Set up a security key for a wireless network

Personal information and files on your wireless network can sometimes be seen by people who pick up your network signal. This can lead to identity theft and other malicious acts. A network security key or passphrase can help protect your wireless network from this type of unauthorized access.

The Set Up a Network wizard will guide you through setting up a security key
We don't recommend using Wired Equivalent Privacy (WEP) as your wireless security method. Wi‑Fi Protected Access (WPA or WPA2) is more secure. If you try WPA or WPA2 and they don't work, we recommend that you upgrade your network adapter to one that works with WPA or WPA2. All of your network devices, computers, routers, and access points must also support WPA or WPA2.

Wi‑Fi Protected Access (WPA and WPA2)
WPA and WPA2 require users to provide a security key to connect. Once the key has been validated, all data sent between the computer or device and the access point is encrypted.

There are two types of WPA authentication: WPA and WPA2. If possible, use WPA2 because it is the most secure. Almost all new wireless adapters support WPA and WPA2, but some older ones don't. In WPA-Personal and WPA2-Personal, each user is given the same passphrase. This is the recommended mode for home networks.

Wired Equivalent Privacy (WEP)
WEP is an older network security method that's still available to support older devices, but it's no longer recommended. When you enable WEP, you set up a network security key. This key encrypts the information that one computer sends to another computer across your network. However, WEP security is relatively easy to crack.

There are two kinds of WEP:

1. Open system authentication 
2. Shared key authentication

Neither is very secure, but shared key authentication is the least secure of the two. For most wireless computers and wireless access points, the shared key authentication key is the same as the static WEP encryption key the key that you use to secure your network. A malicious user who captures the messages for a successful shared key authentication can use analysis tools to determine the shared key authentication key, and then determine the static WEP encryption key. After the WEP encryption key has been determined, the malicious user has full access to your network.

If you still want to use WEP shared key authentication, you can do by following these steps:
To manually create a network profile using WEP shared key authentication

1. Click to open Network and Sharing Center. 
2. Click Set up a new connection or network.
3. Click Manually connect to a wireless network, and then click Next.
4. On the Enter information for the wireless network you want to add page, under Security type, select WEP.
5. Complete the rest of the page, and then click Next.
6. Click Change connection settings.
7. Click the Security tab, and then, under Security type, click Shared.
8. Click OK, and then click Close.

What is a smart card and how it works?

A smart card is a small plastic card containing a computer chip. People use smart cards along with personal identification numbers (PINs) to log on to a network, a computer, or a device. Using a smart card is more secure than using a password because it's more difficult for someone to steal a smart card and learn your PIN than to learn your password.

Smart cards are generally issued by information technology (IT) departments in large organizations. To use a smart card, you also need a smart card reader a device that’s installed in or connected to your computer and that can read the information stored on a smart card.

To log on to a Windows 7-based computer with a smart card

1. Connect the smart card reader to your computer or Laptop, if necessary. 
2. Insert your smart card into the smart card reader. 
3. Press Ctrl+Alt+Delete. 
4. At the logon screen, click Switch User. 
5. Click the smart card icon, type your PIN, and then press Enter. 

General network security recommendations

The following are general security guidelines for all home and small office networks.

Keep your computer up to date
To help keep the computers on your network safer, turn on automatic updating on each computer. Windows can automatically install important and recommended updates or important updates only. Important updates provide significant benefits, such as improved security and reliability. Recommended updates can address non-critical problems and help enhance your computing experience. Optional updates are not downloaded or installed automatically.

Use a firewall
A firewall can help prevent hackers or malicious software (such as worms) from gaining access to your computer through a network or the Internet. A firewall can also help stop your computer from sending malicious software to other computers.

Install Anti-virus software on each computer
Firewalls help keep out worms and hackers, but they're not designed to protect against viruses, so you should install and use antivirus software. Viruses can come from attachments in e‑mail messages, files on CDs or DVDs, or files downloaded from the Internet. Make sure that the antivirus software is up to date and set to scan your computer regularly.

Use a router to share an Internet connection
Consider using a router to share an Internet connection. These devices usually have built-in firewalls, network address translation (NAT), and other features that can help keep your network better protected against hackers.

Don't stay logged on as an administrator
When you're using programs that require Internet access, such as a web browser or an e‑mail program, we recommend that you log on as a standard user account rather than an administrator account. That's because many viruses and worms can't be stored and run on your computer unless you're logged on as an administrator.

Wireless network security recommendations
If you have a wireless network, there are some additional security precautions that you should take.

• Use a network security key

If you have a wireless network, you should set up a network security key, which turns on encryption. With encryption, people can't connect to your network without the security key. Also, any information that's sent across your network is encrypted so that only computers that have the key to decrypt the information can read it. This can help avert attempts to access your network and files without your permission. Wi‑Fi Protected Access (WPA or WPA2) is the recommended wireless network encryption method.

Note: We recommend using WPA2, if possible. We don't recommend using WEP for network security. WPA or WPA2 are more secure. If you try WPA or WPA2 and they don't work, we recommend that you upgrade your network adapter to one that works with WPA or WPA2.

Change the default administrator name and password on your router or access point 
If you have a router or access point, you may be using the default name and password set up by the manufacturer’s. Most manufacturers use the same default name and password for all of their equipment, which someone could use to access your router or access point without your knowledge. To avoid that risk, change the default administrator user name and password for your router. Look for the information in the manual that came with your device for instructions about how to change the name and password.

Change the default SSID
Routers and access points use a wireless network name known as a Service Set Identifier (SSID). Most manufacturers use the same SSID for all of their routers and access points. We recommend that you change the default SSID to keep your wireless network from overlapping with other wireless networks that might be using the default SSID. It makes it easier for you to identify which wireless network is yours, if there's more than one nearby, because the SSID is typically shown in the list of available networks. Check the information that came with your device for instructions about how to change the default SSID.



Position your router or access point carefully


Wireless signals can transmit a few hundred feet, so the signal from your network could be broadcast outside of your home. You can help limit the area that your wireless signal reaches by positioning your router or access point close to the center of your home rather than near an outside wall or window.