Escolar Documentos
Profissional Documentos
Cultura Documentos
READ THIS AGREEMENT BEFORE USING THIS TECHREPUBLIC B. You shall not (and shall not permit other persons or entities to) COST OF RECOVERING SOFTWARE, DATA, OR THE MATERIALS
RESOURCE CD-ROM DISK (“CD”) FROM TECHREPUBLIC. BY reverse-engineer, decompile, disassemble, merge, modify, create IN THE COLLECTION; THE COST OF SUBSTITUTE SOFTWARE,
USING THE CD YOU AGREE TO BE BOUND BY THE TERMS AND derivative works of, or translate the Collection or use the DATA OR MATERIALS IN THE COLLECTION; CLAIMS BY THIRD
CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO Collection for any purpose. PARTIES; OR OTHER SIMILAR COSTS.
THE TERMS AND CONDITIONS OF THIS AGREEMENT, IMMEDI- C. You shall not (and shall not permit other persons or entities to) C. THE WARRANTIES AND REMEDIES SET FORTH HEREIN ARE
ATELY RETURN THE UNUSED CD FOR A FULL REFUND OF remove or obscure TechRepublic’s or its suppliers’ copyright, EXCLUSIVE AND IN LIEU OF ALL OTHERS, ORAL OR WRITTEN,
MONIES PAID, IF ANY. trademark, or other proprietary notices or legends from any portion EXPRESSED OR IMPLIED. NO TECHREPUBLIC AGENT OR
The articles, forms, tools, templates, programs, and other materials of the Collection or any related materials. EMPLOYEE OR THIRD PARTY IS AUTHORIZED TO MAKE ANY
included on this CD and their compilation (the ‘Collection’) are 3. Limited Warranty and Limited Liability MODIFICATION OR ADDITION TO THIS WARRANTY.
licensed to you subject to the terms and conditions of this A. THE ONLY WARRANTY MADE BY TECHREPUBLIC IS THAT D. SOME STATES DO NOT ALLOW EXCLUSION OR LIMITATION
Agreement by TechRepublic, having a place of business at 1630 THE ORIGINAL CD IN WHICH THE COLLECTION IS EMBODIED OF IMPLIED WARRANTIES OR LIMITATION OF LIABILITY FOR
Lyndon Farm Ct, Louisville, KY 40223 (‘TechRepublic’). By using AND WHICH IS DISTRIBUTED BY TECHREPUBLIC SHALL BE FREE INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE
the Collection, in whole or in part, you agree to be bound by the OF DEFECTS IN MATERIALS AND WORKMANSHIP FOR A PERIOD LIMITATIONS OR EXCLUSIONS MAY NOT APPLY TO YOU.
terms and conditions of this Agreement. TechRepublic owns the OF NINETY (90) DAYS AFTER DELIVERY TO YOU. TECHREPUB- 4. U.S. Government Restricted Rights
title to the Collection and to all intellectual property rights therein, LIC’S AND ITS SUPPLIERS’ ENTIRE LIABILITY AND YOUR EXCLU- The Collection is licensed subject to RESTRICTED RIGHTS. Use,
except in so far as it contains materials that are proprietary to SIVE REMEDY SHALL BE LIMITED TO THE REPLACEMENT OF duplication, or disclosure by the U.S. Government or any person or
third-party suppliers. All rights in the Collection except those THE ORIGINAL CD, IF DEFECTIVE, WITHIN A REASONABLE entity acting on its behalf is subject to restrictions as set forth in
expressly granted to you in this Agreement are reserved to PERIOD OF TIME. subdivision (c)(1)(ii) of the Rights in Technical Data and Computer
TechRepublic and such suppliers, as their respective interests may B. EXCEPT AS SPECIFICALLY PROVIDED ABOVE, THE COLLEC- Software Clause at DFARS (48 CFR 252.227-7013) for DoD con-
appear. TION IS PROVIDED ‘AS IS’ WITHOUT WARRANTY OF ANY KIND, tracts, in paragraphs (c)(1) and (2) of the Commercial Computer
1. Limited License EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITA- Software and the Restricted Rights clause in the FAR (48 CER
TechRepublic grants you a limited, nonexclusive, nontransferable TION, ANY WARRANTY OF MERCHANTABILITY AND FITNESS 52.227-19) for civilian agencies or in other comparable agency
license to use the Collection on a single dedicated computer. This FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE clauses. The contractor, manufacturer, is TechRepublic.
Agreement and your rights hereunder shall automatically terminate RESULTS AND PERFORMANCE OF THE SOFTWARE AND OTHER 5. General Provision
if you fail to comply with any provision of this Agreement. Upon MATERIAL THAT IS PART OF THE COLLECTION IS ASSUMED BY Nothing in this Agreement constitutes a waiver of TechRepublic’s
such termination, you agree to destroy the CD and all copies of the YOU, AND TECHREPUBLIC AND ITS SUPPLIERS ASSUME NO or its suppliers’ rights under U.S. copyright laws or any other feder-
CD, whether or not lawful, that are in your possession or under RESPONSIBILITY FOR THE ACCURACY ON APPLICATION OF OR al, state, local, or foreign law. You are responsible for installation,
your control. ERRORS OR OMISSIONS IN THE COLLECTION. IN NO EVENT management, and operation of the Collection. This Agreement shall
2. Additional Restrictions SHALL TECHREPUBLIC OR ITS SUPPLIERS BE LIABLE FOR ANY be construed, interpreted, and governed under California law.
A. You shall not (and shall not permit other persons or entities to) DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL
CD-ROM Requirements
directly or indirectly, by electronic or other means, copy or repro- DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
The TechRepublic Resource CD requires:
duce (except for archival purposes as permitted by law), publish, COLLECTION, EVEN IF TECHREPUBLIC OR ITS SUPPLIERS HAVE
• Windows 98/98SE/ME/NT4/2000 or XP
distribute, rent, lease, sell, sublicense, assign, or otherwise transfer BEEN ADVISED OF THE LIKELIHOOD OF SUCH DAMAGES
• Internet Explorer 5.0 or later
the Collection or any part thereof or this Agreement, and neither the OCCURRING. TECHREPUBLIC AND ITS SUPPLIERS SHALL NOT
• 16 MB of RAM or more
CD nor its contents can be shared over a network for access by BE LIABLE FOR ANY LOSS, DAMAGES, OR COSTS ARISING OUT
• 10 MB of free disk space or more
multiple users without a separate site license agreement. Any OF, BUT NOT LIMITED TO, LOST PROFITS OR REVENUE; LOSS
• Windows-compatible CD-ROM drive
attempt to do so shall be void and of no effect. OF USE OF THE COLLECTION; LOSS OF DATA OR EQUIPMENT;
Wireless Networking
Survival Guide
Copyright Credits
©1995-2003 by CNET Networks, Inc. All rights reserved. Vice President, TechRepublic
TechRepublic and its logo are trademarks of CNET Bob Artner
Networks, Inc. All other product names or services identi-
Assistant Vice President, TechRepublic
fied throughout this book are trademarks or registered
Kimberly Henderson
trademarks of their respective companies. Reproduction of
this publication in any form without prior written permis- Executive Editor, Premium Products
sion is forbidden. Erik Eckel
Managing Editor, Premium Products
Janice Conard
Disclaimer
The information contained herein has been obtained from Content Resources Manager
sources believed to be reliable. CNET Networks, Inc. dis- Marilyn Bryan
claims all warranties as to the accuracy, completeness, or Graphic Artists
adequacy of such information. CNET Networks, Inc. shall Natalie Eckerle
have no liability for errors, omissions, or inadequacies in the Kimberly Wright
information contained herein or for the interpretations Executive Editor,
thereof. The reader assumes sole responsibility for the TechRepublic and Builder.com
selection of these materials to achieve its intended results. Veronica Combs
The opinions expressed herein are subject to change
without notice. Senior Editors
Paul Baldwin
Beth Blakely
CD-ROM License Toni Bowers
TechRepublic grants you a limited, nonexclusive, nontrans- Bill Detwiler
ferable license to use the CD-ROM on a single dedicated Jason Hiner
computer. The use of the TechRepublic Resource CD is Judy Mottl
governed by the license agreement that can be found in the John Sheesley
printed documentation included with the CD-ROM. Read Jim Wells
the agreement carefully before using the CD-ROM that Review Edit Manager
accompanies this book. Rich Crossett
Review Editors
Contact Us Kachina Dunn
TechRepublic Jody Gilbert
1630 Lyndon Farm Court Kim Mays
Louisville, KY 40223 Amy Sellers
E-mail: customerservice@techrepublic.com Copy Editors
Tel.: 1.800.217.4339 Selena Frye
www.techrepublic.com Joyce Mathai
Suzanne Thornberry
ISBN 1-932509-01-1 Julie Tonini
October 2003 Linda Watkins
B059 Membership Director
Dan Scofield
Promotions Manager
Megan Hancock
Foreword
W
ireless networking innovations enable a host of advantages. Antiquated tethers no longer
restrict desktops, laptops, and handheld computers. Instead, systems can be placed where
most convenient, even if cable runs aren’t readily available. Best of all, mobile systems
become truly mobile platforms.
Wireless e-mail access, Internet, intranet, and extranet usage, file exchanges, and other forms of
cordless collaboration are now routine. Wireless devices provide additional opportunities when
rolling out new systems and rearranging older configurations, too. This is true whether you’re work-
ing from a family room, small office, cubicle, or server room.
For all of their benefits, however, many issues still plague wireless network configuration and
administration. Implementing and maintaining a secure and efficient wireless network requires care-
ful planning and diligent administration. You must take care to ensure that 802.11 networks are
properly configured to enable wireless access while guarding against opening your network and all
of its data to unauthorized use.
TechRepublic’s Wireless Networking Survival Guide reviews wireless networking fundamentals,
describes important configuration and troubleshooting techniques, lists critical security precautions,
and includes helpful information on popular products and devices. The Wireless Networking Survival
Guide book also includes a companion CD-ROM, the Wireless Networking Tool Kit, which collects
helpful templates, diagrams, and checklists you can use to ease wireless network administration.
This unique book and CD-ROM set won’t sit neglected on your bookshelf. Our editors and real-
world IT professionals have created these aids to be resources you’ll rely upon and utilize regularly.
You’ll find that the spiral-bound book stays open where you need it and doesn’t flip closed the
moment you set it down. The CD-ROM includes ready-to-use, customizable charts and templates,
ensuring you maximize the tools’ benefits.
With the Wireless Networking Survival Guide and Wireless Networking Tool Kit, you’ll have all you
need to:
X Understand wireless network operation.
X Add and configure network adapters.
X Configure wireless network connections.
X Establish file access permissions.
X Secure wireless systems and networks.
X Select the best products for your needs.
X Roll out and maintain a local area network and wireless connections.
Learn from professionals in the field. Take advantage of TechRepublic’s proven solutions to
ensure that your wireless network operates as efficiently and securely as possible.
If you have suggestions or comments regarding this TechRepublic product, please e-mail us at
trproducts@techrepublic.com.
Quick Reference
Wireless Fundamentals ..................................................................................1
Configuration and Troubleshooting ..............................................................21
File and Share Permissions ..........................................................................73
Wireless Security..........................................................................................95
Products and Reviews ................................................................................129
Wireless Networking
Survival Guide
Wireless Fundamentals
Wireless—The real thing, finally ....................................................................................................................1
Look Ma, no wires!............................................................................................................................................2
Use wireless technology to triumph over networking nightmares ............................................................5
Take advantage of the cost savings of a wireless LAN..............................................................................6
Get the scoop on WLANs with this wireless networking overview ........................................................8
A primer on Wireless Application Protocol (WAP) ..................................................................................10
Understanding wireless LAN protocols and components........................................................................12
Evaluating the wireless networking options................................................................................................15
Wireless Security
Keep up with public wireless dangers and Wi-Fi security standards......................................................95
Design a secure wireless LAN ......................................................................................................................97
Think security when setting up an 802.11b wireless network................................................................100
How to beef up wireless security ..............................................................................................................102
Use WEP to improve security on your wireless network ......................................................................105
Take steps to secure vulnerable WLANs ..................................................................................................110
At last, real wireless LAN security..............................................................................................................111
WPA wireless security offers multiple advantages over WEP ..............................................................113
Six tips for implementing closed networking on a wireless network....................................................115
Don’t use MAC filtering as your only wireless network security solution ..........................................116
Choosing a vendor solution for wireless LAN security with 802.1x and EAP ..................................119
Follow these steps to tighten security on Linksys wireless networks ..................................................121
XP client configuration for enhanced security on a Linksys wireless network ..................................124
T
he computer business is famous for and digital mobile phone technology. These
making the future seem very much like pieces, though disparate in function, design,
the present. Technologies are elusive, and device support, roughly comprise the parts
and as new ones emerge, the efforts to get of a puzzle that could ensure wireless connec-
their bandwagons rolling often outstrip their tivity near and far. Bluetooth’s short-range RF
realities, their deliverables. Wireless networking is the likely candidate for connecting comput-
didn’t escape the promising-technology hype ing devices with peripherals; 802.11-based sys-
and has, perhaps, suffered by the premature tems offer a wider operational range that make
promises of vendors in search of the next them ideal for replacing wired access in offices
big thing. and commercial venues; and mobile telephone
But all signs indicate that wireless is, indeed, carriers appear to have the edge for long-dis-
a reality and that it’s here to stay. Mobility has tance data communications.
been a mantra of computing since the first In addition, all three have undergone signif-
portable PCs appeared, with the rebirth of icant development so that they are now poised
paging and the proliferation of cellular phones for practicality or are already demonstrating
providing a much needed impetus. their utility. Prices, too, have dropped to
Today, it’s estimated that there are wireless affordable levels so that Wi-Fi, for instance,
nets in use in businesses and homes. But the can be a cost-effective or even cost-saving
sudden spurt in growth hasn’t come without alternative to traditional wired networks.
the expected growing pains. Security issues, in There are, however, still enough unsettling
particular, have put many companies on the aspects to keep Wi-Fi—or any of its wireless
slow track to mobile computing. The security cousins—from being a slam-dunk decision for
shortcomings were relatively unimportant IT managers. For example, despite the efforts
when wireless first took root in home comput- of dozens of vendors to address wireless secu-
ing environments. Essentially a case of caveat rity, the magnitude of the issue is underscored
emptor, users were left to their own devices to by a somewhat secretive meeting convening in
find the holes and patch the leaks. But in the Washington this week to address the security
security-conscious realm of corporate com- issue. The conclave, dubbed A Roadmap to a
puting, caveat emptor doesn’t cut it. Safer Wireless World, includes industry repre-
This isn’t to suggest that wireless vendors sentatives, academics, and government agen-
were asleep at the wheel, although perhaps cies such as the Department of Defense, the
they might have shared some guilt for hastily Department of Justice, and the National Secu-
rolling out products. But, as banal as it may rity Agency. Ironically, news of this meeting
sound, today wireless is fully into its matu- came on the same day that retail giant Best Buy
rity—or at least well on its way to maturity. suspended the use of wireless cash registers at
New standards are addressing key issues nearly 500 stores because a security lapse may
such as security and speed. The steady stream have enabled a hacker to snag a customer’s
of little letters following “802.11” seems end- credit card number.
less, with each indicating an incremental But both of these news items can be taken
improvement and all leading to faster, safer in a positive light as well. The fact that a con-
wireless transmissions. ference on wireless security can draw such a
roster of participants is a good indication that
The mobile mosaic wireless computing is to be taken seriously. And
Wireless computing has, in fact, become a even Best Buy’s unfortunate foray into mobile
catchall term for a number of untethered tech- cashiers can be spun easily to be interpreted as
nologies, including Bluetooth, Wi-Fi (802.11),
Wireless Fundamentals 1
an indicator that wireless networking is being While there’s still a lot of work to do to
taken very seriously. achieve the goal of ubiquitous, unwired com-
It’s also a sign of wireless networking’s puting, it is against this backdrop of both
importance that it’s no longer being dismissed promise and peril that dozens of wireless
as a fad—or worse, a gadget technology. And device vendors are showing their wares at the
even more encouragement is offered by the annual NetWorld+Interop trade show and
vendors of wireless products, such as ARM’s conference in Las Vegas. The sheer number of
announcement of its ARM11 technology last vendors and their broad product offerings are
week at the Embedded Processor Forum. just further testament that wireless is, indeed,
New ARM processors for PDAs and other real and here now.
mobile devices will operate at speeds exceed-
ing 300 MHz—the state of the art for desktop
computing not too many years ago.
F
or the past six months, I have been Emulex, was very finicky. It had more jumpers
conducting an experiment with Wi-Fi than I could count, and the only reference
(802.11 wireless Ethernet) that has led manual was a yellow sticky note filled with
me to four conclusions. First, no company illegibly scribbled notes and diagrams. But the
should continue deployment of wired technol- worst part of that LAN wasn’t its heart. It
ogy where special applications don’t demand it. was its circulatory system: a coaxial cable
Second, your wireless deployment should whose circuitous route stretched through
focus on systems that have Wi-Fi built in. raised floors, dropped ceilings, treacherous
Third, companies must be prepared to help precipices, and across the floor underneath
employees with Wi-Fi installations at home. every person’s desk. I do not have fond memo-
Finally (the vendor recommendation always ries of running around with a coaxial termina-
comes last), systems vendors must be aware tor to isolate the misbehaving segment each
that corporate IT will require Wi-Fi that is time the LAN went down.
built in to the system (and not added as an When the first twisted-pair Ethernet hubs
afterthought through an existing expansion came, we didn’t even wait for the standard
port). Wi-Fi notebooks from IBM and Toshiba (10Base-T) to be ratified. We just went for it.
exemplify this built-in approach. Fortunately, For me, the result was like breathing pure oxy-
my experiment included neither, which allowed gen. From that point forward, the LAN went
me to understand the pitfalls of the after- down plenty of times, but never because of a
thought approach. wiring problem. There were days when I
would visit the wiring closet for no reason
Wi-Fi: Go for it other than to pinch myself.
I’ll never forget the first LAN I had to manage.
If twisted-pair Ethernet is your oxygen,
It was a 3Com 3Share Plus-based setup: an
Wi-Fi will be your nitrous oxide. There are
8088-class PC server connected to a 30MB
numerous benefits to be gained from deploy-
disk drive the size of a Volkswagen Rabbit.
ing Wi-Fi. For starters, simply getting someone
The drive interface, from a company called
Wireless Fundamentals 3
devices into one small unit using a Linksys I popped the lid on my notebook to get a little
wireless router. With Wi-Fi running in my work done. Much to my surprise, I was con-
house, moving between work and home is a nected to the Internet. I’m sure the hospital
breeze. When leaving the office, I simply shut doesn’t want to be an ISP for its visitors. On
the lid on my ThinkPad (putting it into suspen- the other hand, I had no malicious intent.
sion mode) and go home. At my house, I open About the only possible harm done was that I
the lid, and Windows 2000—smart enough to took up a bit of someone else’s bandwidth.
know the computer may have moved to a new But even with malicious intent, I’d have to
network—renews its IP address. I am back on be pretty sophisticated to do more harm. For
the Internet without ever connecting a wire. starters, in every place where my wireless note-
(Eventually, I have to plug in the power cord.) book worked, my protocol analyzer revealed
My only complaints: I have to manually re- that the wireless hub was behaving like a
establish a VPN connection to regain access to switch. (Yes, I tried, knowing that one day I
the corporate network, and I have to remem- would write this story.) This meant that the
ber to shut down Microsoft Outlook 2000 at only traffic I could see was my traffic and
my office and then restart Outlook in offline broadcast traffic. I could not very easily spy on
mode when I get home. the nurse’s e-mail, but if I really wanted to, I
Once you get a taste of this convenience, could. There are ways to sniff at wireless sig-
you will never, ever go back. Once you give the nals and sometimes go beyond the switch to
executives in your company a taste of this con- get at other information traversing the corpo-
venience, you’ll be a hero. rate backbone. But three conditions have to
exist for this to result in serious compromise.
Oh yeah, security First, the person must have malicious intent.
