WIRELESS NETWORKING

Introduction – 802.11 Overview

Whether it’s because you have made a call using a mobile phone, received a
message on your pager, checked your email from a PDA or even just seen an
advert related to it, we have all come across a wireless data or voice network!

If a user, application or company wishes to make data portable, mobile and

accessible then wireless networking is the answer. A wireless networking system
would rid of the downtime you would normally have in a wired network due to
cable problems. It would also save time and money due to the fact that you
would spare the expense of installing a lot of cables. Also, if a client computer
needs to relocate to another part of the office then all you need to do is move the
machine with the wireless network card.

Wireless networking can prove to be very useful in public places – libraries,

guest houses, hotels, cafeterias, and schools are all places where one might find
wireless access to the Internet. From a financial point of view, this is beneficial to
both the provider and the client. The provider would offer the service for a
charge – probably on a pay per use system, and the client would be able to take
advantage of this service in a convenient location; away from the office or home.
A drawback of wireless Internet is that the QoS (Quality of Service) is not
guaranteed and if there is any interference with the link then the connection may
be dropped.

Types of Wireless Networks

WLANS: Wireless Local Area Networks

WLANS allow users in a local area, such as a university campus or library, to

form a network or gain access to the internet. A temporary network can be
formed by a small number of users without the need of an access point; given
that they do not need access to network resources.

WPANS: Wireless Personal Area Networks

The two current technologies for wireless personal area networks are Infra Red
(IR) and Bluetooth (IEEE 802.15). These will allow the connectivity of personal
devices within an area of about 30 feet. However, IR requires a direct line of site
and the range is less.

1
WMANS: Wireless Metropolitan Area Networks

This technology allows the connection of multiple networks in a metropolitan

area such as different buildings in a city, which can be an alternative or backup
to laying copper or fiber cabling.

WWANS: Wireless Wide Area Networks

These types of networks can be maintained over large areas, such as cities or
countries, via multiple satellite systems or antenna sites looked after by an ISP.
These types of systems are referred to as 2G (2nd Generation) systems.

Below is a table indicating the range that wireless data networks can handle:

Meters Network
0-10 Personal Area Network
0-100 Local Area Network
0-10000 Wide Area Network

Security
The following are three methods of security available when it comes to wireless:

WEP (Wired Equivalent Privacy)

Wired Equivalent Privacy is intended to stop the interception of radio frequency

signals by unauthorized users and is most suitable for small networks. This is so
because there is no key management protocol and each key must be entered
manually into the clients – this proves to be a very time consuming
administrative task. WEP is based on the RC4 encryption algorithm by RSA Data
Systems. It works by having all clients and Access Points configured with the
same key for encryption and decryption.

2
SSID (Service Set Identifier)

SSID acts a simple password by allowing a WLAN network to be split up into

different networks each having a unique identifier. These identifiers will be
programmed into multiple access points. To access any of the networks, a client
computer must be configured with a corresponding SSID identifier for that
network. If they match then access will be granted to the client computer.

MAC (Media Access Control) address filtering

A list of MAC addresses belonging to the client computers can be inputted into
an Access Point and thus only those computers will be allowed access. When a
computer makes a request, its MAC address is compared to that of the MAC
address list on the Access Point and permission granted or denied. This is a good
method of security but only recommended for smaller networks as there is a
high rate of work involved in entering each MAC address into every Access
Point.

Understanding the 802.11 family

The 802.11 standard first appeared in the 1990’s and was developed by the
Institute of Electrical and Electronics Engineers. It has now emerged and
expanded to be one of the leading technologies in the wireless world.

802.11
Using either FHSS (frequency hopping spread spectrum) or DSSS (direct
sequence spread spectrum) this provides a 1 to 2 Mbps transmission rate on the
2.4GHz band.

802.11a
Using the OFDM (orthogonal frequency division multiplexing) this provides up
to 54Mbps and runs on the 5GHz band.

802.11b
This is also known as Wi-Fi or High Rate 802.11 uses DSSS and applies to
wireless LANs. It is most commonly used for private use, at home. It provides an
11 Mbps transmission rate and has a fallback rate of 5.5, 2 and 1 Mbps.

802.11g
This provides a 20+ Mbps transmission rate applies to LANs and runs on the
2.4GHz band.

