If you’re security conscious like me and have secured your wireless network with a 64 character WPA2 hex key, you may well know that Ubuntu won’t accept it. The Network Manager applet will happily accept the first 63 characters but the moment you enter the 64th character, you won’t be able to save it. This is because the Network Manager is expecting a passphrase rather than a hex key. I can’t confirm it at this point but I think Ubuntu 8.10 will now accept hex keys.

However, this is Linux and you can always take matters into your own hand. What you need to do is to manually edit the configuration file. The network configurations are stored in /etc/network/interfaces. This is what mine look like:

auto lo
iface lo inet loopback

auto eth1
iface eth1 inet dhcp
wpa-driver wext
wpa-key-mgmt WPA-PSK
wpa-proto RSN
wpa-pairwise CCMP
wpa-group CCMP
wpa-ssid <network ssid>
wpa-psk <64 char hex key>
wpa-ap-scan 2

This is not the first time I came across this problem. It is currently preventing me from configuring my Asus ExpressGate. I have encountered similar situations with some Windows applications as well. It might be a good idea, the next time you setup a wireless network, to generate a random 63 character passphrase instead. You then have the flexibility of converting it to its hex equivalent when necessary.

On a side note, the command for restarting the networking service is:

sudo /etc/init.d/networking restart

Wireless network is an ideal solution if you have a laptop that is constantly moving around the house, or if you simply wish to eliminate the miles of cabling that run all over the place. However, if not properly configured, wireless networks are very susceptible to attacks. These networks are possibly the most popular source of free Internet for… ahem. You know who they are.

The following are a few simple steps that can be taken to vastly improve the security of your wireless networks:

1. Change the default login on your network devices, especially the wireless access points, router, and the modem. The remaining steps are a pointless exercise if anyone could simply modify your settings and hijack your network.
2. Enable wireless authentication and encryption. Use the strongest authentication method and encryption algorithm supported by your wireless access point and all the wireless clients on the network. Wi-Fi Protected Access 2 (WPA2) should be used where possible. Wired Equivalent Privacy (WEP) is easily cracked. WPA, not WPA2, has also been demonstrated to be vulnerable when weak encryption keys are used. If your only option is WEP or WPA, it is strongly recommended that the encryption key be changed regularly.
3. Choose a strong encryption key. Use the longest encryption key length supported by your wireless access points and all the wireless clients on the network. It is best if you could generate a random hex key. Otherwise, make sure you choose a strong pass phrase. Weak keys can easily be cracked by brute force attacks.
4. Disable SSID broadcast. The Service Set Identifier (SSID) is a name used to uniquely identify your wireless network, and must be specified when a client wishes to join the network. Usually, by default, the SSID is broadcasted at regular intervals to announce the presence of the wireless network. This may simplify configurations of your wireless clients but is also an invitation for hackers. Disabling SSID broadcast makes it more difficult, but not entirely impossible, for an attacker to obtain this information.
5. Rename the SSID. Following from the previous point, you should choose a unique SSID. Lists of default SSIDs are widely available. Additionally, a network with a default SSID suggest that it is poorly configured and is an appealing target for hackers.
6. Enable MAC address filtering. MAC address is a unique identification for network cards. MAC address filtering ensures that only your wireless devices have access to your wireless network. However, this is not a fool-proof measure as the MAC address can easily be spoofed.
7. Disable remote administration, unless you absolutely know what you’re doing. I’m sure you wouldn’t want a hacker administering your network. Nuf said.

The steps detailed above are suggestions for improving your network security. Some of the features described may not be supported by your network devices, while others may be impractical for your network setup. If not supported, check to make sure that the manufacturer has not released new software or firmware upgrades. For those using Windows wireless client, the following Windows update may be required, if not already installed, to support WPA2:

KB893357 – Wi-Fi Protected Access (WPA2) Update

In the end, you may find the network slightly more tedious to setup but it will be much more secure.