I once read somewhere that if you had a Wi-Fi Second, the person must be pretty sophisti-
notebook, you could travel up and down Mar- cated. Third, there must be something worth
ket Street in San Francisco without ever losing tampering with on the backbone.
connectivity. The implication is that the many No doubt, these three conditions exist in
Wi-Fi-enabled companies along that street are many places. When they do, you have to think
keeping you constantly within range of a wire- twice about deploying Wi-Fi. But there are
less hub. many more situations where this simply isn’t
The truth is that Wi-Fi has had some well- the case. Most traffic on most business net-
publicized security problems. People can works isn’t worth an outsider’s time of day.
access your network without your knowledge. But Wi-Fi is definitely worth yours.
While in a hospital waiting room the other day,
W
hen a networking environment dull and boring. To liven the facility up a bit,
demands mobility or a noninvasive the museum authority asked for permission to
setup, a wireless LAN may be the install a more up-to-date lighting system and
best solution. While wireless LANs can’t reach computer network. After a long legal battle,
the speed of cable networks, a slow network is the museum was finally allowed to install new
better than none at all. In this article, I will lighting, but the authorities were immovable
examine two cases where wireless networking on the subject of data cabling. Thanks to a
was the only practical option. wireless LAN, the museum is now equipped
with the right technology to move beyond
Perfect for historical buildings being dull and gloomy.
Wiring an older building for a network can be
a nightmare. I know; I have done my share of Building a mobile network
it. In Great Britain, I’m often faced with prob- Wireless networks are also a great option for
lems that are inherent in wiring historic build- portable applications. A local software training
ings. Running CAT5 cable through some of company that provides on-site training is a
these buildings would be akin to cutting out perfect example. In the past, the trainer would
the eyes of the Mona Lisa and replacing them bring several desktops to a client’s premises
with blinking lights. Obviously, any work and network them together. This required a
involving alterations to historically listed build- van and driver to carry these heavy machines
ings must be done with great sensitivity and around, and it also took a considerable amount
care. This is exactly why wireless networks are of time to set up a cable network at the client’s
a great way to provide older buildings with location.
modern communications. Today, this company uses a wireless LAN
The museum in my old hometown is and several laptops. The setup time has been
housed in a historic building upon which the greatly reduced, there are far fewer cables to
Department of the Environment has placed a trip over, and the whole caboodle can be
preservation order. Over the last eight cen- loaded into the boot of a small British car.
turies, this building has fulfilled a number of The savings in setup time has allowed the van
roles—none of which have made it suitable driver to learn about computers and begin
for a modern computer network. teaching, effectively doubling the company’s
When I was a child, this museum was dark, training capacity.
musty, slightly spooky, and, most of all, very
Wireless Fundamentals 5
Take advantage of the cost savings
of a wireless LAN
May 15, 2002
By Del Smith, CCNA, CCA, MCSE
W
ithout a doubt, the falling cost of time of this writing, Cisco’s Aironet 350 series
wireless LAN components is a PC Card lists for about $169, its sister PCI
major factor driving WLAN adop- card for $299, the access point is $749, and the
tion. The lower cost, coupled with a fast- building-to-building bridge costs around
maturing technology, is prompting many $1,999. (Remember: These are list prices.) At
organizations and IT professionals to ask the first glance, your reaction may be, “No way!”
question, “What is the cost of deploying a But let’s take a closer look at why these prod-
wireless LAN vs. a wired one?” ucts may be a better deal.
While every LAN assessment is unique,
there are common factors to consider when Hard costs
evaluating which solution is the most cost- Of course, most of us are familiar with the
effective for a given situation. I’ll look at both costs associated with a typical wired solution.
hard costs and soft costs to shed some light on Take a couple of new corporate office build-
how wireless stacks up against wired. ings for example. Traditional wired costs may
include CAT5 copper cable runs in the ceiling
Selecting the right and through walls, along with their correspon-
wireless solution ding data drops needed on just about every
As you know, three main components make wall feasible. I bring this up because unless you
up a typical wireless LAN solution: the wire- are going to run the cable yourself, quite a bit
less network card, which you will find in the of the installation costs will be associated with
desktop or laptop; the access point used to laying the basic wiring and data drops.
connect wireless clients to the network; and A wireless LAN also still requires installa-
the bridge, which allows for building-to-build- tion (preferably professional) and some degree
ing wireless connectivity. of cabling; however, one access point can usu-
There are numerous vendors now offering ally be installed in the amount of time it takes
various wireless products. You would think to terminate one data drop. To make this part
that vendors offering wireless network cards of the solution complete, you may also need to
for around $70 and access points for under throw in the cost of traditional RJ-45-based
$200 would make the cost question a little eas- network cards, depending on whether your
ier to answer. But while vendors such as systems come with them preinstalled.
Linksys, D-Link, and NetGear offer inexpen- Don’t forget about the fiber-optic cable run
sive product lines of wireless products that that may be needed to connect two buildings
are great for the small office/home office due to the distance limitations and conductiv-
(SOHO) environment, you don’t necessarily ity of copper. Try calling your local fiber
want to rely upon them to run a mission-criti- optics installer and asking the cost to connect
cal network segment. two adjacent buildings that are 150 meters
Businesses need to consider enterprise-class apart with fiber line. Now ask for an installa-
wireless manufacturers and their correspon- tion time and find out what special equipment
ding products. An example would be Cisco’s is needed on each end. Did you mention that
Aironet brand of wireless products (or there’s a small concrete walkway that runs
ORiNOCO’s wireless products), which I feel between the two buildings? You’ll probably be
are better suited to the wireless requirements gasping for air once the installer gives you a
of today’s corporate IT environment. At the ballpark price.
Wireless Fundamentals 7
Get the scoop on WLANs with this wireless
networking overview
Jul 31, 2002
By Brien M. Posey, MCSE
I
n the past two years, WLAN technology obstacles such as trees and buildings decrease
has come a long way. Prices have fallen the range and also the size of the cell. Indoors
drastically, wireless encryption protocol a cell’s size also depends on the construction
(WEP) security is more widely supported, and of the building. Radio signals will travel
components tend to be more reliable and have through walls, ceilings, and floors, but these
a longer range; yet there are still many different obstacles can seriously degrade the signal’s
factors to consider when deciding whether to strength.
go wireless. You must look at cost, reliability, You must also be aware of the number of
speed, and of course, security. simultaneous sessions an access point can sup-
port. Just two years ago, a high-end access
Getting connected point typically supported about 64 sessions.
Wireless networks function similarly to wired Today, most access points support 256 sessions.
ones. However, where wired networks use
cables to attach a NIC card to a hub, a wireless Multiple access points
network uses wireless NIC cards to connect to A single access point may not be adequate for
an access point. A wireless NIC card is a NIC a large organization. The access point may lack
that’s equipped with a transceiver and an the necessary range or may not support
antenna. An access point is a wireless hub. enough users. Fortunately, you can use multi-
Generally speaking, most access points also ple access points to add extra range and sup-
contain an RJ-45 port that allows them to act port. When multiple access points are used,
as a gateway between a wired and a wireless the cells tend to overlap. This allows wireless
network. users to roam from one cell to another without
Technically, a wireless network doesn’t losing connectivity. A wireless network consist-
require an access point. If you need only a few ing of multiple cells works like a cellular tele-
wireless workstations, they can run in what’s phone network: when a user’s signal begins to
known as ad hoc mode. Ad hoc mode allows a fade, another access point with a stronger sig-
wireless NIC to communicate directly with nal takes over.
another wireless NIC without the aid of an Multiple access points can also be used for
access point. But if you plan to use more than load balancing. By using multiple access points,
two or three wireless clients or if your wireless you can split the network traffic into two or
clients will require access to a wired network, more cells, rather than having a single cell con-
you’re better off running in infrastructure gested with all of the traffic.
mode than ad hoc mode. Infrastructure mode
uses an access point. Staying secure
Each access point has specific capabilities Perhaps the biggest concern about wireless
that you need to be aware of. First, it has a networks is security. After all, if your company
coverage area known as a cell. Traditionally, uses wireless networking, someone could sit in
access points have a coverage area of 150 to the parking lot with a laptop and steal packets
300 feet in every direction. But in recent of data out of the air. This is where WEP
months, access points have come onto the comes in. WEP is a shared key encryption
market offering ranges of up to a mile. Special protocol for wireless networks available in
outdoor access points with large antennas can 40-, 64-, and 128-bit encryption strengths.
offer a range of several miles. Of course, Typically, using WEP has only a small nega-
tive impact on throughput. In tests that I’ve
Wireless Fundamentals 9
A primer on Wireless Application
Protocol (WAP)
Jul 3, 2002
By Harshad Oak
W
AP is a standard for mobile Inter- Web server, it takes care of the necessary
net applications. Its primary objec- binary encoding of content and can also trans-
tive is to provide an open standard late WML to/from HTML.
for optimized access via a mobile device to the
Internet or intranet. Why you should use WAP
When first introduced, WAP was touted as Despite initial concerns about mobile limita-
a revolutionary technology that would totally tions, there are many good reasons to use
transform the world of mobile computing. But WAP to implement mobile Web browsing:
WAP and WAP-based services couldn’t com- X WAP has its own security model that
pletely facilitate such transformation due to works on lines very similar to Web secu-
limitations of mobile devices and mobile net- rity. Hashing algorithms, digital certificates,
works, such as: and public key cryptography provide the
X Small screens critical security required for any real transac-
tions using WAP.
X Limited device memory
X WAP development is pretty simplistic.
X Less-powerful CPUs WML and WMLScript provide for almost
X Limited bandwidth availability everything that a mobile Internet applica-
X Unreliable connections tion would need. The learning curve for
WML or WMLScript isn’t very steep; most
X High latency
programmers can pick it up rather quickly.
However, there are changes on the horizon
for WAP in the form of WAP 2.0. In this arti- X WAP is widely accepted. Major players in
cle, I will give an overview of WAP and how it the wireless market (like Nokia, Motorola,
uses WML to display content. I will also and Ericsson) are all very active participants
explain how WAP 2.0 improves on 1.x’s fea- in the WAP process.
tures, but why you might need to continue X WAP is standard independent. So even a
using the 1.x standards for now. switch to a GPRS network wouldn’t really
make a difference when browsing. Only bet-
How WAP works ter data transfer speeds would contribute to
When accessing a Web site from a browser on a better browsing experience.
a desktop PC, the client requests data and the
server sends that data in the form of HTML WAP and WML
over an IP network. The Web browser trans- Wireless Markup Language (WML) is an inte-
lates the HTML data into viewable text and gral part of the WAP architecture (see Figure A).
graphics. WML is a markup language based on XML
On your mobile device, WAP replaces a that was developed and is maintained by the
Web browser with a WAP browser, which can WAP Forum (recently renamed the Open
also request data from a Web site. The major Mobile Alliance, or OMA).
difference between how you access the data via WML is actually well-formed XML that
a browser on your PC and a WAP 1.x browser adheres to predefined rules. It uses display
is that the WAP browser requires a WAP gate- tags to present content in a form suitable for
way. This gateway functions as an intermediary mobile devices. In an ideal situation, the Web
between the mobile and Internet networks. server dishes out WML content solely to be
When placed between a WAP browser and a displayed on WAP browsers. A number of
Communicating Communicating
over the wireless network over the Internet
WAP architecture
WAP gateways can also translate HTML to play the same document on different devices
WML. However, you shouldn’t rely on this fea- using distinct presentation capabilities. WAP
ture, because it won’t really provide a truly 2.0 also includes WML 1.x extensions to
accurate WAP display. ensure backward compatibility.
With WAP 2.0, the gateway is no longer that
WAP 2.0 brings new standards critical a component of the WAP architecture.
With version 2.0, WAP moved toward adopt- Also, content no longer needs to be binary
ing widely accepted Internet standards. The encoded; XHTML goes through in text for-
W3C-defined XHTML Basic standard has mat. However, because many people still rely
been adopted as the basis for WAP 2.0. on mobile devices that require the WAP 1.0
XHTML Basic is the mobile version of standard, and because the WAP/WSP stack is
XHTML 1.0, on which the WAP Forum being used for transport, you will still need to
based its XHTML Mobile Profile. support WAP 1.0 gateways.
WAP CSS is the mobile version of cascad- So even though WAP 2.0 offers a formida-
ing style sheets (CSS) that has only those fea- ble set of features, you should probably play it
tures of CSS that are relevant to the mobile safe in your current development and stick
environment. XHTML and CSS put more for- with the 1.x standards for the time being.
matting power in the developer’s command.
Using XHTML and CSS, you could even dis-
Wireless Fundamentals 11
Understanding wireless LAN protocols
and components
May 3, 2002
By Del Smith, CCNA, CCA, MCSE
I
f you listen closely, you can almost hear It’s important to remember that wireless local
the sound of wireless LAN radio frequen- area networks are just that—local. They are
cies zipping network traffic through the used within a single building or in a campus
air. Well, of course you can’t literally hear RF area building-to-building connection. WLANs
waves, but wireless LANs (WLANs) are cer- are most often used on mobile systems as an
tainly being planted in IT networks from east extension to a wired LAN, as illustrated in
to west. One of the most exciting technologies Figure A.
available today, wireless networks are being You need to be familiar with three types of
implemented by organizations of all sizes WLAN components:
and verticals to improve productivity and X Wireless network cards
decrease costs.
X Wireless access points
Understanding the different X Wireless bridges
flavors of 802.11 Wireless network cards come in a couple
To know where we are with WLAN solutions, of flavors, including a PCI card for worksta-
we need to take a quick look at how the tech- tions and PC cards for laptops and other
nology has evolved. By now, most of us have mobile devices. They can act in an ad hoc
heard of the 802.11 WLAN standards estab- mode, as in client-to-client, or in a pure
lished by the Institute of Electrical and Elec- client-to-access-point mode. In an ad hoc
tronic Engineering (IEEE). Before 802.11, all mode, the wireless network card is configured
radio-frequency wireless network communica- to talk with other wireless network access
tions was proprietary. 802.11 established the cards that are within its range. This function-
standards for WLANs that vendors and manu- ality will vary depending on the product and
facturers follow to ensure interoperability. the 802.11 specification being used. Client-to-
Entire books have been written in an attempt client (also known as peer-to-peer) WLANs
to clarify the various specifications and are useful for small roaming workgroups of
differences among the 802.11 protocol fami- desktops or laptops that do not require access
lies. Table A briefly outlines the differences to the LAN backbone. The plug-and-play
among the four. capabilities of most wireless network cards
Less confused? I didn’t think so. It takes a lot make this type of setup rather simple.
more reading and research to fully understand Most wireless network cards will connect to
not only the differences but also the pros and an access point. An access point is essentially a
cons of each standard. The main thing to know hub that gives wireless clients the ability to
is that the current de facto standard being attach to the wired LAN backbone. The use of
adopted by most vendors and organizations is more than one access point in a given area is
802.11b. The next few months will more than facilitated by the use of cell structures, which
likely reveal the slow adoption of 802.11g prod- are similar to what cell phone providers use to
ucts based on its higher transfer rate and com- maintain your coverage area.
patibility with existing 802.11b specifications. A site survey can determine where to place
access points within a building to create a map
WLAN components of the areas (cell structures) that will require
and topologies wireless LAN access. The data transfer rate for
Now, let’s take a look at the typical compo- each wireless client will be determined by its
nents that make up a basic WLAN solution. location within the cell structure. Locations
Figure A
Wireless
Laptop
Wireless Wireless
Laptop Laptop
Access Point
Hub
Switch
Server
Hub
Laptop Network
Workstation Workstation Printer
Wireless Fundamentals 13
Figure B
Wireless Bridge Wireless LAN to LAN
Building Configuration
UNIVERSITY
Wireless Bridge
Authentication based on MAC filters was 802.1x standard allows for the use of dynami-
found inappropriate because they, too, could cally generated WEP keys on a per-session,
be sniffed on the network, and the allowable per-user basis in place of a static WEP key
MACs could be spoofed. Newer 802.11 secu- placed in the access point. There are still weak-
rity uses 128-bit Wireless Encryption Privacy nesses with this technology, and it has yet to be
(WEP) for data encryption, along with shared ratified and implemented by many vendors. So,
key authentication. Unfortunately, researchers at this time, encryption (usually in the form of
have recently identified holes in WEP that let VPN), traffic filtering, and other basic security
attackers learn the keys used to encrypt restrictions on wireless network access in sen-
802.11b traffic. sitive areas are still the best options for ensur-
So how does an organization protect its ing a secure wireless network.
wireless LAN access? The IEEE has a new
security standard called 802.1x that may pro- Summary
vide the best solution. The 802.1x standard As changes are in the works to establish new
takes authentication away from access points 802.11 standards and improve security, wireless
and places it in an authentication server such LANs are moving into corporate America at
as RADIUS or Kerberos. It uses the current an increasing rate. Who knows? In a few short
Extensible Authentication Protocol (EAP) years, wireless networks may be as common-
commonly used in PPP to control access. The place as their wired counterparts.
N
ow that wireless networking has been access points in use today that it is not at all
around for several years and is start- uncommon to get interference from other
ing to mature, companies have a vari- access points in the area. 802.11B operates in
ety of wireless networking standards and the 2.4 GHz frequency range, which also
products to choose from. There are long- means that it is susceptible to interference
distance products used to send data between from microwave ovens and 2.4 GHz cordless
buildings miles away and then there are the phones.
shorter range products that typically provide
wireless networking services within an office 802.11G
building or a warehouse. Both of these areas 802.11G is an extension to 802.11B. Like
have a lot of different products and standards 802.11B, 802.11G operates in the 2.4 GHz
available, and there is no way that I could dis- frequency range. This means that 802.11G
cuss them all within one article. However, devices are susceptible to interference from
since Wi-Fi is the other access points,
dominant wireless microwave ovens,
networking technol- and cordless phones.
In addition to the blazing speed,
ogy at the moment, I So what are the
another good point of 802.11A is that advantages to using
want to discuss the
various Wi-Fi options it is much less prone to interference 802.11G? The pri-
available and how to from other devices because it operates mary advantage is
choose between them. speed. 802.11G has
in the 5.8 GHz frequency range. a maximum rated
802.11B speed of 54 Mbps.
802.11B is the Wi-Fi To achieve the
technology that has been around the longest. I higher speeds, however, you will have to
implemented an 802.11B network in my home make sacrifices.
in 1999. The standard is well supported and For starters, an 802.11G signal requires 30
stable. An 802.11B network theoretically sup- MHz of bandwidth. The entire 802.11G fre-
ports speeds of up to 11 Mbps. However, in quency range consists of only 90 MHz of total
the real world, I have never seen an 802.11B bandwidth. Thus, you will be able to colocate
network with a throughput above 5 Mbps. The only a maximum of three 802.11G access
advantages to using 802.11B are price and points within a given area.
compatibility. 802.11B hardware is widespread The other disadvantage to 802.11G is range.
and extremely inexpensive compared to An 802.11G signal has a shorter range than an
802.11G or 802.11A hardware. 802.11B signal. In a way, though, this is a
There are two distinct disadvantages to mixed blessing. Because of the short range,
using 802.11B: security and performance. you may be able to use more than three access
Security is an issue because 802.11B is so wide- points to service a building, so long as no
spread. There are numerous hacking tools more than three access points are within range
designed specifically for exploiting 802.11B of each other at any given time.
networks. An example of such a tool is Net- The other advantage to 802.11G, besides
Stumbler, which detects wireless networks and speed, is compatibility. 802.11G is completely
uses a GPS to plot the location of each backward compatible with 802.11B. Therefore,
detected access point onto a map. if you already have a big 802.11B network in
The biggest performance issue is radio place and want to upgrade to something with
interference. There are so many 802.11B better performance, 802.11G will allow for a
Wireless Fundamentals 15
smooth transition. You would begin the transi- mode, you are using more than one channel,
tion process by swapping out the access points. and colocation becomes more of an issue.
Remember, though, that an 802.11G access In addition to the blazing speed, another
point doesn’t have the range of an 802.11B good point of 802.11A is that it is much less
access point. Therefore, if your current access prone to interference from other devices
points are widely scattered or if you have wire- because it operates in the 5.8 GHz frequency
less clients far away from the existing access range. At the time that this article was written,
points, you will probably have to install more most cordless phones operate on a frequency
access points than are currently in use. Once of 2.4 GHz. Such phones often interfere with
the access points have been swapped out, you 802.11B and 802.11G networks. 802.11B and
can begin changing out wireless NICs. Existing 802.11G networks are also subject to interfer-
clients will continue to use 802.11B until they ence from microwave ovens. At this time, not
have been given an 802.11G NIC. The access many 5.8 GHz cordless phones are in use.
point supports both protocols. Therefore, because of this and the fact that
802.11A is a less popular choice than 802.11B
802.11A or 802.11G, these networks are less susceptible
802.11A is a completely different animal from to interference than networks operating at
802.11B and 802.11G. Like 802.11G, an 2.4 GHz.
