If you are like most people, your home or small office wireless router probably is running without any encryption whatsoever, and you are a sitting duck for someone to easily view your network traffic.

Some of you have put encryption on your wireless networks but aren’t using the best wireless security methods. This means that you are running your networks with inferior protocols that offer a false sense of protection because these protocols are very easily broken into.

The best encryption method is to use WPA2. This is slowly being supported on a number of wireless devices, and the latest incarnations of both Windows XP and Mac OS X include support too.

How does WPA2 differ from earlier versions? First, it supports the 802.11i encryption standards that have been ratified by the IEEE. These are the commercial-grade encryption products that are available on enterprise-class products. Second, there are two encryption methods that WPA2 adds: one called Advanced Encryption Standard (AES) and one called Temporal Key Integrity Protocol (TKIP). Both of these allow for stronger encryption, and while the differences between the two aren’t that important for our purposes, you should pick one method when you set up your network, as you’ll see in a moment. Finally, the protocol creates a new encryption key for each session, while the older encryption standards used the same key for everybody — which is why they were a lot easier to crack.

Also part of the new standard is Pairwise Master Key caching, where faster connections occur when a client goes back to a wireless access point to which the client already authenticated. There is one more acronym I’ll mention, and that is Pre-Shared Key or PSK. The WPA2 standard supports two different authentication mechanisms: one using standard RADIUS servers, and the other with a shared key, similar to how WEP works. We’ll get back to this in a moment, but let’s show you how to get this train going.

Step 1, Windows OS. First make sure your operating system is up to date. If you are running Windows XP, you’ll need service pack 2 and need to download the WPA2 patch. If you are running a Mac, you need to be running OS X 10.4.2 or better, and Apple calls its version WPA2 Personal.

Step 2, Wireless Adapter. While you are updating your Windows OS, you might want to make sure that your wireless adapter in your laptop is also up to the task of supporting WPA2. The WiFi Alliance maintains a database here of products, check on the WPA2 box and which vendor you are interested in examining the details of their database.

If you have a built-in Intel wireless adapter, it needs to be running Intel’s ProSet versions 7.1.4 or better, excluding versions 8.x.

Step 3, Wireless access point/router. Next, make sure your router/gateway can support WPA2. If you have purchased it in the last year, chances are good that it does, but you might need to update your firmware as well. For the Belkin Pre-N router model 2000, I needed to update the firmware to version 2.01. An older model 1000 didn’t support WPA2 and couldn’t be upgraded. How can you tell the difference when you are buying one? You can’t, other than opening the box and looking at the label on the bottom of the unit.

You’ll notice that you can obscure the key from being shown on the screen, which is a nice feature. That is the PSK that we mentioned earlier. Keep track of this; you’ll need it later.

With this recipe, I also tried a Netgear WNR854T router, which didn’t need any firmware update to support WPA2.

Step 4, Finishing the configuration. Now comes the fun part. Once you have your routers setup, you need to get the clients working properly. I’ll show you the screens for Windows; the Mac is similar.

The biggest issue is that you have to remember your PSK that you used to setup the router, and enter it when prompted by the OS. You can enter any phrase from 8 to 63 characters, and obviously the longer the better. Don’t forget to match the right combination of acronyms that you chose when you set up your router to match what is required in Windows’ Wireless Properties Association dialog box.

Do this for all of your client computers on your network.  Once you get everything working, if you take a look at your Wireless connections screen, you should see where the wireless3 access point is showing that it has WPA2 security enabled.

Okay, now you should be done. If you aren’t getting a connection, chances are there is a mismatch between your router and your client. Check all the steps and make sure that the WPA2 choices are showing up in the right places, and that you have chosen the appropriate encryption method (AES or TKIP) for both router and client pairs. You might also have to use the wireless management software from your adapter vendor, rather than Microsoft’s, to setup your connection. Once you have a working connection, you don’t have to go through all these steps, and should be connected securely automatically.