typo. Yes, I do mean LAN to LAN. In this capacity, the WEP router is acting as a switch, not a router, so it must be LAN to LAN and with a straight through network cable. I know — it threw me for a loop at first as well.
  4. Plug the power cable back in to your WEP router.
  5. Wait 30 seconds, then power cycle the WEP router.
  6. Your WEP router should now be connected to your WPA router.

Step 4. Connect your devices. Steps to accomplish this will vary from device to device, so you will have to consult your Owner’s Manual or manufacturer’s website.

If you have an internet connection, you should now connect your modem to the Wide Area Network (WAN) port on the back of the WPA router using an additional straight through network cable.

That is it! You now have dual wireless networks. One with WEP and one with WPA. Although we have taken every possible precaution, there is one more fail safe you should consider. While not actively in use, your WEP router should remain unplugged, just to be safe. Which would you rather, having to plug and unplug a device daily or having your network compromised? I hate having to do it, too, but I would rather be safe than sorry!

6 thoughts on “How to Attain WEP and WPA Simultaneously”

  1. Pingback: Hack Is Back
  2. We are a bunch of volunteers and starting a brand new scheme in our community. Your site provided us with useful info to paintings on. You’ve done a formidable activity and our entire community can be grateful to you.

What do you think?