802.11A network can deliver data at up to 54
Mbps. Additionally, multiple channels can be Making the decision
combined for even higher data rates. I con- There are a lot of factors to consider when
verted the wireless network in my home to choosing a Wi-Fi implementation. If you are
802.11A a little over a year ago. While the stan- building a new network, then I recommend
dard is designed for a data rate of 54 Mbps, I using 802.11A. I say this because most hackers
am using what the access point manufacturer focus on 802.11B and 802.11G networks.
calls turbo mode to achieve data rates of 72 There are few hacking tools available for
Mbps. If this were a true 72 Mbps, then it 802.11A networks because few people use
would mean that my wireless network would be 802.11A. 802.11A is also much less susceptible
almost as fast as my wired network, which runs to radio interference than 802.11B or 802.11G
at 100 Mbps. The sad truth is that 802.11A because it uses the 5.8 GHz frequency range.
runs more slowly than specified. While running However, if you have an existing wireless
in Turbo mode, I usually get an average network, you may be better off using 802.11G.
throughput of about 33 Mbps on my network. 802.11G will give you the speed of 802.11A,
Even so, that’s still much faster than 802.11B. with a much smoother transition from
All of this speed comes at a price. 802.11A 802.11B. Remember that 802.11G is compati-
lacks the range of 802.11B and 802.11G. The ble with 802.11B. 802.11A, on the other hand,
802.11A specification provides 12 nonoverlap- isn’t compatible with either 802.11G or
ping channels in the 5.8 GHz frequency range. 802.11B.
This means that you can colocate up to 12
access points. Of course, if you are using turbo
Wireless Fundamentals 17
Notes
Wireless Fundamentals 19
Notes
Configuration and
Troubleshooting
Add protocols, services, and network clients and bind them all to your NIC ................................35
Understanding wireless network settings................................................................................................40
Windows XP offers groundbreaking WLAN functionality ................................................................44
Configuring a wireless LAN connection in Windows XP ..................................................................46
Create local user accounts for Windows 2K/XP peer-to-peer networking......................................49
Install a wireless connection on your home network ..........................................................................53
Diagnosing wireless network performance problems ..........................................................................57
Fix hardware and configuration issues common to wireless LANs ..................................................61
Troubleshooting the wireless woes ..........................................................................................................64
Troubleshoot wireless networking antennas ..........................................................................................66
Bridge floors and buildings with
wireless access points
Aug 19, 2002
By Ron Nutter, MCSE, CNE, ASE
W
hen faced with the task of connect- current Wi-Fi standards: 802.11b, 802.11a, and
ing a remote office, the first options the newest, 802.11g. The popular 11-Mbps,
that often come to mind are a dedi- 802.11b standard that is typically used within a
cated circuit (such as T1, T3, or frame relay) or building can also be used to link signals outside
site-to-site VPN. If the remote office building a building, or building-to-building. In addition
is near the main office, then another option is to 802.11b, several companies also use propri-
to lay fiber. However, dedicated circuits are etary standards for wireless connections.
costly and slow, and fiber is even more expen- A typical “indoor” wireless network is made
sive, but yields faster connections. Site-to-site up of one or more access points that allow
VPNs can save you money by using less-costly wireless clients to connect or associate with
Internet links as the backbone for connection, them. The access point provides the link, or
but there can be QoS, security, and perform- bridge between the wired network and the
ance issues involved. wireless network. For this reason they are
Before you invest in any of these technolo- often referred to as a wireless bridge.
gies, you should consider another solution: A Thus, the term wireless bridge can be confus-
point-to-point wireless connection. Here is a ing. When used in the previous statement it
look at the various methods of point-to-point refers to a device that connects two networks,
wireless connectivity and how they can be a wired network and a wireless network. In the
implemented for WAN connections between context of this article, we are referring to the
buildings or across town. application of connecting or “bridging” two
wired networks via a wireless connection.
Understanding the technology Unlike an access point, a wireless bridge
When you think of wireless networking the does not connect or associate with wireless
first thing that probably comes to mind is the clients. It connects to another bridge device to
Figure A Figure B
A C
68-78 degrees
at 900 MHz
Directional Yagi
Figure E
Fresnel Zone
Typical distances can range from several
hundred feet to 30 to 40 miles, depending on
equipment selection and other factors. Cisco’s
calculation chart mentioned above warns that
distances beyond 25 miles can pose difficulties
in aligning the antennas.
Wireless bridges operate in the 900-MHz,
2.4-GHz, and 5-GHz frequency ranges. This is
referred to as the unlicensed Industrial Scien-
tific Medical (ISM) band.
Security concerns
LICENSING MAY BE REQUIRED A wireless bridge is based on the same wireless
In the United States, 802.11b and 802.11g technologies as indoor wireless signals, so it
shares the same security concerns. However,
operate at 2.4 GHz, 802.11a operates at 5
there are also additional factors involved that
GHz, and many cordless phones operate
make it more difficult for wireless hackers to
at 900 MHz. Countries outside the United
intercept the signal.
States may require licensing for using wire- Since the signal is directional, a hacker would
less equipment. have to have line of sight to the antenna path
to intercept the signal. If the antenna were
For U.S. businesses, no FCC license is located 100 feet in the air on a tower, the
required to install your link. This sounds like a hacker would have to climb the tower, climb
great thing, until you consider the fact that it atop a nearby building, or use some form of air
means anyone can set up a link without regard transportation in order to intercept the signal.
to what’s already installed nearby. This trans- Although these considerations make it diffi-
lates into a potential problem: interference. cult for a signal to be intercepted, this is no
An existing installation may interfere with excuse to leave the link unprotected. WEP is
your signal and/or vice versa. All you can do is the bare minimum security requirement and
be aware and realize you may have to relocate admins should also consider additional meth-
an antenna or change to a different channel or ods to secure the signal path.
frequency. If you hire a contractor, ask that a
site survey be completed prior to installation Installation
and prepare to resolve any interference issues Depending on the distance involved, you may
that may arise with neighboring businesses. consider consulting a company specializing in
W Site survey
hen one of our on-campus busi-
ness units had outgrown its build- The two buildings were located roughly a mile
ing, my boss came to the IT apart. Between the two locations lay farmland
department and said that the company had and woods. With woods come trees and trees
decided to lease another building down the can be a nightmare for wireless signals. To
road and move this business unit to the new make the link work, we would have to be
location. He asked IT to look at the options above the trees (since wireless bridging
for connecting the building to the corporate requires an unobstructed line-of-sight between
network and said that they would probably the two units). This would require a tower at
need a faster connection than they have now. both ends of the link.
The unit’s current building was located on Fortunately, we already had a 150-foot com-
campus and connected via a wireless Ethernet munications tower located near the main cam-
bridge. The link was installed four years ago pus building. After climbing our tower and
and ran at 2 Mbps. Our first thought was that a visually surveying the path, the vendor recom-
faster wireless link would work for the mended a 100-foot tower at the remote end of
upgrade, but we also knew that we would have the link.
to calculate and justify the cost. We contacted the management of the new
To give you a better understanding of a building, who said that a 100-foot tower was
wireless bridging deployment, I’ll explain the out of the question. They said we could mount
process we went through to estimate, pre- our equipment on the building’s roof as long
pare, and deploy this link. I’ll also compare as it wasn’t visible from the road. While doing
the cost savings of this solution versus a the site survey, we went with the wireless ven-
wired installation. dor up to the roof of the new building. We
Planning located a spot in the middle of the roof, but
the vendor suggested a spot near the edge that
We first contacted a local wireless vendor and
discussed various options. The vendor told us had some open area. There was just one prob-
about Proxim’s Tsunami wireless bridges prod- lem: From that spot, a single tree obstructed
uct line, which could carry data at speeds rang- part of the path to the campus tower.
ing from 10 Mbps to 1 Gbps. The product line Although a tree would normally be a problem,
also included a feature for adding a “wayside this tree appeared to be dead. The vendor
T1” for voice. explained that the tree leaves are usually the
Initially, the project was only for data, but
when we learned about the voice option, we Figure A
decided to extend the current voice system via
the wireless link as well. The next step would
be to perform a site survey to check for
obstructions and to get a rough idea what
heights would be involved.
For a cost comparison, we also contacted
the local telco provider and discussed various
options using multiple T1 lines or a partial D3
circuit. We decided initially to compare costs
on a 10-Mbps leased-line connection to a 10-
Mbps wireless bridging solution.
Figure B
The wizard asks you to choose a method for finding the correct driver. The Locate Driver Files screen appears next.
that the device is having a configuration Install Hardware Device Drivers screen,
problem. This designation is caused because shown in Figure D.
there are no drivers installed for the device. We’re going to use the default setting of
To begin installing the software for the net- searching for a suitable driver. After you click
work adapter, double-click the device. This will Next, the Locate Driver Files screen will
display the Ethernet Controller Properties appear, as shown in Figure E. You should select
window, shown in Figure C. the appropriate locations where the driver files
There are a couple of different ways to are stored and then click Next. For the pur-
install the new driver, but for this example we pose of this example, we’re going to search for
are going to use the Reinstall Driver button the driver files on the floppy disk drive only.
that you can see in Figure C. When you click The wizard will begin its search for the driver
this button, you’ll launch the Upgrade Device files, and once it finds them it will present you
Driver Wizard. You should click Next to with the Driver Files Search Results screen,
bypass the welcome screen and display the shown in Figure F. If the correct driver is
Figure F Figure G
Figure I Figure J
Figure M
Wrap up
As you have seen, installing your network
adapter and configuring your network connec-
tion is a fairly straightforward process in Win-
dows 2000 and Windows XP. The new XP
user interface requires you to reach the config-
uration screens a little bit differently, but the
process of configuring the devices is basically
This information may come in handy later. the same in both operating systems.
T Figure A
he real work of creating your SOHO
network begins after you’ve successfully
installed your network interface card
(NIC). To share files on a network and
interconnect your systems, you’ll need to make
sure your system is running these three
software components:
X a client
X a service
X a protocol
The process for adding these essential con-
figuration options varies, depending on the
version of Windows your system is running. In
this article, we’ll first run through the process Select the connection you want to configure and double-click it.
in Windows 2000, and then we’ll follow-up
with a section on the same process in Win- Figure B
dows XP. We’ll include lots of figures to make
sure you can follow along—don’t worry, it’s
easier than it sounds.
Setting up protocols,
services, and network clients
in Windows 2000
If Windows 2000 was installed on your system
with Typical Settings as the Networking Com-
ponents option (this is common with most
commercial pre-installs of the operating sys-
tem), the following items should have been
installed by default:
X Client—Client For Microsoft Networks
X Service—File And Print Sharing For
Microsoft Networks
The LAN Connection Properties dialog box provides
X Protocol—TCP/IP information about the installed components and NIC a
However, instead of the Typical Settings connection uses.
option, the manufacturer or someone else may
have specified customized settings, or some- 1. Click Start | Settings | Network And
one may have had reason to delete these set- Dial-up Connections.
tings using Control Panel. If so, you’ll have to
reload them.
2. Select the Local Area Connection corre-
sponding to the NIC for which you want
Adding the client to configure the network component set-
We’ll start by running through the steps to tings. For this example, we selected LAN
install the client: Connection, as shown in Figure A. Once
Figure C Figure D
In the Select Network Protocol dialog box, specify the protocol you
want to install.
Figure F Figure G
This dialog box displays properties for your connection. To specify an IP address, you’ll have to provide the
associated subnet mask, default gateway, and DNS
server addresses.
W
ireless networking is being imple- but in a location requiring maximum secu-
mented in many IT shops. Because rity, the keys should be changed regularly
wireless networking is very new, to prevent intruders from breaking the
however, few IT pros have had significant encryption.
exposure to the unique settings it requires. In X Mobile IP: Cellular wireless networks allow
this article, I’ll offer a few notes to help you set clients to roam from one wireless access
up clients and access points, discuss the set- point to another. In a large enough network,
tings unique to wireless devices, and detail this could cause a client to enter a different
some standard wired options that affect special subnet. Normally, this would cause an IP
features of wireless devices. conflict; however, the use of mobile IPs
Client setup notes creates a kind of forwarding address,
enabling access points to reroute data across
Wireless network interfaces are available in
PCI, USB, and PC Card formats. USB devices subnets. Mobile IP should not be used
should be connected directly to the computer other than in especially large continuous
or to a powered hub because most draw their wireless networks.
power from the USB cable. PCI and PC Card X Rate Control: Rate Control allows you to
devices should be installed in a slot that pro- specify the communication speed. Reducing
vides maximum exposure to the antenna. Take the maximum bandwidth increases the
care to reroute cables away from the antenna roaming range and reduces power con-
to minimize RF interference. Use shielded sumption but at the cost of peak perform-
cables and speakers wherever possible; electri- ance. The defaults are usually the best
cal interference will reduce your maximum general-purpose settings. This setting may
bandwidth. be configurable to allow different default
speeds in each location.
Client settings X WEP: The encryption scheme used by the
When you set up your wireless clients, you’ll
wireless standard (802.11b) is called Wired
want to carefully consider whether you should
Equivalent Protection (WEP) and is
keep default settings. While these settings will
intended to compensate for the lack of
get you up and running quickly, they also could
physical security. Not all wireless systems
compromise security. Some of these settings
provide encryption. The default for 802.11b
need to be configured on the access point as
is the internationally exportable 40-bit
well. Make sure they’re the same. Client set-
encryption, but some U.S. models also sup-
tings include the following:
port the much-preferred 128-bit encryption.
X Ad Hoc, or Peer-To-Peer, Networking: Sometimes, encryption is disabled by
Some wireless devices can be set to commu- default. This option should be enabled.
nicate with one another without using an
access point. This ability increases the flexi- X WLAN Service Area: This value is analo-
bility of the client systems, but it can com- gous to a network workgroup, except that
promise a centrally administered network clients in the same service area can commu-
security policy. nicate with one another. Configuring differ-
ent WLAN service areas allows multiple
X Encryption Keys: These keys are the val- wireless networks of the same type to over-
ues used to encrypt the data. They must lap in the same geographic area. Sometimes,
match on both the client and access point. a service area number—for example, 101—
The default keys are acceptable for allowing is enabled by default. You’ll want to change
clients to easily be added to your network, this setting—it is a security risk.
I
magine that you’re working on an impor- In this scenario, you roamed across four
tant new project. You took your laptop networks in five physical locations. If your lap-
home last night so that you could surf for top had been configured with Windows XP
some cool pictures to download and add to the and a wireless network card, you would have
PowerPoint presentation you created for had network connectivity at each stop and,
today’s meeting. This morning, you bring your better yet, you would not have had to do any
laptop into work, pop it into its docking sta- reconfiguration as you roamed to each place.
tion, and make a few last-minute additions and Of course, this assumes that each location had
corrections to the presentation. At 8:55, you connectivity to a wireless access point, but
pop your laptop out and head down to the with the rapidly declining prices of wireless
meeting, where you hook it to the projector, hardware and the adoption of WLANs in cor-
make your PowerPoint presentation, and then porations and public spots such as Starbucks,
surf through a few competitors’ Web sites to this is definitely a plausible scenario.
give your peers a better idea of what you’re
talking about. Wireless LANs in Windows XP
The kind of network roaming depicted in this
example would have been much more difficult
The best part of Windows XP’s enhanced (impossible in most cases) in Windows 2000
and other versions of Windows. That’s
WLAN support is that driver and WLAN because in Win2K, wireless networking config-
configuration are absorbed directly into uration is handled primarily by third-party utili-
XP’s NIC configuration ties that are installed along with WLAN
network card drivers that come from WLAN
vendors. The best part of Windows XP’s
After the meeting, you and your laptop take enhanced WLAN support is that driver and
the half-mile walk over to the building where WLAN configuration are absorbed directly
your CTO has her office. You meet with the into XP’s NIC configuration, and WLAN net-
CTO and give her the abridged version of the work roaming is handled with precision and
presentation, surfing a couple of competitors’ simplicity.
Web sites to give her some examples. Here are the three major improvements that
Finally, at the end of the day, you take two make WLANs work so well in Windows XP:
of your company’s developers out for a cup of X Zero configuration—The third-party driv-
coffee at Starbucks, where the three of you sit ers and WLAN configuration utilities used
down—with your laptops, of course—and dis- with previous versions of Windows can be
cuss some of the technical details of your pro- described as inelegant, at best. Windows XP
posal. Unfortunately, one of the developers makes the process much simpler by auto-
forgot to print out an important document matically recognizing almost all WLAN
that the three of you were going to discuss. No network cards (eliminating the need for
problem. You simply make a VPN connection third-party drivers). To configure the
to the office and grab the document off the WLAN, you simply go into the Properties
file server and then you e-mail it to the other for the network card, where you will auto-
two developers, who receive the file in less matically find an extra tab named Wireless
than a minute. Networks. There you can choose from
I
love it when things work like they’re sup- upgrading to XP, you need to watch out for a
posed to!” That has long been my gotcha: Before upgrading to XP, uninstall the
favorite little catch phrase when setting drivers and utilities that came with the WLAN
up and configuring new IT solutions. Sadly card. If you don’t, you could run into some
enough, that phrase has become even more errors and conflicts with your WLAN configu-
special to me because it’s so rarely that I actu- ration when you upgrade to XP.
ally get to say it when working with today’s
technologies. Verify that XP recognizes
However, I was able to enthusiastically the WLAN card
utter this phrase when configuring a wireless Once you power on your system, Windows XP
LAN connection using Windows XP. As I should automatically recognize your WLAN
wrote in “Windows XP offers groundbreak- card. (It has a vast database of WLAN adapter
ing WLAN functionality” (page 44), the most drivers built in.) After the card is recognized,
valuable new feature of Windows XP is the Windows will automatically add it to the list of
way that it seamlessly handles WLAN config- available interfaces in Network Connections.
uration and roaming. Now it’s time to walk To verify this:
you through the process of setting up a 1. Click Start | Control Panel.
WLAN network card in XP to prove just 2. Click Network And Internet Connections.
how intuitive it is.
3. Click Network Connections.
Install the WLAN network card You should then see an icon that says Wire-
Of course, the first thing to do is pop a less Network Connection. Double-click that
WLAN network adapter into your system— icon to bring up the Wireless Network Con-
and it’s still best to do this while the system is nection Status dialog box (Figure A). This
shut down. In most cases, you’ll probably be should look familiar. It’s basically the same as
putting a PC Card adapter into a laptop sys- the Local Area Connection Status dialog box
tem. However, there are also PCI and USB you see when you double-click on a standard
adapters for desktop systems. Ethernet NIC, but there’s one distinction. The
For this example, I am installing an wireless version has a nice little graphic with
ORiNOCO Gold PC Card into a Dell laptop. green bars to show the signal strength of your
I chose the ORiNOCO card because it had radio wave connection.
good reviews from industry experts and buy-
ers, and I was happy with the choice; the card Configuring wireless networks
proved to have excellent range while holding a When you’re ready to configure your WLAN
strong signal. I highly recommend the card for settings, click the Properties button. This will
corporate installs. bring up the network settings properties
In my case, Windows XP was already (Figure B) that you’re probably familiar with.
installed on the system before I added the They’re the same as the network properties for
WLAN network adapter, but for the purposes a standard Ethernet NIC, but with one impor-
of this tutorial, you will achieve the same effect tant addition: When you are configuring a
by installing the WLAN card before loading WLAN network card, you will see a tab called
Windows XP. If you had already installed a Wireless Networks.
WLAN card (and its drivers and utilities) in a Click on this tab, as we’ve done in Figure C.
previous version of Windows, and you are now Now you can configure your WLAN adapter
built-in support for IEEE 802.1x security. cation tab (Figure E) of the network adapter’s
This makes it easy to require identity verifica- properties page.
tion for WLAN adapters via a variety of It’s important to note that 802.1x security is
standard authentication mechanisms, not limited to WLANs. It can be used for stan-
including RADIUS, smart cards, and certifi- dard 10/100 Ethernet connections as well.
cates. This can be configured on the Authenti-
Basic monitoring and
Figure E troubleshooting
Once you make your WLAN connection, you
can easily monitor the reception and band-
width of your connection. First, go into the
properties of your WLAN network adapter
(which appears in Figure B). Then, select the
Show Icon In Notification Area When Con-
nected check box. This will put a small icon
with two computers in the system tray (in the
lower-right corner of your screen). The icon
will change colors when data is being sent over
this network interface. (The little computer
screens change from navy blue to sky blue
when data is moving.) When you hover your
mouse over this icon, you’ll see a screen tip
displaying connection information. This
includes the name of the wireless network that
you are connected to (usually the WAP), the
connection speed (in Mbps), and the signal
The Authentication tab makes it easy to configure 802.1x
strength of your radio wave connection (from
security. Very Low to Excellent).