3
The image below demonstrates the wireless data infrastructure as an extension of
the Internet.

Bluetooth
Bluetooth is a simple type of wireless networking that allows the formation of a
small network with up to eight devices being connected at once. Such devices
would include PDAs, Laptops, Mobile Phones and Personal Computers.
However, Bluetooth may also be found in keyboards, mice, headsets and mobile
phone hands-free kits, amongst others. It was originally invented by Ericsson in
1994. In 1998 the Bluetooth SIG (Special Interest Group) was formed by a small
number of major companies – Ericsson, Nokia, Intel and Toshiba – to help each
other develop and promote the technology. Bluetooth falls under personal area
networking since it is has a very short range – 30 to 300 feet. This sort of range
adds to the security of such a technology in that if someone wanted to sniff your
connection they would not only need special equipment but they would have to
be fairly close to you. The main features of Bluetooth are that unlike Infra Red,
the signal is not affected by walls it uses radio technology, it is not very
expensive, and has little power consumption.

Windows 2003 and Wireless Networking

Through its improved security and performance features, Windows 2003 makes
usability and deployment of wireless local area network services easier. Such
features include authentication, authorization and automatic key management.

IAS (Internet Authentication Service)

An improved feature in Windows 2003 is the Internet Authentication Service

which takes over from RADIUS (Remote Authentication Dial In User Service)
found in Windows 2000. It performs centralized account management,
authorization and authentication for many types of networks, including wireless.
IAS uses the authentication protocols within PPP to authenticate users. These
include the CHAP (Challenge Handshake Authentication Protocol) and the
Microsoft version, MS-CHAP. EAP (Extensible Authentication Protocol) is

4
another method of authentication which is used for smart cards, certificates and
one-time passwords.

Hardware Requirements
The kind of hardware you would need to setup a wireless network depends on
what the scale of the network will be. However you will almost certainly always
need an access point and a wireless network interface card. If you want to setup
a temporary network between two computers then two wireless NIC cards are
enough. If you wish to share a broadband internet connection then speeds of a
512k and above are required. Lower bandwidth will work but only result in
slower or unacceptable performance.

Access Point

This piece of hardware acts as a bridge between the wired network and wireless
devices. It allows multiple devices to connect through it to gain access to the
network. An AP can also act as a router; a means by which the data transmission
can be extended and passed from one access point to another.

Fig. 1: an example of an access point

Wireless Network Card

A wireless network card is required on each device on a wireless network. A

laptop usually has an expansion (PCMCIA) slot which the network card would
fit in to. A desktop computer would need an internal card – which will usually
have a small antenna or an external antenna on it. These antennas are optional on
most equipment and they help to increase the signal on the card.

Fig. 2: an example of a wireless network card (NIC)

Other than this you would obviously need a desktop computer or laptop to
which this hardware would be attached.

5
Wireless Network Setup
There are two types of wireless network types. These will be explained below.

Infrastructure

Also referred to as a “hosted” or “managed” wireless network – it consists of one

or more access points (know as gateways or wireless routers) being connected to
an existed network. This will allow wireless devices to make use of resources on
the network such as printers and the Internet.

Ad-Hoc

Also referred to as an “unmanaged” or “peer to peer” wireless network – it

consists of each device connecting directly to each other. This will allow someone
sitting outside in the garden with a laptop to communicate with his desktop
computer in the house and access the Internet, for example.

Once you have acquired the necessary wireless networking hardware then the
next step is to connect it all together to form a network and allow each device to
communicate. The instructions below will act as basic guidelines of what needs
to be done.

6
Note: Before you carry out any kind of installation, make sure you have the latest
information and drivers from the hardware vendor.

You should keep these considerations in mind:

• the distance between each computer should be below 100 meters

• each computer should be on the same floor
• using the same vendor for the network card and access point will have its
advantages and disadvantages (compare and contrast the options
available to you when it comes to purchasing the hardware).

Having said this, it is possible for these conditions to be stretched and the
network still to work well, but this depends on the environment and is different
for each situation.

For this type of installation I will assume that you already have a wired network
set up and that the wireless network will be implemented so that wireless
devices (i.e.: laptop) can join the existing network.

• Plug the access point into the power outlet and existing Ethernet jack on
the network
• Configure the access point (usually via a web browser) to been seen by
your existing network – this will differ depending on the brand of your
access point
• Configure the client computers with the appropriate network settings
required to be able to communicate with the access point.

Refer to the user manual of your hardware for the exact settings. If you are using
the same vendor for all the wireless networking hardware then using the default
settings will usually work! I recommend that you try these out first before you
move into the customization or more advanced techniques stage of the settings.

The Future of Wireless Networking

About twenty per cent of homes with broadband Internet have WLANS, and this
number is set to increase. It is predicted that worldwide hotspots have now
reached 30,000 and will grow to about 210,000 within the next five years. Most
large hotels already offer Wi-Fi and with business travellers being the ones who
are willing to pay for wireless access, it is most likely that the hotel industry will
be the next big growth area for hotspots.