S
haring resources on Windows 9x/Me systems. W2K Professional was designed to
systems is as easy as opening Network work in a domain-model network where all
Neighborhood and double-clicking the users are verified by a domain controller.
share name, and maybe typing a password if When you set up W2K Professional systems
the resource is password protected. However, on a peer-to-peer network, there’s no domain
the process is a bit more complicated when controller, of course, but users still must be
setting up a peer-to-peer network that includes verified before they can access shared
Windows 2000 or Windows XP systems resources. So, you need to create local user
because of the newer operating systems’ accounts on your W2K Professional system
increased focus on security. for every computer that will need to access
To enable W2K Professional peer-to-peer shared resources on that system.
networking, you’ll need to manually add addi- Before you get started, you’ll need to create
tional user accounts. Fortunately, the proce- a list of the user account names and passwords
dure is a little easier in Windows XP because on all systems on the peer-to-peer network.
of its Network Setup Wizard. Let’s take a Once you have the list, you’re ready to set up
closer look at these two approaches. your accounts.
To begin, open Control Panel and double-
Working with Windows 2000 click the Users And Passwords icon. When you
If you’re creating a peer-to-peer network com- see the Users And Passwords dialog box,
posed of only Windows 2000 systems or a shown in Figure A, click the Add button.
mixture of Windows 2000 and Windows From this point, simply follow the direc-
9x/Me machines, you’ll need to manually add tions in the Add New User Wizard to create an
additional user accounts to the Windows 2000
Figure B Figure C
When you get to Add New User Wizard’s last page, specify the access
level for the user account.
As the last step of the process, you should create a Network Setup Disk.
I
nstalling a wireless connection on your To get the best possible coverage inside and
home network is a lot easier than you outside your home, keep in mind that radio
might think. Of course, the amount of waves emanating from a WAP travel outward
work involved depends on whether you’re in a circular pattern. So, your reception will be
adding the wireless connection to an existing better below the WAP’s physical location than
network or building a home network from above it. This means that if you have a multi-
scratch that will include a wireless connection. story house, you’ll get better reception if the
However, once you get down to the basics WAP is on the same floor or upstairs from you
of your wireless connection, the settings are than if it is downstairs from you.
very similar, if not identical. You may need to In addition to height, you’ll want to choose
change only a few configuration settings to get a centrally located room in your house as your
the wireless portion of the connection to WAP’s location. As we mentioned, the higher
work. In most cases, your wireless device’s the WAP the better. Placing the access port on
default settings will work fine right out of the top of a bookcase or other high shelf will pro-
box, and you’ll be up and running in no time. vide the best coverage possible.
In this chapter, we’ll take a look at the steps Also keep in mind that you should avoid
involved in setting up a wireless connection on placing the WAP near any large metal objects
your home network. We’ll focus on some of or appliances, such as refrigerators. Brick walls
the main wireless configuration settings you or walls containing a lot of wiring can also
may need to adjust. (Keep in mind that this cause interference problems.
article will provide you only with general infor- You may not always be able to immediately
mation. You should always refer to the product identify the best possible location in your
documentation for specific details on configur- home in which to place the WAP. In that case,
ing your device.) you may have to do some experimentation. Set
up the WAP in what you consider to be the
Location, location, location best location and use the wireless network for
Once you’ve decided to go wireless, you need a while. If you don’t get as reliable a connec-
to spend some time considering where in your tion as you would like, try moving the WAP to
home you’ll actually put the Wireless Access another location.
Point (WAP). A key element in getting your
wireless connection to work effectively is to
choose an optimal physical location for your IF YOU CAN’T STAND THE HEAT…
WAP. Of course, the best possible connection While not a widely known fact, we’ve discovered that running
between a WAP and a wireless-enabled com-
an average microwave oven while you’re using a wireless
puter will be within a line of site. However in a
connection can cause tremendous interference and even
typical home, that’s not always possible. Don’t
completely block a wireless connection. Of course, this prob-
worry—a wireless connection can function
through walls and floors, allowing you to main- lem depends on the location of the microwave oven in relation
tain network access in just about every room in to the WAP and the wireless-enabled computer. If the
your home. You should even be able to get a microwave oven is between the two devices, you can expect
wireless connection outside your home within temporary interference while the oven is on. To be on the safe
a reasonable distance, allowing you to check side, make sure that you’re not downloading an important file
e-mail out on the deck or even in that backyard at the same time you decide to make popcorn.
hammock.
L
ow-budget Wi-Fi networks are lot of networking people think that if they can
extremely popular today, but they are install a Wi-Fi network, then the rules are the
not the only types of wireless networks same for other wireless networks; so, they try
in existence. There are actually dozens of types to install the devices themselves.
of wireless networks ranging in price from The problem is that certain types of wire-
under a hundred dollars to millions of dollars. less devices are very particular about how
While Wi-Fi problems might not be a big deal many devices can be located within an area. A
to correct, it is a huge problem if you have just DS-11, Direct Spread Spectrum network is a
spent half a million dollars on a wireless net- good example of this. DS-11 networks have a
work and the network doesn’t perform as total of 11 available channels. Because of this,
expected. In order to get peak performance it might stand to reason that you could use 11
out of your wireless network, you need to different networks within an area without
know some common causes of poor perform- interfering, as long as the networks were on
ance on both Wi-Fi and non-Wi-Fi wireless different channels. This isn’t the case, though.
networks. The entire concept behind a spread spec-
trum network is that multiple channels are
Too many devices used in an effort to boost available bandwidth
One of the most common problems with and to increase security. In a DS-11 network, it
wireless networks is having too many wireless is only possible to colocate up to three wireless
devices within close proximity. This problem networks before the frequencies start interfer-
can be easily avoided by obtaining a profes- ing with each other, because each DS-11
sional site survey prior to installing any wire- device is using multiple channels.
less equipment. Unfortunately, it seems that a
W
ith decreasing prices of wireless wireless access point, one possibility is that the
hardware, wireless networks are fast access point is malfunctioning or contains a
becoming more popular in small configuration error. The problem could also
office networks. Both the cost savings and the be related to radio interference or to a break in
ease of using wireless LANs are beneficial to the physical link between the wireless access
the small office—until something goes wrong. point and the wired network.
Then it becomes all too apparent that, while
wireless networks are growing, trouble-
Check connectivity to the access point
First, you should perform a communications test
shooting resources for wireless LANs are not.
to see if the access point is responding. To do so,
When a wireless network fails, there are
open a Command Prompt window on a PC on
a few key areas to look to first. In this article,
your wired network and ping your wireless access
I’ll discuss some of the more common hard-
point’s IP address. The wireless access point
ware problems that can cause a wireless
should respond to the ping. If it doesn’t, there’s
network to fail. As well, I’ll cover the config-
either a break in the communications link or
uration issues that can also plague a wireless
the access point is completely malfunctioning.
LAN. With this information, you can trou-
To figure out which is the case, try pinging
bleshoot your wireless network with confi-
the access point’s IP address from a wireless
dence. (This article assumes that you’re
client. If the wireless client is able to ping the
troubleshooting an infrastructure network
access point successfully, then the problem is
and not an ad hoc network.)
almost certainly a broken communications
Hardware troubleshooting link, such as a damaged cable.
When you have only one access point and only If the wireless client is unable to ping the
one wireless client with connection issues, then access point, then the access point could be
you’ve already determined the scope of the malfunctioning. Try unplugging the access
problem. It’s your one client that is having point to reset it and then plug it in again. Wait
trouble attaching to the network. However, if for about five minutes and then try pinging the
you’ve got a larger network, then the process access point from both the wireless and the
of determining the scope of the problem wired clients again.
becomes a little more involved. If both pings still fail, then it is likely that
If lots of users are having trouble connect- the access point is damaged or has an invalid
ing, but there are still some users who are able configuration. At this point, I recommend
to work, the problem is most likely that your focusing your initial efforts on getting the
network has multiple access points and that access point to communicate with the wired
one of the access points is malfunctioning. network. Plug the access point into a known-
Often, you can take an educated guess as to good network jack using a known-working
which access point is malfunctioning by look- patch cable. You should also verify the access
ing at the physical locations of the users who point’s TCP/IP configuration. After doing so,
are having the problem and then figuring out try pinging the device from a wired client again.
which access point serves that portion of the If the ping still fails, then the unit has probably
building. been damaged and should be replaced.
If no one can connect to the wireless net-
work, then there are several things that could
Configuration issues
I’ve found that wireless networking equip-
be going on. If your network uses a single
ment is fairly reliable, and the vast majority of
A
s if the usual things that can and do go Mark is one of those users who are a blessing
wrong in IT aren’t enough to drive us to the lazy among us and a nightmare to the
crazy, we IT managers have to deal diligent. He will ignore any error message that
with the occasional anomalies, those annoying comes his way, no matter how serious he
little problems that at first appear to have no thinks it sounds. He realized that restarting his
cause and, therefore, no solution. These are PC was a good way of sorting out some errors.
the times when you have to step up and When NT presents him with a dialog stating
become IT’s version of Sherlock Holmes. that “a domain controller for this domain
I recently encountered an interesting prob- could not be contacted,” he clicks OK and
lem on the job. When Mark, an employee, tries to continue. When Outlook starts whin-
phoned me and said, “Can you come and have ing about address books, he again homes in on
a look at my computer? It’s gone all funny,” I the OK button and starts to worry only when
was pretty certain that I was going to have to he meets some nonsense about POP3 servers,
free up at least half an hour of my afternoon. “whatever they are.”
Dipole
A dipole is a bidirectional antenna, and its radi- Figure C
ation pattern extends in two directions out-
Radiation Pattern
ward, as shown in Figure C. It generally consists
of a base with two antenna spokes going in
opposite directions. You’d generally use a
dipole antenna to support client connections
rather than site-to-site applications.
Vertical
A vertical antenna is exactly what it sounds
like: an antenna that sticks in the air. A vertical
antenna’s radiation pattern extends in all direc-
tions from the unit, losing power as the dis-
tance increases, as shown in Figure D. Like the
dipole, you’d primarily use a vertical antenna
for client support. Most wireless base stations
come with a small vertical antenna. A vertical
A dipole antenna and its radiation pattern
antenna is omnidirectional, meaning that the
signal radiates in all directions.
Troubleshooting some
common problems
A good understanding of wireless networking
antennas makes troubleshooting much easier.
Exactly how you solve the problem depends on
the type of connection you’re trying to make—
site-to-site or local wireless connections.
Troubleshooting site-to-site
connections
It’s late October in your beautiful upstate New
York town, and you’ve just finished putting up
A vertical antenna and its radiation pattern your last wireless antenna. Now you’re going
O
ne of the reasons people have pre- For drives formatted with NTFS, you can
ferred Windows NT—and now Win- set NTFS permissions. These can affect drives
dows 2000—to the Windows 9x and folders and individual files, too. NTFS per-
platform has been the ability to set and man- missions affect local users as well as network
age file permissions more precisely and more users and are based on the permission granted
conveniently. If you use the NT file system to individual user logons, regardless of from
(NTFS), you can set file permissions at the where they are connecting. You also have a
local PC level in addition to the file-sharing much wider variety of permissions to choose
permissions of the network environment. from with NTFS permissions, so you can more
But along with all this additional functional- precisely control the rights being granted.
ity comes complexity and the potential for all When sharing permissions and NTFS per-
kinds of headaches for the network adminis- missions conflict, the most restrictive of the
trator. One harried manager wants to know two wins. For example, if someone has full
why he can’t access the data on a colleague’s access to a certain file from NTFS permis-
PC that he needs to assemble an important sions but has no sharing permissions to the
presentation; another can’t figure out why the folder in which it resides, he or she cannot
intern from the mailroom was able to browse access the file from the network. The user
the files he thought he had secured. More can, however, physically sit down at the local
options mean more chances for confusion and PC containing the file, log in, and access it,
user error, and if you don’t have a thorough because sharing permissions do not affect
understanding of the various permissions and local access.
their relationships, it can be nearly impossible
to sort out a permission problem and find a Working with shared folders
solution. Shared folders provide remote access to the
In this article, I’ll review the file and folder files on a PC. Folder sharing is available on
permissions in Windows 2000. My next arti- drives using all types of partitions: FAT,
cle will cover NTFS permissions in Windows FAT32, or NTFS. It is also available not only
2000. Once you understand Windows 2000 in Windows 2000 but also in Windows NT and
permissions and how they interact, you Windows 95/98/Me and even the old Win-
should be able to troubleshoot permission dows 3.11 for Workgroups (although in a more
issues more quickly as they occur on your rudimentary way in that OS).
network. To share any folders (or any printers, for
that matter) on a Windows 2000 PC, File And
Overview Printer Sharing For Microsoft Networks must
In any Windows network environment (peer- be installed as a networking component. To
to-peer or server-based), you can set sharing check for it, right-click My Network Places and
permissions for drives and folders. By choose Properties. Then right-click Local Area
default, when you set up a PC on a network, Connection and choose Properties. If File
no drives or folders on that PC are shared. And Printer Sharing For Microsoft Networks
The local user of that PC can choose to does not appear on the list shown in Figure A,
share entire drives or individual folders on a add it by clicking Install and choosing it from
drive. This type of security is not really that the Services category.
secure, however, because it affects only net- After File And Printer Sharing For Micro-
work access. Local access (that is, someone soft Networks is in place, you can share
sitting down at the PC and logging on) is individual drives and folders. Do so by right-
wide open. clicking a drive or folder and choosing Sharing.
Figure A Figure B
Figure D Figure E
S
etting folder and file permissions gives X Full Control: Same as Modify, plus the
you some network security, but it doesn’t ability to change permissions, take owner-
secure your PC desktop. When you use ship, and delete subfolders and files.
the NT file system (NTFS) in Windows 2000,
however, you can set file permissions at the File level permissions
local PC level in addition to the file-sharing The permissions for individual files are the
permissions of the network environment. In same types, except there is no List Folder Con-
this article, I will cover NTFS permissions in tents permission. For files, you can assign
Windows 2000. these permissions:
X Read: Open the file and view its attributes,
NTFS permissions overview ownership, and permissions.
NTFS permissions can be set only on drives
partitioned with NTFS. NTFS permissions, X Read & Execute: Same as Read, plus the
like sharing permissions, specify who can ability to run applications.
access a particular resource, but they work at X Write: Same as Read, plus the ability to
the local level. That means a user sitting down change file content and attributes.
at a PC is bound by NTFS permissions too, X Modify: Same as Write and Read & Execute
not just a user accessing the resource across a combined, plus the ability to delete the file.
network.
NTFS permissions can be assigned to drives X Full Control: Same as Modify, plus the
and folders, just like sharing permissions, but ability to change permissions and take
they also can be assigned to individual files. ownership.
Unlike sharing permissions, in which the default Just like sharing permissions, NTFS permis-
setting for a resource is Not Shared, NTFS per- sions can be set to allow or not, depending on
missions are set to allow access by default. whether the Allow check box is marked. Per-
missions are cumulative and can be inherited
Folder and drive permissions from parent folders or drives. NTFS permis-
NTFS offers many more types of permission sions can also be set to Deny, but use Deny
than the simple Read, Change, and Full Con- very sparingly.
trol of sharing permissions. For folders and To set NTFS permissions, you use the Secu-
drives, you can assign these permissions: rity tab on the Data Properties page for a
X List Folder Contents: View folder drive, folder, or file. The controls will seem
contents. familiar, as they’re almost the same as the ones
X Read: View folder contents, open files, and for setting sharing permissions (Figure A).
view file and folder attributes. Inheriting permissions
X Read & Execute: Same as Read, plus the Notice the check box at the bottom of Figure
ability to move through folders to reach A. When it is turned on, the folder or file will
other files and folders, even if no permis- inherit the permissions of the parent object
sion is granted for those folders. (that is, the drive or folder in which it resides).
X Write: Same as Read, plus the ability to cre- The gray check boxes in Figure A indicate that
ate and edit files and subfolders and change those permissions are inherited rather than
attributes. specific to this folder.
If you deselect the Allow Inheritable Permis-
X Modify: Combination of Read & Execute sions From Parent To Propagate To This Object
and Write, plus the ability to delete the check box, a dialog box appears asking what you
folder. want to do about those inherited settings. (You
Figure A Figure B
Control access for a resource more precisely from the Access Control
Settings For Data dialog box.
Set NTFS permissions on the Security tab on the Data
Properties sheet.
What happens to permissions HERE ARE SOME MORE TIPS FOR USING
when you move or copy? NTFS PERMISSIONS
When you copy a folder that has specifically XTry to assign NTFS permissions to folders rather than individual
been shared (rather than just inheriting sharing files, and make sure that the files are set to inherit their permis-
from its parent), the original remains shared, sion from the folder. (That’s the default setting, so you don’t have
but the copy is reset to Not Shared. However, to check every single file.)
if you copy the folder to a drive or folder that
XCreate folders according to access requirements—for example,
is shared, it will inherit the sharing setting of
its new parent location. The same goes for a folder for files that Marketing needs, another for files that Engi-
moving a folder. Any specific sharing permis- neering needs, and so on—and assign NTFS permissions to
sions it has are removed, but it is free to inherit those folders for the people who need them.
sharing from the new location. XTo prevent users from accidentally deleting important applica-
When you copy or move a file or folder tions or data, remove the Everyone permission and assign the
from an NTFS drive to a FAT or FAT32 drive, Read & Execute permission to the Users group and the Adminis-
all NTFS permission settings are removed, trators group for the folder.
leaving it wide-open for anyone to access.
XAs with sharing permissions, give users only the access level
When you copy to another NTFS drive or
that they require. In most cases, Full Control should reside only
within the same drive, any old NTFS permis-
sions assigned specifically to the original are with the CREATOR OWNER group.
stripped away, and it inherits NTFS permis- XDon’t use Deny except when it is necessary, because it can cre-
sions from the new location. In order to copy, ate administrative headaches later.
you must have Write permission for the desti-
nation. The user doing the copying becomes copying. Any old permissions are removed,
the CREATOR OWNER of the copy. and the file or folder inherits permissions
When you move a file or folder to another from the new location. You must have Modify
NTFS drive, the permissions work just like
Table B
Sharing permission NTFS permission Net permission
Marketing group Change Read Read
Managers group None Modify None
Everyone group Read None None
Cumulative permission Read
Table C
Sharing permission NTFS permission Net permission
Marketing group Change Modify Change/Modify
Managers group None Modify None
Everyone group Read None None
Cumulative permission Change/Modify
Sharing and NTFS permissions use two dif- X Tim turns off Deny Write for Managers
ferent terms, Change and Modify, but both and simply deselects the Allow check box
allow Sarah to make edits to the file. for the Managers group? Can Sarah then
Now, suppose Tim uses the NTFS special edit the file?
permissions to deny the Managers group the X Sarah then tries to delete the file PRI-
Write permission. Will Sarah be able to edit the VATE.DOC? Can she do it with her current
file? No, because the Deny option settings permissions?
override any Allow settings. Even though the
Marketing group still has the rights to edit the X Tim removes all permissions from the
file, Sarah is also a member of the Managers folder? Can he still read and modify the file
group which is specifically denied access (see himself ?
Table D). X Sarah creates a subfolder within FOLDER-
If Tim wanted Sarah but nobody else from A on Tim’s PC? Can Tim delete it?
the Managers group to be able to change the
file, he could either remove Sarah from that Conclusion
group or create a separate group containing In this article, you learned what the rules are
everyone from Managers except Sarah and when different sets of permissions interact.
deny that group the Write access instead of You also gained some practice in determining
denying the Managers group. net permissions when NTFS and sharing per-
missions conflict for a user in multiple
Practice groups. You now have my permission to set
The best way to get more confident in your up your network and client machines for the
understanding of permissions is to play most robust security obtainable in a Windows
around with them. Try re-creating the preced- environment.
ing scenario on two client PCs on your net-
work and then experimenting with more
“what if ” scenarios. For example, what if:
W
ith the NT file system (NTFS) in much wider variety of permissions to choose
Windows XP, you can set file per- from with NTFS permissions, so you can more
missions at the local PC level in precisely control the rights being granted.
addition to the file-sharing permissions of the When file sharing permissions and NTFS
network environment. Along with this addi- permissions conflict, the most restrictive of
tional functionality comes complexity and the the two wins. For example, if someone has
potential for all kinds of admin headaches. full access to a certain file from NTFS permis-
One harried manager wants to know why he sions but has no sharing permissions to the
can’t access data on a colleague’s PC that he folder in which it resides, he or she cannot
needs to assemble a presentation; another can’t access the file from the network. He or she
figure out why the mailroom intern was able to can, however, physically sit down at the local
browse the files he thought he had secured. PC containing the file, log in, and access it,
More options mean more chances for confu- because sharing permissions do not affect
sion and user error, and if you don’t have a local access.
thorough understanding of the various per-
missions and their relationships, it can be Working with shared folders
nearly impossible to sort out a permission Shared folders provide remote access to the
problem and find a solution. files on a PC. Folder sharing is available on
We’ll review the file and folder permissions drives using all types of partitions: FAT,
in Windows XP. Once you understand Win- FAT32, or NTFS. To share any folders (or any
dows XP permissions and how they interact, printers, for that matter) on a Windows XP
you’ll be able to troubleshoot permission issues PC, File And Printer Sharing For Microsoft
that occur on your network more quickly. Networks must be installed as a networking
component. To check for it, right-click the
Watch file-sharing and NTFS Local Area Connection icon in the Windows
permission interactions XP taskbar and choose Status. From the Local
In any Windows network environment (peer- Area Connection Status dialog box, select the
to-peer or server-based), you can set sharing Properties button to see the listing shown in
permissions for drives and folders. By default, Figure A. If File And Printer Sharing For
when you set up a PC on a network, no drives Microsoft Networks doesn’t appear on the list,
or folders on that PC are shared. The local add it by clicking the Install button and choos-
user of that PC can then choose to share ing it from the Services category.
entire drives or individual folders on a drive. After File And Printer Sharing For
This type of security is not really that secure, Microsoft Networks is in place, you can share
however, because it affects only network individual drives and folders by right-clicking a
access. Local access (that is, someone sitting drive or folder and choosing Sharing And
down at the PC and logging on) is wide open. Security. When you do, the Sharing tab of the
For drives formatted with NTFS, you can Properties dialog box will open.
also set NTFS permissions. These can affect Sharing is slightly different for drives than
drives and folders as well as individual files. for files. With a drive, you might see a default
NTFS permissions affect local users as well as share already set up. These have a dollar sign
network users and are based on the permission ($) following the share name, as shown in
granted to individual user logons, regardless of Figure B. Such shares are for administrative use
where they’re connecting. You also have a only; ordinary users won’t be able to see or
File And Printer Sharing For Microsoft Networks must C$ is the default administrative share for this drive; it
be installed to share folders over a network. doesn’t count as a user-to-user share.
set at the default “free-for-all” settings and rely a shared drive has 10 folders, all of those fold-
on the NTFS permissions to lock down certain ers have the same sharing permissions as the
sensitive items. However, if you aren’t going to drive, unless they are set otherwise. Permis-
use NTFS permissions or if you can’t because sions are cumulative, which means that, in the
the drive is FAT or FAT32, you can restrict event of a conflict between a specific folder’s
access at the sharing level. permissions and those it has inherited from
Note in Figure D the three types of sharing the drive (or parent folder), the most lenient
permissions: wins. For example, if you allow Read access on
X Read: Users can display the contents of the a folder and don’t allow Change or Full Con-
folder, open files, display attributes, and run trol on that folder, but the drive itself allows
programs. Full Control, that folder will also have Full
Control access permitted.
X Change: Users have all the rights of Read,
For each setting (Read, Change, and Full
plus the ability to create new folders and
Control), you can choose the option to Allow
files within the shared folder or drive, open
or Deny. The default is set to Allow. If you
and change files, change file attributes, and
don’t want to allow a particular permission,
delete folders and files.
you simply deselect the Allow check box. “Dis-
X Full Control: Users have all of the rights of allowing” something (that is, turning off Allow
Change, plus the ability to take ownership permissions for it) takes away that right but
of files and change file permissions. enables the folder to inherit permissions from
Everything within a shared drive or folder the parent folder or drive.
inherits its sharing permissions. For example, if
S
etting folder and file permissions gives In this article, we’ll cover the details of
you some network security, but it doesn’t NTFS permissions in Windows XP. With an
secure your PC desktop. When you use understanding of how NTFS permissions
the NT file system (NTFS) in Windows XP, work, you’ll be able to troubleshoot permis-
however, you can set file permissions at the sion issues more quickly as they occur on your
local PC level. That means that a user sitting network and clients.
down at a PC—not just a user accessing the
resource across a network—is bound by NTFS Folder and drive permissions
permissions. NTFS offers many more types of permission
NTFS permissions, which can be set only than the simple Read, Change, and Full Con-
on drives partitioned with NTFS, can be trol of sharing permissions. For folders and
assigned to drives and folders, just like sharing drives, you can assign these permissions:
permissions, but they also can be assigned to X List Folder Contents: View a folder’s
individual files. Unlike sharing permissions, in contents
which the default setting for a resource is Not X Read: View a folder’s contents, open files,
Shared, NTFS permissions are set to allow and view file and folder attributes
access by default.
usurp the title of Owner from another for When you copy to another NTFS drive, or
that resource. within the same drive, any old NTFS permis-
Note that having permission to take owner- sions assigned specifically to the original are
ship of a resource does not automatically stripped away, and it inherits NTFS permis-
take the ownership. If a user has the permis- sions from the new location. To copy, you
sion to take ownership, click the Owner tab must have Write permission for the destina-
and then choose yourself on the list of users. tion. The user doing the copying becomes the
(You cannot choose anyone else; you must CREATOR OWNER of the copy.
choose the user name with which you are When you move a file or folder to another
logged on.) If you also want to take owner- NTFS drive, the permissions work just as they
ship of all subordinate folders and files, do when you copy them: Any old permissions
select the Replace Owner On Subcontainers are removed, and the file or folder inherits per-
And Objects check box. missions from the new location. You must
have Modify permission for the file or folder
What happens to permissions being moved and Write permission for the
when you move or copy? destination drive or folder. The user doing the
When you copy a folder that has specifically moving becomes the CREATOR OWNER of
been shared (rather than just inheriting sharing the file.
from its parent), the original remains shared, When you move a file or folder to a differ-
but the copy is reset to Not Shared. However, ent location on the same NTFS drive, how-
if you copy the folder to a drive or folder that ever, permissions work a little differently.
is shared, it will inherit the sharing setting of The moved file or folder does inherit permis-
its new parent location. The same goes for sions from the new location, but if any per-
moving a folder. Any specific sharing permis- missions were set specifically for that object,
sions it has are removed, but it’s free to inherit they’re retained and they override the new
sharing from the new location. inheritances. You must have Modify permis-
When you copy or move a file or folder sion for the file or folder being moved and
from an NTFS drive to a FAT or FAT32 Write permission for the destination drive or
drive, all NTFS permission settings are folder. The CREATOR OWNER doesn’t
removed, leaving it wide-open for anyone change.
to access.
I
n this article, we cover the tricky subject of member of Group A, which has Full Con-
what happens when you combine NTFS trol sharing permission but no NTFS per-
and file-sharing permissions in Windows mission for an object, and also of Group B,
XP. After reading this article, you’ll be able to which has Full Control NTFS permission
set up and troubleshoot permissions on your but no sharing permission for the object,
network and client more quickly. that user has no permission for the object.
Table A
Sharing permission NTFS permission Net permission
Marketing group Change Read Read
Everyone group Read None None
Cumulative permission Read
Table C
Sharing permission NTFS permission Net permission
Marketing group Change Modify Change/Modify
Managers group None Modify None
Everyone group Read None None
Cumulative permission Change/Modify
Table D
Sharing permission NTFS permission Net permission
Marketing group Change Modify Change/Modify
Managers group None Deny Write Deny Write
Everyone group Read None None
Cumulative permission Deny Write
Wireless Security
Keep up with public wireless dangers
and Wi-Fi security standards
Aug 11, 2003
By John McCormick
A
lthough wireless networking holds great regardless of whether the person carrying it
promise for extending and mobilizing has any confidential information—because, at
the 24/7 connected world we’ve all a minimum, they may pick up a Trojan, a virus,
become accustomed to, it obviously comes with or other malicious software and later transfer it
a wide variety of manageability and security to the company network.
headaches for IT departments. Two of the
biggest problems IT administrators currently Keep up with WLAN security
face are protecting mobile users who are now Securing your own wireless network can be a
connecting to public wireless hotspots and keep- much bigger challenge than guarding your
ing well informed about the latest standards and mobile users, and this is due both to weak
techniques for securing wireless LANs. security offerings and a confusion of standards
in the wireless field. In fact, most wireless ven-
The public wireless problem dors ship their offerings with encryption
More and more wireless networks now beckon turned off and/or with very weak security set-
the unwary road warrior. So it’s become vital tings as part of the default configuration.
for administrators to take responsibility for the Even with encryption turned on, a Wi-Fi
mobile workers carrying company data out network is inherently insecure because the
into the connected world of airports, high dol- encryption used is weak. Forcing your users to
lar coffee shops, hotels, and restaurants and use encryption locally will at least prevent the
taverns—many of which now allow users to average script kiddie—who just got a laptop as
connect their laptops and/or PDAs to the Web a birthday present—from penetrating your sys-
using wireless public networks. tem by doing little more than walking past your
If you’ve never given this a thought before, office building. The effort to encrypt your
consider how little your laptop-equipped users WLAN may also provide a good legal, if not
are aware of the dangers of logging on to any technical, defense against serious hackers tak-
random network they encounter in their trav- ing over your network for illegal purposes.
els. At a bare minimum, you need to educate Although configuring an open wireless
them about the threat these open networks LAN has become so simple that virtually any-
pose. You may also need to scrub their systems one can do it, securing one is a major challenge
of any critical unencrypted corporate data they worthy of the time and talents of a top secu-
are carrying around. rity expert.
Just as companies are coming to realize how In the beginning, 802.11b relied primarily
dangerous unfiltered access to the Internet is on MAC address filtering for access control. If
in the office, IT professionals as well as users you had an allowed MAC address, you could
must start viewing public wireless networks as connect to the wireless access point. The only
a wilderness where many systems could problem was spoofing. Your wireless device
become easy prey for attackers. After all, why was continually broadcasting its address and
should a hacker go to all the trouble of break- any attacker could intercept it and spoof the
ing into a corporate network when an open MAC address to match the allowed address.
wireless network provides easy access to a cor- Data was secured using Wired Equivalent
porate system? From there, an attacker can, for Privacy (WEP). But WEP generally uses a 40-
example, plant a Trojan or raid corporate data bit encryption key (sometimes 64-bit) and only
stored locally on the system. a 24-bit initialization vector (IV), which makes
A well-configured firewall is essential for it extremely vulnerable. The 128-bit WEP2 is
any laptop that has wireless capabilities— available on some systems. A major problem
Wireless Security 95
A TESTAMENT TO THE WIRELESS PROBLEM
I decided to write this article after I spoke at the Summercon hacker convention in Pittsburgh
recently. There were probably 30 open networks within a single square mile around the con-
ference site, and other cities have similar WLAN-rich areas around universities and high-
tech businesses. I saw people logging on to three and four wireless networks from PDAs
right in the hotel lobby, and only one of the networks was owned by the hotel.
Everyone from the overt FBI agent to a former NSA staff member to the average hacker
was logging on to wireless networks, and I bet even in that elite group, no more than half
realized that merely by connecting to an open network they were potentially opening up
their computers to anyone else on the same wireless network.
Even worse, only a few of those networks were intended for general public use. Most were
private networks with so little security that anyone could log on, almost by accident.
with WEP is the 24-bit IV, which is so small by Funk Software, is nearly identical to
that many networks will reuse the same IV PEAP—but the key word is “nearly.” EAP-
multiple times in a single day. In fact, it is so TTLS offers strong security and easy configu-
insecure that there are free hacker tools avail- ration, requiring only server-side certificates.
able on the Internet to crack a busy WEP net- The new Wi-Fi Protected Access (WPA) is
work in a few hours. also being pushed by Microsoft, Cisco, and
Adding IPSec can be a major improvement members of the Wi-Fi Alliance. You can
for security, but most wireless networks are download a WPA upgrade for Windows XP
already plagued with quality of service (QoS) from Microsoft (http://www.microsoft.
issues, so using sophisticated encryption com/whdc/hwdev/tech/network/802x/
schemes across the network is usually not an WPA.mspx).
acceptable solution unless you upgrade the None of these EAP-based authentication
hardware on the entire network. systems fully address the data security problem
Several wireless vendors have quickly posed by the continued reliance on WEP,
moved to secure their market share by improv- which is why many organizations have turned
ing the authentication side to offer better secu- to using VPNs to encrypt all communications
rity for their products. Cisco and Microsoft sent over a wireless link. The problem with
have pushed RSA’s Protracted Extensible that is that it adds another layer of latency and
Authentication Protocol (PEAP) to authenti- complexity to the WLAN. In short, it simply
cate users through a secure tunnel. Cisco also shouldn’t have to be that difficult to make a
has another security protocol, termed Light- secure WLAN connection.
weight EAP (LEAP), which is simple to imple-
ment (on Cisco equipment), although the Final word
passwords may be vulnerable to dictionary This only skims the surface of the protocol
attacks. Both of these are based on the IEEE wars raging in the wireless world at this time.
802.1X framework and are improvements over In the near term, if you’re adding (or moving
WEP, allowing authentication without having a entirely to) a wireless network, you’ll be well
certificate on the client. advised to stick with a single vendor through-
But PEAP isn’t as useful as it could be out if you hope to secure your wireless net-
because Cisco’s version isn’t the same as works. Otherwise, you need to choose
Microsoft’s and—surprise—the two aren’t technologies compatible with some third-party
compatible. The EAP-TLS protocol used in vendor and rely on that company to keep your
Windows XP’s 802.1X client is strong but system working. Even if you get everything
requires both server and client certificates. working properly, you should still take a long,
Another EAP-based protocol, Tunneled hard look at what information you place on
Transport Layer Security (TTLS), developed that network.
W
ireless LANs allow both legitimate is generally not an issue for wired networks,
users and hackers to access your because you know exactly the points through
network quickly and easily. By which a potential user could access your net-
securing your wireless LAN, you can avoid work, and you can use security devices such as
opening your network doors to hackers. In this firewalls to protect against unwanted traffic
article, I’ll show you what you need to do. A from outside the network.
wireless network can allow you and your users The problem of unauthorized users gaining
to work in a significantly more flexible and access to unsecured wireless access points is
convenient manner while still reducing infra- exacerbated by folks who drive around and
structure costs, but it can also create a number mark buildings with certain symbols indicating
of major security issues that must be that there is an open wireless network in the
addressed when the system is installed. The area; a practice that has become known as
same flexibility that makes wireless so attrac- “war chalking” mimicking the old term “war
tive to your company can allow hackers to dialing” from the modem days of lore. These
leave a giant hole in your otherwise secure net- symbols have recently caught the attention of
work. To keep your wireless network free from the FBI in certain areas, however.
security breaches, you need to focus on secu- What can you do to make sure that your
rity from inception to implementation. network does not become identified as a free
access point? First, make sure that none of
What are the risks? your employees is running a wireless access
First, it’s important to understand the security point that you don’t know about. Before you
issues that arise with the use of a wireless net- dismiss this as something that you don’t need
work. Because a wireless network is accessed to worry about, ask around. This practice is
via strategically placed antennas, you no longer pretty widespread.
have specific points of network access like you Second, try to position your wireless access
do with a wired network. point antennas in such a way that communica-
There are a number of security risks associ- tion outside a building in public is minimized.
ated with the currently widespread 802.11b A lot of this is trial-and-error, so be prepared to
and 802.11a wireless standards. 802.11b spend a lot of time finding an optimal location.
devices operate at up to 11 Mbps while Third, you can begin to make use of
802.11a devices operate at up to 54 Mbps. “authorization lists” based on such informa-
Both standards operate using Wired Equiva- tion as the MAC address of the wireless NIC.
lency Protocol or Wired Equivalent Privacy This would require the administrator to keep a
(WEP), which provides some measure of list of all of the potential wireless devices that
security for transmission over the airwaves. would access the network and to make sure
There is no one action to take that would that the wireless access points allow only those
secure your wireless LAN. Instead, you’ll need devices. Obviously, this creates additional
to rely on a number of different actions that administrative overhead to keep the list up-to-
will offer a multifaceted approach to wireless date, but it does help you limit the types of
security. devices that connect to your network. Just
Unauthorized usage keep in mind that that MAC addresses can be
(aka Insertion Attack) spoofed. Anyone with a sniffer would be able
Perhaps one of the biggest problems with to just sit and listen to traffic coming from the
improperly secured wireless networks is their wireless access point and eventually get an
ability to be used by anyone within antenna authorized MAC address that they could then
range—even people outside the building. This use to gain entry. Therefore, don’t just assume
Wireless Security 97
you’re secure because you’re limiting access should not count on it as your only source
based on MAC addresses. of security.
Treat wireless access points as untrusted Slightly newer than WEP, 802.1X is the
until you have reason to believe that they are “second try” for wireless security and has also
completely secure. You may even want to con- been proven to have significant security prob-
sider segregating wireless network access on a lems, such as being susceptible to session
portion of the network that is separated from hijacking and man-in-the-middle attacks. Ses-
the main network by a firewall. sion hijacking involves taking over the session
for a client that has already authenticated while
WEP is severely flawed man-in-the-middle attacks take advantage of
There are currently three different “standard”
802.1X’s one-way authentication by inserting a
security systems in place for wireless network-
node between the wireless client and an access
ing: WEP, 802.1X, and 802.11i. The most
point. While an improvement, 802.1X is not a
widespread system in place is currently WEP.
replacement for WEPs; it simply provides
WEP is the encryption method that is used
authentication services, not the encryption
between the base station and the mobile device
services that WEP provides.
to provide a modicum of secure communica-
Currently in the works, the 802.11i standard
tion. Most WEP-capable devices support
starts with 802.1X and adds significant features
either 40 or 128 bit encryption. Although
to fix its problems. Most importantly, it adds a
WEP is supposed to secure networks, security
key distribution infrastructure that replaces
professionals have identified extremely danger-
static WEP keys. This will be a huge improve-
ous holes in WEP.
ment over WEP. In addition, it is slated to make
WEP uses the RC4 encryption algorithm.
use of AES (Advanced Encryption Standard)
This algorithm takes a key and generates a
rather than WEP’s 40- or 128-bit RC4-based
number of pseudo-random keys based on it in
encryption algorithm. For more information on
order to provide the encryption. Because of
how AES works, check out http://home.ecn.
the fact that Ethernet is a collision-based net-
ab.ca/~jsavard/crypto/co040801.htm.
working system, collisions will definitely occur,
802.11i is due by the end of 2002.
even with wireless.
So, if WEP is not sufficient, how do you
Unfortunately, WEP reinitializes the entire
make sure that the traffic that is going out over
data stream after a collision occurs. While
the air is protected? One way is to use encryp-
someone just walking by with a wireless
tion just as you would on a wired network by
adapter may be discouraged by the fact that
using such tools as VPNs, SSH, and SCP
you are using an encrypted data stream, a
rather than direct network connections, telnet,
determined hacker needs only a matter of
and FTP. In fact, making use of a VPN from
hours before he or she is able to read enough
the wireless client may be an excellent idea in
air traffic to generate the required WEP key to
any case because VPNs are a much more well-
gain access to your network. This applies to
known element than are wireless networks, and
both 40- and 128-bit WEP encryption—within
their security issues are much better under-
similar time frames. This implies that 128-bit
stood, making them much easier to patch and
WEP encryption is no better than 40-bit
monitor.
which, unfortunately, is the case.