802.11n, the next Wi-Fi speed standard, is set to offer a bandwidth of around
108Mbps and is still under development. Wi-Fi security should be bettered with

7
the release of the 802.11i standard which will be out in the third quarter of this
year. If you are after assured quality of service then the 802.11e standard will be
of interest to you – this will ensure that packets are delivered in a timely fashion.
With speeds of 70 Mbps and a range of up to 30 miles, the 802.16 standard –
better known as WiMAX, is sure to be a hit. This should make an impact within
the next two years, although Intel have announced they will start shipping
WiMAX enabled chips in the second half of this year.

Types of Security
In Part 1 of this series I mentioned WEP, SSID and MAC Address filtering as
three methods of wireless networking security. Here we will get to know a little
more about these and what other methods of security are available.

WEP (Wired Equivalent Privacy)

Developed in the late 1990s, WEP is a basic protocol that is sometimes

overlooked by wireless administrators because of its numerous vulnerabilities.
The original implementations of WEP used 64-bit encryption (40-bit + 24-bit
Initialization Vector). By means of a Brute Force attack, 64-bit WEP can be broken
in a matter of minutes, whereas the stronger 128-bit version will take hours. It’s
not the best line of defense against unauthorized intruders but better than
nothing and mainly used by the average home user. One of the drawbacks of
WEP is that since it uses a shared key, if someone leaves the company then the
key will have to be changed on the access point and all client machines.

WEP2 (Wired Equivalent Privacy version 2)

In 2004, the IEEE proposed an updated version of WEP; WEP2 to address its
predecessor’s shortcomings. Like WEP it relies on the RC4 algorithm but instead
uses a 128-bit initialization vector making it stronger than the original version of
WEP, but may still be susceptible to the same kind of attacks.

WPA (Wi-Fi Protected Access)

WPA provides encryption via the Temporary Key Integrity Protocol (TKIP)
using the RC4 algorithm. It is based on the 802.1X protocol and addresses the
weaknesses of WEP by providing enhancements such as Per-Packet key
construction and distribution, a message integrity code feature and a stronger IV
(Initialization Vector). The downside of WPA is that unless your current
hardware supports WPA by means of a firmware upgrade, you will most likely
have to purchase new hardware to enjoy the benefits of this security method. The

8
length of a WPA key is between 8 and 63 characters – the longer it is the more
secure it is.

WPA2 (Wi-Fi Protected Access version 2)

Based on the 802.11i standard, WPA2 was released in 2004 and uses a stronger
method of encryption – AES (Advanced Encryption Standard). AES supports key
sizes of 128 bits, 192 bits, and 256 bits. It is backward compatible with WPA and
uses a fresh set of keys for every session, so essentially every packet that sent
over the air is encrypted with a unique key. As did WPA, WPA2 offers two
versions – Personal and Enterprise. Personal mode requires only an access point
and uses a pre-shared key for authentication and Enterprise mode requires a
RADIUS authentication server and uses EAP.

MAC Address Filtering

I covered this is Part 1 and talked about it briefly in the Troubleshooting Wireless
Networks Article, but it’s worth another mention for the benefit of those who
haven’t read my previous literature on the subject and also to refresh one’s
memory. MAC Address Filtering is a means of controlling which network
adapters have access to the access point. A list of MAC Addresses is entered into
the access point and anyone whose MAC address on the wireless network
adapter does not match an entry in the list will not be permitted entry. This is a
pretty good means of security when also used with a packet encryption method.
However, keep in mind that MAC addresses can be spoofed. This type of
security is usually used as a means of authentication, in conjunction with
something like WEP for encryption. Below is a basic image demonstrating the
MAC Address Filtering process:

A laptop, with MAC Address 00-0F-CA-AE-C6-A5 wants to access the wireless

network via the access point. The access point compares this Address to its list
and permits or denies access accordingly.

9
SSID (Service Set Identifier)

An SSID, or Network Name, is a “secret” name given to a wireless network. I put

secret in inverted commas because it can be sniffed pretty easily. By default, the
SSID is a part of every packet that travels over the WLAN. Unless you know the
SSID of a wireless network you cannot join it. Every network node must be
configured with the same SSID of the access point that it wishes to connect,
which becomes a bit of a headache for the network administrator.