However, you should keep in mind that
In addition, there are now tools such as
there are tools that allow wireless hackers to
AirSnort and WEPCrack that make this job
hijack SSH and SSL sessions, thereby invalidat-
even easier for hackers. AirSnort works by pas-
ing the security that they provide. Often, the
sively listening to traffic. Once it acquires 5-10
only way that users are made aware that this
million packets, it can guess the encryption
has happened is when the server they are con-
password in under a second.
nected to indicates that the host key has
While I recommend that you use WEP
changed. If this message is ignored, the hacker
to at least prevent less-prepared hackers
has achieved his goal.
from gaining access to your network, you
Wireless Security 99
Think security when setting up an
802.11b wireless network
Apr 22, 2002
By Ron Nutter, MCSE, CNE, ASE
M
any companies are already deploying
wireless technologies, and others are READ THE RADIUS RFC
only moments behind. But before Fore more information on RADIUS
your company implements an 802.11b wireless accounting, check out RFC2139
network, you should consider how you’d (http://www.ietf.org/rfc/rfc2139.txt).
secure it. In this article, I’ll show you some
obvious and some not-so-obvious ways to Use a firewall between your
keep your wireless network safe. wireless and wired networks
Permanent DHCP reservations Though most networks have some type of
If you use DHCP with your wireless network, firewall between the wired network and the
you may have reservations about someone Internet, many don’t deploy firewalls between
hijacking an IP address and gaining access to the wired network and the wireless network.
your data. Permanent reservation in DHCP Depending on the size of the wireless net-
solves this problem by requiring the MAC work, you may not need a firewall as sophisti-
address of the wireless card to make the con- cated as what lies between your wired network
nection between wireless card and access and the Internet. The two features you’ll want
point. This DHCP reservation requires the to put in place are port filtering and proxy
MAC address and unique IP address of the server authentication.
wireless card. When you use only permanent With port filtering, you block some IP ports
reservations for DHCP IP assignment, the and allow others to pass. You should have two
wireless card doesn’t have to be configured any types of port filtering: static and stateful. Of
differently for your network than it would to the two, static filtering requires a more exten-
be used on another network. The exception to sive setup, because you must define port usage
this, of course, would be that you would have going through the firewall in both directions.
to configure the correct channel(s) to use, but Stateful filtering is easier to set up, because you
this would depend on which card you’re using. define port usage from only one direction, the
How you configure your permanent DHCP side where the packet originated.
reservations will depend on which operating The trade-off in setting up stateful port fil-
system you’re using on your DHCP server. For ters is that there will be a little more processor
instance, in a Linux environment, the overhead on the firewall. This occurs because
/etc/dhcpd.conf would be edited to map MAC the firewall has to build a table of the traffic
addresses to IP addresses. On a Windows 2000 going through the stateful filter. With this table
DHCP server, you would handle the configu- in place, the firewall will know which traffic
ration through the DHCP MMC. can pass through and which cannot.
For someone to hijack the IP address of To make things easier, when setting up
your wireless network, he or she would have to port filtering, you should have some type of
override the MAC address of the card or have protocol analyzer to see the ports that are
equipment to listen in on your network to see being used in the communication that you
which MAC addresses or IP addresses are want to allow to pass. Since the wireless stan-
being used. If you need an even tighter lock- dard 802.11b is a little different than what is
down on your wireless network, you can also used on the wired portion of your network,
use permanent reservations in conjunction you will need to use a different protocol
with RADIUS accounting. analyzer. Two analyzers that work with wire-
less networks are the AiroPeek NX from
Figure A Figure B
W Security options
ireless connectivity is the panacea
for many of today’s network woes. To secure your wireless LAN, consider the fol-
It eliminates expensive cable runs lowing options:
and provides workers with more freedom: no
X Service set identifier (SSID)
more struggling with the short tether of a net-
work cable. However, this freedom leaves X Wired Equivalent Privacy (WEP) protocol
many organizations worried about security. In X VPN
this article, I’ll review some security methods X MAC restrictions
you can use to protect your wireless network. I
will also discuss the weaknesses of these secu- Service set identifier
rity solutions and provide some mechanisms to The SSID is designed to allow two wireless
overcome these weaknesses. LANs to operate in close proximity. The SSID
is used on the client and the access point to
Unauthorized access to bind their communications together.
your network If the SSIDs don’t match between an access
If you have no security established on your point and the network card, there is no com-
wireless network, it’s easy for someone to set munication between the two. Because of this,
up a system and break in. If you have DHCP some administrators believe they can just
set up, someone can even get IP address infor- change the SSID and no one will be able to
mation automatically. Without DHCP, the access their wireless network. Since there’s no
hacker can simply use a wireless packet sniffer SSID match, there’s no risk of unauthorized
to determine the IP addresses of the stations users gaining access. Although changing the
already on the network and pick one that’s SSID is an important step in securing the wire-
available. less network, it alone does not guarantee the
One issue most organizations face is the false network’s security.
sense of security given by the corporate firewall. To set the SSID on a Windows 2000
No matter how tight, big, or expensive the fire- machine, open the Properties window of
wall is, it can’t prevent wireless signals from get- the network adapter. Click the Configure
ting into the hands of hackers. Firewalls are put button and then select the Advanced tab.
in place to prevent intruders from gaining From the Advanced tab, select SSID from
access to the internal systems. However, when the Properties listing and enter the correct
someone drives up and logs on to the wireless SSID in the Values field. Click OK and the
network, there’s typically no barrier between SSID will be set.
them and those sensitive internal systems.
W
ired Equivalent Privacy (WEP) is an even MS-DOS. The Windows platforms that it
optional IEEE 802.11 feature used runs on include Windows 9x, Windows CE,
to provide data confidentiality. In Windows Me, Windows NT, Windows 2000,
short, WEP is used to encrypt and decrypt and Windows XP. All of the Windows plat-
data signals transmitted between Wireless forms have slightly different installation and
LAN (WLAN) devices. WEP works by configuration procedures. I’ll tell you how to
encrypting the wireless radio frequency set up the card for Windows 98.
between the access point and client device
and is the minimum amount of security you
Your task list
Here is a summary of the steps you’ll need to
should have enabled on your WLAN. If you
follow to get your WEP-enabled adapter and
don’t implement WEP, hackers can obtain
access point up and running:
information about your wireless network
through a sniffer trace and can then join it 1. Install the wireless access point.
without your knowledge. Since your wireless 2. Configure the WEP security features of
Service Set-Identifier (SSID) is sent over the the access point.
air in clear text, you need to use WEP to 3. Install the Cisco Aironet PC350 wireless
encrypt your data to protect it from hackers. LAN adapter device driver.
WEP itself is not the strongest type of secu-
rity you can implement on your wireless net-
4. Configure and enable WEP for the adapter
card on your laptop.
work, but it is one of the easiest ways to
strengthen your wireless security network.
This article provides methods for using and
Install the access point
Your access point operates in the 2.4-GHz
configuring WEP on Cisco Aironet 350 Series band, similar to how a cordless phone works.
Wireless LAN components. The Aironet 350 Like a cordless phone, your access point has an
Series Wireless LAN product line is a set of antenna on one side and a wired connection
wireless access devices that include access on the other. Your WEP-enabled client
points and client adapters that can pass packets adapter talks to the antenna, which then sends
at speeds up to 11 Mbps. Before you can use the data through the wire to wherever it’s
and configure WEP, you’ll need to install and headed. If it sounds simple, that’s because it is.
configure the devices that use WEP. First, you’ll want to connect an RJ-45 Eth-
ernet connector to the Ethernet port on the
NOTE back of the access point. The Aironet PC350
Though the Aironet 350 Series offers sev- should probably come bundled with an RJ-45
eral wireless adapters, I’m going to use the connector but it doesn’t, so you’ll have to pur-
PCMCIA adapter for the purpose of this chase one separately if you don’t already have
lesson, since most of the time when you one. Connect the other end of the Ethernet
use a wireless network, you’ll be using it connector to your 10/100 Ethernet LAN.
on a laptop. A power adapter comes with the access
point, and after you plug it into your electrical
The Aironet 350 wireless LAN adapter has outlet, plug the connecting wire into the back
a list price of $169 (PCMCIA version) for a of the access point. When you see the LEDs
single card, which includes all drivers for all blink amber, red, and then green, you’re juiced
platforms. This means that you can use the with power and ready to configure WEP.
same card for Linux, Windows, Mac OS, or
U
nauthorized users may be lurking on X Active attacks to decrypt traffic based on
your wireless local area network tricking the access point.
(WLAN), according to researchers at X Dictionary-building attacks that, after an
the University of California, Berkeley. The analysis of a day’s worth of traffic, allow
problem is caused by a number of key flaws in real-time automated decryption of all
the Wired Equivalent Privacy (WEP) protocol, traffic.
an algorithm that is supposed to protect wire-
WEP relies on a secret key that is shared
less communication from eavesdropping and
between a mobile station and an access point.
unauthorized access.
The secret key is used to encrypt packets
David Wagner, an assistant professor of
before they are transmitted, and an integrity
computer science and a member of the WEP
check is used to ensure that packets are not
research team, said IT managers need to be
modified in transit. However, using the tactics
concerned with a whole gamut of potential
mentioned above, it’s easy to get around WEP.
security problems posed by WLANs. Eaves-
Wagner recommends that anyone using an
dropping, tampering with transmitted mes-
802.11b wireless network not rely solely on
sages, defeating access control measures, and
WEP for security. Instead, you should use
denials of service are all potential threats.
other security measures to enhance WEP and
Despite these security threats, wireless sys-
WLAN security.
tems are becoming a hot commodity among
businesses. Gartner released a study earlier this First step: Use WEP as the
year forecasting that more than half of the
Fortune 1000 companies will have deployed
foundation
Despite the fact that he found major flaws in
WLANs within two years.
WEP, Wagner said it is very important that you
With that in mind, here are methods you
use its encryption system as a foundation for
can use to secure WLANs in the face of these
good security.
dangerous WEP vulnerabilities.
“Surprisingly, a large proportion [of compa-
An easy hack nies] deploy wireless networks without any
A wireless network uses radio waves to trans- encryption. So that is the first serious mistake
mit data to everyone within range. So special that you can make,” Wagner said.
precautions need to be taken to ensure that “If you don’t have WEP enabled—if you
those signals cannot be intercepted. Wagner don’t have [any] encryption enabled—[you are
says his research shows that potential flaws in susceptible to] very serious attacks that require
WEP seriously undermine the security of almost no sophistication. So the very first
wireless LANs because hackers can easily thing that you’d better do if you have a wire-
break into wireless systems by using off-the- less network is…use encryption.”
shelf equipment and positioning themselves
within transmitting range of a WLAN. As a
Second step: Isolate the WLAN
result, the WLAN is susceptible to a number and enhance encryption
of different types of attacks, including: After enabling WEP, you should also consider
other security measures in order to compen-
X Passive attacks to decrypt traffic based on
sate for its vulnerabilities. Wagner suggested a
statistical analysis.
couple of steps to work around the potential
X Active attacks to inject new traffic from problems of WEP.
unauthorized mobile stations based on “[First,] place your wireless network out-
known plain text. side of the firewall. Treat it just like you
T
he freedom of wireless networking is down one of these rogue access points is not
enticing, but the accompanying risks an easy task.
are daunting. If you’re running a wire-
less LAN on the 802.11 standards, you may The problem with WEP
think your organization is secure. Think again. During the inception of the 802.11 standards
Joe User can drive to the local computer store, for wireless networking, the IEEE had to
buy a wireless access point for less than $100, resolve a fundamental issue of wireless secu-
and be free from Ethernet cables and any legit- rity: It’s vulnerable because it uses radio signals
imate security within 15 minutes. And hunting through open air space, as opposed to electrical
F
or several years now, the primary secu- Therefore, administrators that manage wireless
rity mechanism used between wireless LANs should become familiar with WPA.
access points and wireless clients has
been WEP encryption. The problem is that 802.1X authentication
although WEP encryption strength has If you have been using Wi-Fi for a while, you
increased a few times since Wi-Fi was intro- are probably familiar with the 802.1X authenti-
duced, the WEP protocol is still fundamentally cation protocol. This protocol allows users to
weak because it uses a static encryption key. As authenticate into a wireless network by means of
a result, motivated attackers can easily crack a RADIUS Server. In standard Wi-Fi, 802.1X
WEP encryption by using freely available hack- authentication is optional. However, 802.1X
ing tools. authentication is a requirement for WPA.
Fortunately, some standard alternatives to If your environment does not have a
WEP are emerging. The Institute of Electrical RADIUS server in place, you can still use
and Electronics Engineers (IEEE) has defined WPA in spite of the 802.1X requirement. As
an expansion to the 802.11 protocol that will an alternative to RADIUS, WPA supports the
allow for increased security. Unfortunately, the use of a preshared key.
standard is presently in draft form and isn’t
expected to be ratified until the end of 2003.
WPA key management
One of the biggest drawbacks to traditional
In the meantime, though, most of the Wi-Fi WEP security is that changing the encryption
manufacturers have agreed to use a temporary key is optional. Even if you do switch encryp-
standard for enhanced security called Wi-Fi tion keys from time to time, there is no option
Protected Access (WPA). Although WPA is a for globally rekeying all access points and all
temporary protocol and isn’t recognized by wireless NICs. Instead, rekeying is a tedious
IEEE, it is very similar to the revised IEEE manual process and is completely impractical
standard expected by the end of the year.
I
mplementing a wireless networking system antenna in such a way that it limits how much
can result in serious security problems if the signal can reach areas outside the coverage
the system is not properly secured. This is area. Don’t place the antenna near a window,
true of a wireless network deployed at home or as the glass does not block the signal. Ideally,
one deployed in the office. In fact, some resi- your antenna will be placed in the center of
dential Internet service providers have clauses the area you want covered with as little signal
in their agreements that indicate that service is leaking outside the walls as possible. Of
not to be shared with people outside of those course, it’s next to impossible to completely
covered by the agreement. If you deploy an control this, so other measures need to be
insecure wireless network, it could result in a taken as well.
loss of service or in the use of your network as
a launching pad for attacks against other net-
Use WEP
Wireless encryption protocol (WEP) is a stan-
works. To help you close these security holes,
dard method to encrypt traffic over a wireless
here are six quick wireless networking tips.
network. While it has major weaknesses, it is
Why do I want to close the loop? useful in deterring casual hackers. Many wire-
The point of properly securing a wireless access less access point vendors ship their units with
point is to close off the network from outsiders WEP disabled in order to make the product
who do not have authorization to use your serv- installation easier. This practice gives hackers
ices. A properly secured access point is said to immediate access to the traffic on a wireless
be “closed” to outsiders. A wireless network is network as soon as it goes into production
more difficult to secure than a typical wired net- since the data is directly readable with a wire-
work due to its nature. A wired network has a less sniffer.
limited number of fixed physical points of Change the SSID and disable
access while a wireless network can be used at
any point within the range of the antennas.
its broadcast
The Service Set Identifier (SSID) is the identifi-
Plan antenna placement cation string used by the wireless access point
The first step in implementing a closed wire- by which clients are able to initiate connections.
less access point is to place the access point’s This identifier is set by the manufacturer and
from a Web-based interface, although you can sniff your wireless network traffic. Sitting in
also do it from a console session or some your parking lot or some other easily accessible
other form of remote control. No matter how location, an intruder armed with the right hard-
it’s done, the end result is a list of MAC ware and software can easily sniff your wireless
addresses that you use to allow or disallow network and capture all packets sent to and
access. from your access points. The captured data
In Figure A, which was generated from a packets contain all the information the intruder
Cisco 1200 AP, you can see quite a few clients needs to make a connection to your wireless
making connections to the WAP. Some are LAN. This information includes the following:
merely authenticated, while others are com- X Authorized MAC addresses
pletely associated. In wireless-speak, “to
X IP addresses
authenticate to a WAP” simply means to
announce your identity to the other station— X IP subnets
in this case, the AP. X Wireless LAN SSIDs
Authentication can take place using either The intruder can easily configure a wireless
open system or shared key (WEP) methods. To device with a captured IP address and subnet
be associated with a WAP implies that the in the device’s TCP/IP Properties window.
client is fully connected to the WAP and is now Configuring captured SSIDs varies from one
allowed to pass traffic through the AP. In short, type of NIC to another, but it’s done from
the client now has complete access to the rest within the configuration software provided
of the network, both wireless and wired. MAC with the NIC—again, a very easy configura-
filters act to keep unauthorized clients from tion to make.
becoming associated with the WAP. The tricky part comes in spoofing the
MAC address itself. However, even an
An open door to intruders unskilled attacker can spoof a MAC address
The problem comes when an intruder wants to
by making one quick registry edit. Using the
gain access to your network and has decided to
A
n emerging standard in wireless secu- vendor. As the most-common-denominator
rity finally is giving IT departments a implementation of EAP, its strength is that it
way to fend off key-sniffing hackers requires the use of public key infrastructure
and users who install their own unauthorized (PKI). PKI makes EAP-TLS extremely secure
access points. In “At last, real wireless LAN with the use of asymmetric public and private
security” (page 111), we discussed the new keys on the RADIUS and client sides.
802.1x/EAP combination that allows you to The only downside is that implementing a
manage and distribute encryption keys on a PKI may seem a bit intimidating, although it
user- and session-level basis. really isn’t that difficult. Microsoft is firmly
Now we’ll tell you what it takes to actually entrenched in this camp and has put native OS
build an 802.1x/EAP solution. Because 802.1x client support for EAP-TLS in Windows XP.
and EAP are open standards, implementation Later this year, Microsoft will release support
is left to individual vendors. As a result, four for Windows 2000, NT, 98, and Pocket PC.
types of EAP implementations have emerged For the time being, you would have to use a
as “standards.” They all share the same under- third-party solution, such as that provided by
lying 802.1x and EAP architecture, but the Meetinghouse Data Communications (MDC),
ways they implement EAP are different. for non-XP operating systems.
Even Cisco is now recommending dual sup-
LEAP port for LEAP and EAP-TLS. EAP-TLS is a
Cisco was one of the first vendors to market fallback solution with version 3 of Cisco ACS
with its Lightweight EAP (LEAP) “standard” RADIUS because Cisco realizes that not
in December 2000. This is a very proprietary everything is compatible with LEAP. The cost
solution and initially worked only with Cisco of implementing EAP-TLS is almost negligi-
Client 802.11 cards, RADIUS Servers, and ble if you use Microsoft RADIUS and PKI
Cisco Access Points. Recently, Cisco began technology. This is because Microsoft’s Inter-
working with other vendors to make its equip- net Authentication Service (IAS) RADIUS is
ment and software LEAP-compliant. You now bundled with the Windows 2000 Server oper-
have some choice when choosing Client ating system and is as stable as any other solu-
802.11 PC cards, and at least four other tion, in my experience.
RADIUS solutions support LEAP. Some lap- Because Microsoft recommends that you
top vendors even support this solution natively implement IAS on your domain controllers,
with their integrated 802.11 adapters. there’s no cost of an extra server and no addi-
Implementation of LEAP is relatively simple. tional licensing costs. The required PKI can be
Cisco’s ACS/AR RADIUS servers can easily addressed by implementing the Certificate
be tied into your LDAP or Active Directory Authority (CA) service, also bundled with Win-
domain, and user authentication is transparent. dows 2000 Server. Licensing and server cost is
The only downside to this approach is that your kept to a minimum. Overall, this is one of the
password policy better be strong, because LEAP most secure and inexpensive solutions. The only
is vulnerable to man-in-the-middle dictionary initial burden is setting up a PKI in your organi-
attacks. But if you have a strong password policy, zation; but keep in mind that PKI certificates
LEAP is a fairly convenient and secure solution. can be used for many other purposes, such as
EAP-TLS L2TP VPN. All of this is just a one-time setup,
and once EAP-TLS is fully implemented, it’s
EAP-TLS (Transport Layer Security) is an
open standard that’s supported by nearly every almost completely transparent to the user.
B
y default, many wireless devices can when you’re installing a Linksys wireless net-
leave networks and data open to access, work access point for your clients.
paving the way for practices like war
driving, in which someone armed with a wire- Equipment used
less network card and a few easily obtainable The options I describe in this article will be
hacker tools, can identify a wireless network based on use of:
and connect to it to access company data. X A Linksys wireless network access point;
As network consultants, our mission is to this device provides access for wireless
provide the convenience of wireless networks clients to the wireless network.
in a relatively secure environment. To help you X Linksys USB and PCMCIA network
in this effort, here is a list of simple security adapters for clients.
fixes that will provide additional protection
X A Windows XP operating system.
Figure B Figure C
Notes
Products and
Reviews
How to select the right wireless hardware
for your home network
Oct 16, 2002
By Greg Shultz
I
f you’re thinking about setting up a wire- into radio waves and broadcast to a relatively
less connection on your home network, small area. Another wireless device receives
you have some homework to do before those radio waves and converts them back
you’ll be ready to make the leap. into data.
For starters, you have two choices, depend- On one end of the communication you
ing on whether you already have an existing have a base station, or WAP, that is physically
broadband home network or whether you’re attached to the network via a standard network
starting from scratch. If you already have an cable. On the other end you have a wireless
existing home network and want to add a wire- network card that will be connected to a desk-
less connection to it, you’ll just need a Wireless top computer via a standard PCI slot, just like
Access Point (WAP). If you’re building a any other card. In the case of a laptop com-
broadband home network from scratch and puter, the wireless network card could be in
want to add wireless connections, you’ll want the form of a PCMCIA card with an attached
to look at getting a wireless broadband router. antenna. Or the wireless network card could
In this article, we’ll examine each of these be built in to the laptop, with the antenna
wireless options in detail. As we do, we’ll help embedded into the lid on either side of the
you decipher the technical terminology associ- screen. Alternatively, you can also get wireless
ated with wireless networking, and we’ll dis- network adapters that attach to your com-
cuss examples of some available products. puter’s USB port.
A
s the price of wireless networking about $650. The 1170 Access Point is compati-
equipment has dropped over the past ble with all 802.11b wireless cards; supports up
year, the major computer manufactur- to 32 wireless clients; has a built-in NAT fire-
ers have begun offering customers a variety of wall; works as a DHCP server; and has Ether-
wireless options. Whether your enterprise net, PCMCIA, and serial ports. The maximum
needs a hundred laptops with integrated wire- range for the 1170 Access Point is 1,750 feet in
less NICs or your small office needs a single an open office environment, 375 feet in a
access point and two wireless PC cards, two of semi-open environment, and 165 feet in a
the largest computer manufacturers, Dell and closed office environment.
Gateway, have you covered. Let’s take a look at
several of the wireless options these two com- Gateway focuses on Intel
panies offer. equipment
Currently, Gateway customers who want to
Dell’s TrueMobile Wireless go wireless can choose equipment from both
Dell’s TrueMobile customers have their choice Proxim’s ORiNOCO product line and Intel’s
of four wireless devices: an integrated True- PRO/Wireless line. However, because
Mobile 1150 Wireless Mini-PCI card, an exter- Proxim’s equipment is being quickly phased
nal TrueMobile 1150 Wireless PCMCIA card, out in favor of Intel’s product line, I will cover
a TrueMobile 1170 Wireless Base Station, and only the Intel offerings here.
a TrueMobile 1170 Wireless Access Point.
Access points and base stations
Wireless adapters Gateway offers three different Intel access
The integrated Mini-PCI card costs about points: the Intel PRO/Wireless 5000 LAN
$100 and is available on several Inspiron and Dual Access Point, the Intel PRO/Wireless
Latitude laptop models. The external 1150 PC 2011B LAN Access Point, and the Intel Wire-
Card, which retails for around $70, works less Base Station. Enterprise customers or
with all Inspiron and Latitude laptops and those who are considering a move to 802.11a
with all Dell desktops. To use the PC card equipment should definitely consider the
with a desktop, however, you’re required to PRO/Wireless 5000 first. This dual-mode
purchase an additional PCI adapter card for access point supports both the 802.11a and
around $75. 802.11b protocols, offers 128-bit WEP
Access points and base stations encryption, and can handle up to 64 clients.
The TrueMobile 1170 Wireless Base Station The PRO/Wireless 5000 offers throughput
costs around $175 and is designed primarily speeds up to 54 Mbps for 802.11a clients,
for the home or home office. It supports up to up to 11 Mbps for 802.11b clients, has a
16 wireless clients, allows for 128-bit encryp- maximum range of 300 feet, and sells for
tion, and has a maximum open-environment around $600.
range of 300 feet. The 1170 Wireless Base Sta- For organizations that want a cheaper alter-
tion has a single 10/100 Fast Ethernet connec- native to the PRO/Wireless 5000 and that
tion, can serve as an Internet router—when don’t need 802.11a support, Gateway offers
used with an existing cable or xDSL modem— the Intel PRO/Wireless 2011B LAN Access
and includes a NAT firewall. Point. This 802.11b-only device supports up to
For business environments, Dell offers the 60 clients, provides data throughput up to 11
TrueMobile 1170 Access Point that retails for Mbps, offers 128-bit WEP encryption, and has
W
hen it comes to supporting wire- The WPAN connects devices that are rela-
less networking, prices are going tively close to one another. The MultiPort
down and user expectations are lets you create a WPAN that connects Blue-
going up. Whether you want to go wireless tooth-equipped devices with select Evo
with four or five PCs in a small office or you Notebooks, Presario Notebooks, and Evo
need walk-around connectivity for a thousand desktops. In the iPAQ product line, the iPAQ
corporate users, Compaq and IBM offer a Pocket PC H3870 model comes with inte-
number of options that can provide the grated Bluetooth, and a Bluetooth Wireless
proper access. Pack option is available for other iPAQ
Pocket PC models.
Compaq’s wireless options If you need more horsepower in your home
defined by scope network, the Wireless Home Office Gateway
Compaq defines its wireless solutions in terms model WL310 provides wireless connectivity
of three distance-based platforms: the wireless to Internet service providers so multiple users
personal area network (WPAN), the wireless can share the same Internet connection. It
local area network (WLAN), and the wireless enables the sharing of common network
wide area network (WWAN). resources such as files, printers, and scanners.
N
etworking might be a lot more com- out looking in some detail at access points and
mon than it was 10 years ago, but it related topics such as range and security. I’ll
still isn’t any easier to accomplish. As start with a look at the USB Client and then
new technologies emerge, many of us in the work up the chain.
trenches have had to brace ourselves—again— The ORiNOCO USB Client is an 11-Mbps
for the slippery slope of the learning curve. desktop unit that connects to the computer’s
When you combine a new operating system USB port with a standard USB cable. If you
such as Windows XP and a relatively new tech- open up the USB Client unit, you’ll find that
nology such as wireless networking, it can be the unit contains Agere’s wireless PC Card
an educational experience, to say the least. To with integral antenna and the hardware and
help you make the transition, I’ll explain the firmware needed to adapt it to a USB connec-
ins and outs of configuring a wireless network tion. If you pop open one of Agere’s access
with Agere Systems’ ORiNOCO Wireless points, you’ll find something similar: a wireless
USB Client. PC Card with the necessary support hardware
and firmware. These are the same PC Cards
Look Mom, no wires! you would use in a notebook’s PC Card slot or
Agere Systems Inc. is a major player in the in Agere’s PCI or ISA adapters for desktop
wireless networking market. Agere, which spun systems. By standardizing on a single unit,
off as a separate company from Lucent Tech- Agere not only simplified the product line but
nologies (formerly AT&T) in June 2002, offers also cut its development and support costs,
a range of wireless access products for every- which should ultimately translate into better,
thing from the backbone to the end user. The less expensive products.
Choosing a USB Client over the PCI/ISA
adapter means you don’t need to worry about
Figure A
available slots or IRQs, and the unit doesn’t
need a separate power supply. Just one cable
hooks it all up. The USB Client offers another
advantage over the PCI/ISA implementation
for workstations installed under a desk: In
many cases you’ll find that you need to add an
optional antenna for PCI/ISA installations,
particularly if the desk is metal. Using a USB
Client lets you easily locate the unit on top of
the desk where its range will be greater, which
translates into better performance.
To connect to a wireless network, the
client requires an access point. Like many of
the wireless client products available today,
Agere’s USB Client can connect to any
802.11b (Wi-Fi) compliant access point or
residential gateway. This includes Agere’s
Access Point, Access Server, and Residential
S
etting up a wireless network shouldn’t away from the access point, it dropped to
tax your problem-solving skills, but that around 5 Mbps.
could be exactly what happens if you opt While the equipment performed well once
for the ORiNOCO solution. it was installed, getting to that point took some
Figuring out the setup problems is well work. Much of our aggravation stemmed from
worth it in this case, as the ORiNOCO solu- a lack of experience with this hardware and
tion, once it’s installed, functions as well as its software. To avoid this during your installation,
advertisements claim. make sure you have the most up-to-date driv-
In this review, we will fill you in on ers for your systems. We ended up with three
ORiNOCO’s quirky setup software as well as or four different install CD-ROMs, and while
some of the lacking documentation, which they seem to be updated on a regular basis, if
understates some of the most important ele- the date is older than six months, it may be
ments of the installation. After reading these worth a trip to the ORiNOCO Web site to
pointers on the ORiNOCO business solution, download the updates.
you should be able to perform a hassle-free One other general oddity that needs men-
installation for your enterprise. tioning is that we were never able to get the
The equipment we’ll discuss here is: Access Point 500 to access our test network
X ORiNOCO Access Point 500 through a 3Com hub. It would work fine when
directly plugged in to the test network, but not
X ORiNOCO Silver PC Card
being able to use the hub complicated our
X ORiNOCO PCI Adapter setup and implementation. After completing
X ORiNOCO USB Client this review, we found that our problem was
because the port on the Access Point 500 is 10
Our wireless network Mbps and the particular hub we were using
We installed all of this equipment using Win- was only 100 Mbps.
dows 2000 Professional on Dell and Hewlett-
Packard computers that were connected to a Figure A
test network. Our building is a particularly dif-
ficult environment for wireless technologies
because its construction is such that cell
phones typically lose service connections
within the walls.
Even with the constraint of an unfriendly
building, once installed, the ORiNOCO
equipment was able to see the access point
from various distances. The farthest point
before the signal was reduced significantly
was approximately 140 feet. The signal depre-
ciated even more until it finally died at about
280 feet.
When the quality was still in the acceptable
range, network traffic stayed close to 11 Mbps, The ORiNOCO Access Point 500 connects the wired and
but when the laptop got more than 200 feet wireless networks.
Getting it going
Getting the wireless network up and running
using the RG-1000 could hardly have been
simpler.
Once out of the box (see Figure A), you
open the back cover of the access point and
plug in the power supply and your connection
to either a telephone line via the built-in You can find the six-character alphanumeric code on the label on the base or back of
the unit.
modem or, as in our case, an RJ-45 CAT-5
cable connected to our test network.
Make sure that your CAT-5 cable plugs in to Figure C
a switch or hub that will work at 10 Mbps, if
you use that option. This is rarely a problem in
the home office environment that is using a
cable modem or DSL.
As far as software is concerned, you will
need to install the setup utility on the machine
you will use for that purpose. If you are
accessing the access point via wireless connec-
tion, you will need to install the client software
to access the RG-1000.
In our case, we installed the setup utility on
a machine already on the test network and then
started the program.
When the program starts, you are prompted
for the network name of the RG-1000, which
is a six-character alphanumeric combination
printed on a label at the bottom of the device.
Choose the appropriate answers from the drop-down boxes or fill in an IP address in the
(See Figure B.) bottom field.
When you click on the Continue prompt,
the program will search the network for the
RG-1000 with that network name as its default. We changed only the Internet Access Via
During our setup, the software not only drop-down box to indicate we were using it
found the RG-1000, but it detected older over a LAN.
firmware on the device and automatically Once the Continue prompt was clicked, a
updated the firmware. This took a matter of small box opened to allow the setting of the
moments, and then an access point parameters encryption code and password for the access
screen appeared. (See Figure C.) point. The code is the last five characters of
T
o keep from being left behind in the been immune from this pressure and has taken
fast-growing wireless market, even the the initiative to work out problems with its
biggest players in this field haven’t product implementation processes. In this
been able to rest on their laurels. Instead they review, we’ll see if ORiNOCO has fixed the
have been ironing out every wrinkle they can wrinkles in its setup software or if it needs to
find to help their products succeed in the cut- go back to the ironing board.
throat market. Thankfully, ORiNOCO has not
Here is what is in the CD’s Windows 2000 directory that did not appear in the Add New
Hardware browser.
O
ver the next few years, chances are HomeRF and 802.11. Interference is a strong
high that you will begin administering possibility, but 802.11b tries to minimize it by
wireless networking clients. To help splitting 2.4 GHz into multiple channels and
prepare you, we’ve been running some wireless using a variety of transfer speeds.
reviews. 3Com has sent us their 11-Mbps,
802.11b wireless network for review, the
Roaming
The 802.11b specification is a cellular system,
AirConnect 11-Mbps PC Card (model
enabling the use of multiple base stations to
3CRWE737A) and Access Point base station.
increase total coverage. Clients automatically
The AirConnect products are corporate
negotiate a connection with the nearest com-
solutions suitable for industrial settings, com-
patible base station to maximize connectivity.
plex networks, and corporate campuses span-
The system has additional roaming features to
ning acres. The PC Card lists for $220 and the
allow clients to cross-network subnets and
Access Point retails for $1,195, but if you shop
move between routers.
around, you should be able to find the PC
Card for under $170 and the Access Point for Security
less than $900. Is it worth your corporate dol- Because different wireless networks could
lar? Read on. overlap, the base stations have a network iden-
tification number (referred to as a wireless
AirConnect technology overview LAN, or WLAN, area) to keep clients from
To help with this review and with questions wandering into the wrong network. As a result,
about encrypted, packetized radio-communica- the security conscious should change their
tion protocols, 3Com provided expert assis- WLAN area from the default number to pre-
tance from Paul Keane, a 3Com product vent others from “wandering” into their net-
engineer. His assistance was greatly appreci- work. You can also configure specific wireless
ated, as it let me go straight to the horse’s clients to allow or disallow them access to your
mouth for clarification. network.
The AirConnect devices operate on the Since wireless networking is broadcast
2.4-GHz frequency band using the IEEE to everyone in range, anyone with a receiver
802.11b communication standard. This is an has the potential to eavesdrop. To counteract
internationally accepted standard, granting it this potential problem, 802.11b includes
a bit more credibility and respect from the packet encryption and the option to change
business world, not to mention interoperabil- security keys—and you should change those
ity. Apple originally pushed 802.11b into the keys. There have been recent reports that
limelight when they included 802.11b net- imply cracking the encryption used by
working on their laptops under the AirPort 802.11b will be easier than first suggested.
brand. Since then, a number of other manu- This has yet to be proven, but rotating the
facturers, many of which had 802.11b prod- encryption keys will help keep your network
ucts prior to Apple’s introduction, have begun secure.
promoting their products more extensively.
Interference Description
The appearance of the AirConnect Access
The 2.4-GHz band is getting very cluttered.
Point is similar to other nonrack-mounted
Many cordless phones and all microwave
networking hubs (Figure A). With dimensions
ovens operate on that spectrum, as well as
Figure B Figure C
The sturdy antenna and LEDs make the AirConnect PC Card The PCI card is just as sturdy as the PC Card version.
a cut above.
Figure D Figure E
W Technology
e have the sequel to the 3Com
Access Point base station; it is The HomeConnect Wireless Gateway device
called the HomeConnect Home operates on the 2.4-GHz frequency band using
Wireless Gateway. Unlike the campus-focused the IEEE 802.11b communication standard.
Access Point, the HomeConnect is intended to The 802.11b standard is internationally
be used as a standalone, wireless gateway and accepted as a standard that covers many prod-
is equipped with the features you’d expect: The ucts from a wide variety of manufacturers, all
DHCP, NAT, firewall, PPPoE, and a three- of which guarantee to provide basic compati-
port, integrated 10/100 Mb switch make this bility. Coincidentally, 2.4-GHz is getting to be a
device perfect for the SOHO or limited-wire- very cluttered band. Many cordless phones and
less-needs corporate network audience. The all microwave ovens operate on this spectrum.
HomeConnect is priced competitively, listing Interference is a possibility, but 802.11b tries
for $299 when I searched for it on Price- to minimize it by using multiple channels in
watch.com.
Table A
Range Obstructions Interference Listed Transfer Rate Transfer Rate Ping time
(in feet) Mbps (Mbps) (KBps) (in milliseconds)
Min/Max/Avg/Lost
5 None Minimum 11 2 250 4/4/6/0
5 None Maximum 5.5 1 125 4 / 14 / 7 / 0
30 Two interior walls Minimum 11 2 250 4/4/7/0
30 None Maximum 1 6 KB .5 4 / 17 / 7 / 0
100 None Minimum 5.5 1.4 175 4/9/4/0
100 None Maximum 5.5 1.4 120 4 / 12 / 6 / 0
150 None Minimum 2 .5 64 5 / 55 / 9 / 1
150 None Maximum 1 0.123 16 5 / 153 /22 / 5
100 Two exterior walls Minimum 1 Unsustained Unsustained 5 / 100 /22 / 10
3
Com’s $399 Home Wireless Gateway computers over radio waves, allowing them to
measures just 7 x 8.5 x 2 inches, and it’s share a high-speed Internet connection, as well
shaped sort of like a cigar box. Yet this as printers and files, within a 300-foot range at
compact, unassuming device functions as the speeds up to 11mbps. (Note: While the Home
digital nerve center of your home network. It Wireless Gateway lets you share an Internet
communicates with notebook and desktop connection among both PCs and Macs, you’ll
need to run Windows NT Server’s Services for
Macintosh or a comparable service if you want
Specs
Model first available January 1, 2001
Linux compatible No
Mac compatible Yes
PC compatible Yes
Standards supported 802.11b
Interface Ethernet
N
etworks have been around now for network connection? After all, AirPort cards
more than 20 years. But in the small for the Macintosh can be found in the $80 to
office/home office (SOHO) commu- $100 range, and several vendors—including
nity, I’ve seen that many networks today aren’t Microsoft, Linksys, NetGear, and SMC—offer
exactly networked. Here’s an example: I have a low-cost USB network adapters for Windows
client who has a small Windows 2000 domain PCs that are in the $50 to $80 range.
running with one DC and about a half dozen But after you’ve spent $260 to $360 or so
clients. These machines are all relatively close on wireless network adapters, you will still
to each other—close enough to run Cat 5e need to get a good access point. Again, you
cable and tie them together using a 100-Mbps have many choices, so let’s just keep it simple
switch. These computers have good network and use the Linksys WAP11 as an example.
connectivity with each other and all is well. But You can grab one of these for about $80 to
add to this mix two Macintosh OS 10.2 com- $110 just about anywhere. So our total cost is
puters and two Windows XP computers that now in the range of $340 to $470 dollars to
have been placed 100 feet away. Now we have bring these four computers onto the network.
a quandary. How will we get these four addi- That’s pretty hefty and will continue to grow as
tional computers on the wired LAN afford- we add more clients in the future. Fortunately,
ably? Enter the Linksys WET11 Wireless there is an alternative.
Ethernet Bridge. The price tag on the WET11, as of this
writing, was between $100 and $130. Add that
Buying the bridge: to the $80 to $110 cost of the WAP11, plus
Cost justification the EZXS88W 8-port 10/100 switch at about
Now I know what you are thinking. Why not $45 to $55, and you have a total solution in the
just give each of these computers a wireless $225 to $295 range. So you’ve already saved
money—always a good thing. And you’re sup-
Figure A porting only two new network devices (the
WAP11 access point and the WET11 bridge;
the switch requires no support) instead of five
new network devices (the WAP11 and four
wireless network adapters). Any time you can
minimize the number of devices you have to
support and configure, the better off you are.
So it certainly looks like implementing the
WET11 wireless bridge with the WAP11
access point and eight-port 10/100 switch is
going to solve the problem and make my job
easier. With all the pieces in place, let’s set it up
and see how it goes.
What’s my mode?
The first thing you need to do is to figure out Don’t forget to select the bridge’s mode of operation here first.
I
f you want to share a broadband cable or The Ethernet switch operates at 10 Mbps
DSL connection across a home- or small- or 100 Mbps and has four LAN ports, plus a
office network with cabled Ethernet and WAN jack for the modem. Front LEDs indi-
wireless 802.11b segments, the Linksys Ether- cate power status as well as broadband, wire-
Fast wireless router does a solid job. It com- less, and cable activity. A Reset button on the
bines a four-port hub with an 802.11b wireless back lets you restore the router to its default
access point, a cable/DSL router, and a fire- factory settings. In addition to the EtherFast
wall. Although the package has some short- wireless router, the kit includes a power
comings in documentation and security, it still adapter, a CD-ROM with software and docu-
provides convenience and speed, replacing mentation, and a printed user guide.
several pieces of equipment that would cost
much more. Simply plug it all together
Installing the EtherFast wireless router was
A multifunction network device relatively painless. We came across some con-
Linksys includes everything you need to set fusing sections in the one-page quick-installa-
up your home network in one easy-to-install tion guide, but fortunately, the excellent and
package. The $229 EtherFast wireless router well-detailed 60-page user guide answered all
basically combines a wireless 802.11b access of our questions. To get started, connect the
point with Linksys’ hot-selling four-port router to its power source, the cable/DSL
cable/DSL router. The unobtrusive design has modem to the WAN port on the back of the
four sturdy legs supporting a rounded, rectan- router, and the installation PC to one of the
gular black-and-purple case. Should you wish LAN ports. Finally, set the TCP/IP settings
to connect two or more routers via the uplink for the installation PC’s network card to
port, recesses on top simplify stacking. The obtain an IP address automatically, and then
wireless access point acts as a DHCP server reboot. Once you’ve successfully installed the
and assigns IP addresses to PCs on the net- router on your network, you can configure it
work. It also supports WEP encryption and using your Web browser. Simply type the pro-
claims a top operating range of 300 feet (91 vided IP address and password to launch the
meters) indoors and 1,500 feet (457 meters) router’s setup page.
outdoors.
Watch your network take off
Performance was great when it came to
throughput, notching 92.5 Mbps on the Ether-
net connection and 4.2 Mbps wirelessly in
CNET Labs’ tests. Wi-Fi compatibility was
also seamless. The EtherFast wireless router
worked as well with an ORiNOCO 802.11b
wireless PC Card as it did with Linksys’ own
cards. Range was about as good as we’ve seen:
with 75 feet and several walls separating the
EtherFast wireless router and the wireless
clients, signal strength fell marginally, but most
messages passed at the top 11-Mbps rate, and
dropped information was minimal.
As a router, the Linksys offers support for The Linksys EtherFast comes with a one-
IPSec pass-through, PPTP (point-to-point tun- year warranty. Although the warranty may be
neling protocol), PPPoE (point-to-point pro- standard, the router’s phone support is above
tocol over Ethernet), and DMZ (demilitarized average. Toll-free phone support is available
zone) mapping. You can set up the router to 24/7, excluding major holidays, for the life of
filter Internet access (handy for family home the product. The Linksys Web site offers
networks), allow remote administration, keep a firmware updates, a searchable knowledge
log of all Internet sites visited, and more. base, user guides, and FAQs.
Unfortunately, unlike the D-Link DI-714 wire- The Linksys EtherFast wireless router could
less broadband router with four-port switch, have done a better job with its setup documen-
the Linksys EtherFast doesn’t include stateful tation and offered more complete security fea-
packet inspection among its security features, tures. Nevertheless, for the price, it still is a
which would have provided an added level of good solution for SOHO users looking to
security to the existing NAT and TCP/IP combine wireless and cabled network seg-
inspection. ments with broadband Internet access.
T
he HP wireless gateway hn200w has and HP’s support was unable to fully identify
the coolest appearance of any such the problem (we even downloaded a beta
device on the market. Even the setup firmware upgrade to no avail). HP expects to
program looks great. With its friendly auto- resolve all XP incompatibility issues by June
matic setup and use of nontechnical terms, 2002, but for now, we used Windows 2000 to
this device is clearly geared toward network test the gateway instead. The unit comes with
novices and home users. an illustrated Quick Start Guide, which covers
In addition to an 802.11b radio, you
get four 10/100-Mbps Ethernet ports
(more than most units), an uplink port for
attaching another hub, and an Ethernet cable.
It’s too bad this unit disappointed us by
refusing to work with Windows XP and by
burying features in its configuration soft-
ware. The one-year warranty was also a
letdown.
A software maze
Unlike most wireless gateways, the $220 HP
requires that you install software to get started.
However, incompatibility caused by the app
kept the unit from working with Windows XP,
R
esembling a broad, flat, beige mush- should be sufficient for most broadband
room, the Intel wireless gateway does a connections.
decent job of providing 802.11b wire-
less access for home users mostly interested in Staying safe and sound
surfing the Web. To configure the gateway, insert the CD-ROM
On the downside, the setup is a bit quirky, and follow the onscreen instructions. The
only one Ethernet port is provided, and Intel setup wizard works pretty well, asking you for
offers limited phone support. The upside: Its ISP settings, prompting you for a network ID
speed is decent, the documentation is pretty code, and so on. The full documentation on
complete, and—if you need the option—the CD-ROM is somewhat disorganized, but it
Intel doubles as a wireless access point. The covers the bases pretty well, including a glos-
three-year warranty is enticing, too. sary and a troubleshooting guide. During
setup, the configuration utility asks you to cre-
It’s in the air ate your own password. You get basic NAT
The $219 Intel comes with a good, illustrated security, of course, but the wizard also recom-
quick-start guide. You plug the unit into your mends WEP encryption, with detailed instruc-
DSL or cable modem and, through the unit’s tions for entering 64- and 128-bit keys. You
one LAN port, hook up your computer via a
crossover Ethernet cable that Intel graciously
supplies. From the outset, Intel gives you the
option to set up the gateway as a wireless
access point on an existing network—a waste
of the router capability but a convenient
option if you need it.
The Intel boasts a serial port that might lead
you to believe that it can connect to a dial-up
modem as a backup—but no such luck. The
manual says that the port is for “advanced
users to view or change the gateway’s settings
using Telnet or HyperTerminal interfaces”
instead of the configuration firmware. No
explanation is offered to describe how you
might do this.
To communicate with the gateway, you’ll Specs
need a wireless network adapter for each
Maximum theoretical throughput 100 Mbps/11 Mbps
computer you plan to connect. Intel, like
most wireless gateway vendors, sells and rec- Connectivity Wireless, cable
ommends its own adapters. We used the $99
Warranty on parts/labor Three years
AnyPoint Wireless II Network PC Card and
the $109 AnyPoint Wireless II Network USB Device type Wireless access point
model. For those on a budget, the company Protocol(s) Ethernet, Fast Ethernet,
also offers “entry level” home networking IEEE 802.11b
adapters that top out at 1.6 Mbps (compared
to 11 Mbps in the regular models) and cost Compatible operating systems Windows 95 and above
only $30 a pop. If all you want to do is share Model first available October 1, 2001
Internet access, the low-priced models
C
onsidering its name, you might expect connecting to an ISDN terminal adapter or a
the Barricade to come with retractable POTS analog modem; the latter is a handy
metal grating encased in barbed wire. backup if your broadband service becomes
Instead, SMC’s wireless broadband router is a temporarily unavailable. The Barricade also has
sleek, gray box about the size of a big slice of a parallel port, but because new printers typi-
deep-dish pizza. But despite its modest appear- cally connect via USB, most home users will
ance, it offers more connection ports than any have difficulty finding a use for it.
other home router we’ve tested, with the The Barricade offers some other conven-
exception of the Siemens SpeedStream Wire- iences as well. Two omnidirectional antennas
less DSL/cable router. It also offers excellent extend from either side on the back to provide
performance and an impressive set of security better range, and a Reset button next to the
features to protect your network from the printer port sends the router back to its factory
most common hacker attacks. default settings. While the Barricade does not
include brackets for wall or ceiling mounting, it
Ports galore does come with a CAT-5 Ethernet cable.
The $178 Barricade offers an impressive array
of ports. It includes three 10/100-Mbps Eth- Simple administration
ernet ports and a 10-Mbps WAN port for Setting up the Barricade is simple. The Quick
connecting your cable/DSL modem. The Installation Guide contains detailed and illus-
Barricade also has an RS-232 serial port for trated configuration instructions for PCs and
Good security
You can also make more sophisticated net-
working settings from the Advanced menu tab.
For example, you can configure the Barricade
to function as a virtual server for services Specs
you would like to set up behind the router’s Maximum theoretical throughput 100 Mbps/11 Mbps
NAT-based firewall. A simple check box tells
the router to discard pings from the WAN Connectivity Wireless, cable
side, which helps conceal your router on the Warranty on parts/labor Limited lifetime
Internet. You can also run multiuser applica-
tions behind the firewall by opening public Device type Router
ports or assigning a particular machine to run Protocol(s) Ethernet, Fast Ethernet,
without firewall protection within a DMZ. IEEE 802.11b
Other tabs let you update the firmware, reset
defaults, or check the security log, where you Compatible operating systems Windows, Mac
can view any illegal attempts to access your Model first available April 1, 2001
network. The Barricade’s firewall can also
block common hacker attacks, including IP within 30 days. Limited lifetime means SMC
spoofing, land attack, ping of death, smurf will support the product for up to one year
attack, and snork attack. past the date the company decides to discon-
The Barricade performed admirably in our tinue the product. After that, warranty repair
labs’ tests. With 4.9 Mbps of wireless through- or replacement is considered on a case-by-case
put and 88.3 Mbps of Ethernet throughput, it basis. Toll-free phone support, however, is
matched the NetGear MR314 cable/DSL available 24/7 for as long as you own the prod-
wireless router. In informal range tests, the uct. The SMC Web site also offers drivers,
Barricade delivered better and more consistent FAQs, and e-mail support.
signal strength than the MR314 when connect- If you need a wireless router for your home
ing through walls, but by only a few feet. or small office, SMC delivers an attractive
package at a reasonable price. The Barricade
Lasts a lifetime? offers excellent performance, a plethora of
SMC’s complex warranty and support policies
ports, and good security to boot. But we do
make the user work a bit to get the best deal.
find the carrot-and-stick support policies
The Barricade comes with a standard 90-day
rather harsh.
warranty, but you can upgrade to a limited life-
time warranty if you register your product
W
ith the SMC EZ Connect 802.11a address similar to the access point’s default
wireless access point, you no longer address. Apparently, this is a common problem
need to sacrifice financial security with setting up the access point. Inexplicably,
or networking performance when you give up SMC fails to address it in the manual. You can
wires. This device’s modest price and good also manually get to the Web-based configura-
performance make it suitable for network tion screen by typing the access point’s pro-
gaming and streaming video over short-range, vided IP address into your PC’s Web browser.
wireless networks. However, first-time net- Once the setup wizard was up and running,
workers may find the EZ Connect’s some- it was easy to use. SMC walks you through
times balky configuration and limited reach specifying the SSID, enabling turbo mode, and
troublesome. implementing 64-, 128-, or 152-bit WEP secu-
rity. The advanced setup screen lets you set the
A good value access point to work as a DHCP client or
At $356, the EZ Connect 802.11a is a good server. And you can modify settings for syn-
solution at a competitive price. The access chronizing with other access points or set data-
point’s gently curved, plastic casing sports packet sizes. If your network suffers from
two omnidirectional antennas, three front- signal interference, shrinking the packet sizes
panel LED lights, and connections for Ether- increases network reliability—but reduces its
net and power. A Reset button, which returns efficiency. The status screen displays more
the access point to its factory settings if the than two dozen useful bits of information,
Web-based configuration utility fails, nestles including MAC address, WEP status, mode
between the two jacks on the back. The (turbo or regular), and signal strength, in easy-
package also contains a power adapter; a to-read tables.
helpful, 40-page manual; and a CD-ROM con-
taining the same manual in electronic form, Solid performance
drivers, and the EZ Connect 802.11a Config- Like other 802.11a access points, the EZ Con-
uration Utility, which you use to access the nect 802.11a operates in the 5-GHz band, free
Web-based configuration page. To test the from cordless-phone and other device interfer-
unit, we used a laptop outfitted with SMC’s ence that can plague 802.11b networks. The
$143 EZ Connect 802.11a wireless Cardbus EZ Connect also has a top speed of 54 Mbps,
adapter. or nearly five times the 802.11b benchmark.
In CNET Labs’ tests, however, it produced
Tricky configuration just less than 21 Mbps of throughput—aver-
As its name implies, installing the EZ Connect age among 802.11a access points. Proprietary
802.11a is remarkably easy; however, configur- turbo mode theoretically boosts speed to
ing the unit is a bit trickier. First you install the 72 Mbps, but in tests, it actually yielded just
EZ Connect 802.11a Configuration Utility on 25.6 Mbps, which is middle-of-the-road com-
the PC you plan to connect; use your own Eth- pared to other manufacturers’ turbo modes.
ernet cable to connect your PC to the access Like all 802.11a turbo implementations, SMC’s
point (SMC does not include one); then run turbo mode won’t work with other manufac-
the utility. The application should find the turers’ equipment.
access point automatically; unfortunately, it Range was also a challenge for the EZ Con-
didn’t. It worked only after tech support rec- nect 802.11a. In our workout, it fell short of
its stated range of 1,650 feet outdoors and 165 Read the warranty
feet indoors. Speed dropped off rapidly once a SMC’s service and support policies for the EZ
few walls intervened. Separated by 60 feet and Connect 802.11a are generous, provided you
a floor, the EZ Connect saw its transmission read the fine print. The access point comes
rate drop to 6 Mbps, followed by a lost con- with a standard 90-day warranty, but you can
nection. If range is a major concern, you may upgrade to a limited lifetime warranty if you
want to look elsewhere. register your product within 30 days. Limited
W
ith all the talk about security and ports. This lack of additional features make
deployment problems with wireless the WAP easy to set up and administer, but it
access points (WAPs), the thought can raise the final cost if you need some of
of adding a WAP to your network may send these features because you’ll have to buy
your blood pressure rising. WAPs are supposed them separately.
to make it easier for users to get their work WAPs don’t get much easier to set up than
done, but they invariably add to the network SMC’s EZ Connect. All you have to do is plug
administrator’s workload. Fortunately, deploy- the WAP in and connect it to your network.
ing WAPs needn’t be stressful. SMC’s EZ Con- Like a workstation, the WAP can either con-
nect wireless access point lets you quickly set nect directly to a wired switch or a patch panel,
up and secure a WAP on your network. so long as the panel is patched to a hub or
switch.
WHAT WAP? According to SMC’s specifications, the EZ
For the purposes of this article, I’m going Connect can connect users up to a distance of
to discuss the SMC EZ Connect wireless 1,800 ft. As with most things, your mileage will
access point, model number SMC2655W. vary. The actual distance and speed you’ll get
This is a basic 802.11b WAP that can con- will depend on how you deploy the WAP.
nect users using any 802.11b compliant During my testing, I couldn’t effectively
device. To test this WAP, I used View-
connect the Tablet PC to the WAP at distances
over 100 ft, but that’s because the WAP was set
Sonic’s V1000 Tablet PC with its integrated
up on a desk, not placed in a high location like
Intel 802.11b networking card.
SMC recommends. In addition, the offices at
my workplace use metal studs, which can block
Setting up the WAP radio signals. Therefore, any distance problems
SMC has stripped the EZ Connect right weren’t the unit’s fault.
down to the basics. There are no firewalls to In addition to placing the WAP in a high
worry about, nor any other switches or wired location, SMC recommends that you orient the
O
ne of the newest products in the X The wireless adapter with internal antenna
SMC EZ Connect line is the X Driver and utility disks
SMC2664W 2.4-GHz USB wireless
adapter. In conjunction with a wireless access X 6-ft. USB cable
point, you can use this adapter to quickly and X Fastening clip
easily connect any Windows PC with a USB X Velcro swatches
port to the network. Because it connects via
USB, the SMC2664W is a great solution for X Two small magnets
both laptop and desktop users who need a You’ll notice that the drivers and product
wireless connection. It’s easy to install and, for utility software come on disk, not CD. This
the most part, works as advertised. If you’re could have been a problem for me because the
looking for an alternative to a PC Card laptop on which I was testing the device didn’t
adapter, the SMC2664W is a solid option. have a floppy drive. My workaround was to
copy the contents of the disks onto a USB
Parts and installation storage device. Given my access to the USB
The SMC2664W package includes the storage device, the disks presented only a
following:
A Product details
variety of networking products aimed
at small offices/home offices Barricade Plus (Figure A) is packaged with the
(SOHOs) have flooded the market, router unit, two antennae, power adapter, and
with huge leaps having been made in wireless setup CD. You must attach the antennae to the
networking. The intent is to make it easier for router by screwing them in place on the port-
SOHO users to set up networks and share side of the box. The manual included with the
data, and, for the most part, the vendors have device is merely a quick start guide, but you
achieved that goal. can download a more detailed document in
Among these offerings is SMC’s PDF format from the SMC Web site. You
7004WFW Barricade Plus wireless broad- really won’t need either at first, however,
band router. Aimed primarily at SOHO because the setup CD entirely automates the
users, this 10/100 Mbps three-port router initial setup process. It’s only when you get
also acts as an 11-Mbps wireless access point, into advanced settings—filtering and security
allowing clients with wireless adapters to measures—that you might need to consult the
share a broadband Internet connection. manual.
The 7004WFW is easy to set up and per- SMC lists the following specifications and
forms well, but some caveats make it a less- features for Barricade Plus:
than-perfect product. On the whole, the
X IEEE 802.11b compliant
7004WFW is a good option, but you can
find comparable products—even similar X Wireless operation at 11, 5.5, 2, or 1 Mbps
SMC offerings—that cost less. X Range of up to 304.8m (1,000 ft.)
X Frequency: (U.S./Canada/Europe) 2.400-
2.4835 GHz; Japan: 2.471-2.497 GHz
W
ireless networking is evolving at a from the founders’ backgrounds in the cellular
rapid pace, transforming into an phone industry with Agilent. Belanger said that
increasingly viable solution for their experience building test equipment for
enterprise networks. Performance boosts and the cellular phone industry and working with
security enhancements are among the forces sophisticated RF equipment was instrumental
pushing wireless deeper into the networking in their work to marry smart antennas with
mainstream. Vivato is taking that evolution a wireless technology.
step further with the introduction of indoor Belanger said that Vivato’s switches repre-
and outdoor Wi-Fi switches. Vivato expects to sent a big change in wireless networking prod-
launch the products in early 2003. They’ll be ucts largely because, up until now, most of the
the first wireless switching products to hit the devices introduced have been client adapters
market and could have a significant impact on and access points. Belanger sees wireless
how organizations deploy wireless networks. A switching as a sign that the market is maturing
single switch installed indoors will offer net- and believes that the introduction of these
work coverage for an entire floor, while an products represents a new architecture. He
outdoor switch can connect buildings. said that this evolution of wireless networking
Service providers will be able to take advan- is analogous to that of Ethernet networking.
tage of the several-mile range of the outdoor “When Ethernet switching was introduced,
switch, and the indoor switches’ shorter range it helped the explosion of Ethernet because it
of around two miles will give organizations really scaled up the capacity so it could work in
much more flexibility in deploying wireless large installations.”
networks by replacing multiple access points. Another parallel is in the constant upgrad-
The technology Vivato is introducing could ing of the speed of Ethernet. Belanger said
represent a significant step forward for wire- the same kind of thing is happening in wireless
less networking. Any organization that has networking. The market is beginning to
implemented WLANs or is planning a WLAN explode because of the rapid improvements
implementation this year should take note. being made.
Belanger feels that Vivato’s switches offer a
Company and product more robust way to deploy wireless networks
background with a lower TCO because there will be fewer
Vivato is a two-year-old startup headquartered pieces of hardware to install. For example,
in San Francisco. Unlike other companies in organizations currently have to deploy a num-
the wireless market, Vivato is focusing on ber of access points to provide network cover-
infrastructure products rather than client age on a single floor. But with the Vivato
devices. To achieve wireless switching, Vivato switches, they’ll deploy just one device on a
combined existing smart antenna technology building floor to achieve the same connectivity.
with existing wireless technology. The switches will operate much like stan-
“People thought that combination was dard gigabit Ethernet switches, and the
impossible,” said Vivato Vice President of devices include support for VPNs, VLANs,
Marketing Phil Belanger, “but we figured out and 802.1X security. Because the switches will
how to make it work, and we were able to operate in a familiar manner and because they
accomplish it because we had multiple disci- will replace many devices that would other-
plines on our team.” wise have to be installed, Belanger said that
An important part of the knowledge neces- the Vivato wireless solution will be easier
sary to combine the two technologies came to manage.
Notes
e-mail: customerservice@techrepublic.com
Phone: 845-566-1866 • 800-217-4339
Product code: B059