VPN (Virtual Private Network) Link

Perhaps the most reliable form of security would be to setup a VPN connection
over the wireless network. VPNs have for long been a trusted method of
accessing the corporate network over the internet by forming a secure tunnel
from the client to the server. Setting up a VPN may affect performance due to the
amount of data encryption involved but your mind will be at rest knowing your
data is secure. The VPN option is preferred by many enterprise administrators
because VPNs offer the best commercially available encryption. VPN software
uses advanced encryption mechanisms (AES for example), which makes
decrypting the traffic a very hard, if not impossible, task.

For a clearer understanding of the VPN link method, see the image below.

There are various levels of VPN technology, some of which are expensive and
include both hardware and software. Microsoft does however provide us with a
basic VPN technology – commonly used in small to medium enterprise networks
- Windows 2000 Advanced Server and Windows Server 2003. These are more
than capable of handling your wireless VPN requirements.

802.1X

With 802.1X the authentication stage is done via a RADIUS server (IAS on
Windows Server 2003) where the user credentials are checked against the server.
When a user first attempts to connect to the network they are asked to enter their
username and password. These are checked with the RADIUS server and access
is granted accordingly. Every user has a unique key that is changed regularly to

10
allow for better security. Hackers can crack codes but it does take time, and with
a new code being generated automatically every few minutes, by the time the
hacker cracks the code it would have expired. 802.1X is essentially a simplified
standard for passing EAP (Extensible Authentication Protocol) over a wireless
(or wired) network.

Below is an image showing the 802.1X process.

The wireless client (laptop) is known as the Supplicant. The Access Point is
known as the Authenticator and the RADIUS server is known as the
Authentication server.

General Tips and Tricks

• When purchasing a wireless NIC card, try and get one that can take an
external antenna. This will allow you to change it for a stronger one if ever
required.
• When you are out and about with your Wi-Fi enabled laptop, disable
Microsoft File and Printer sharing (which enables other computers to
access resources on your computer) so as not to leave your computer
vulnerable to hackers.
• If you are concerned about the interference from other Wireless Access
Points or wireless devices in the area, set the AP and wireless clients to
use a non-overlapping channel such as 1, 6 or 11.
• Change the configuration interface password of the access point before
you enable it. This is more common sense than a tip but most people
overlook this part of setting up a wireless network.
• Only buy an access point that has upgradeable firmware. This will allow
you to take advantage of security enhancements or interface updates.

11
 • On the same note as above, keep the access point firmware up to date.
Upgrade your firmware whenever a new one is available. It will probably
consist of a new or improved feature.
• When you are not using Wi-Fi on your Wi-Fi enabled laptop, turn it off.
As well as protecting yourself from hackers you will be saving battery
power.
• From time to time, scan the area for rogue access points. If an employee
went out and bought a cheap AP and NIC card, and plugged it into the
corporate network behind the firewall then all your hard work securing
the network will go out the window. This is commonly seen on university
campuses where students purchase hardware and setup a rogue access
point in their dorm rooms.

News and Statistics

Even though the approval of 802.11n isn’t expected until the end of 2006,
hardware manufacturers such as Belkin have already started to offer Pre-N
routers and wireless network adapters. These offer improved network speed and
range which would benefit users who wish to transfer larger files and stream
audio/video. With Pre-N, an Access Point and Wireless NIC Card 10 feet away
from each other have an average throughput of about 40mbps.

Hardware vendors, such as Linksys and D-Link have also announced the use of
MIMO (Multiple- In-Multiple-Out) in their products. MIMO allows the signal to
be bounced off several antennas and paths so that data delivery is guaranteed.
Basically, many unique data streams are passed in the same frequency channel. It
is a technology that allows for the boosting of wireless bandwidth and range,
effectively providing better performance for wireless multimedia and
entertainment systems.

In Part 2 (May 2004), I mentioned that there were about 30,000 hotspots
worldwide and that that number should grow to over 210,000 in the next five
years. The latest forecast indicates that by 2006 the number of worldwide
hotspots is predicted to rise to over 110,000.

The Wi-Fi market is booming with over 95% of all laptops shipped in 2005 being
Wi-Fi enabled.

In the last quarter of last year, Wi-Fi hardware revenues grew by 17% over the
previous year.

12
Guest access looks set to be a key requirement for enterprises. The ability to send
and receive mail and access information on the enterprise servers while
attending a meeting at another company is a major plus for mobile workers.

Wireless data revenues are set to grow to 130 billion US Dollars within the next
few years.

50% of hotels in the tourism industry deploy WI-FI themselves, without using a
service provider. They usually bill it to the room or offer it free as an amenity to
guests.

In a recent Poll, forty per cent of people said they would buy a cell phone with
Wi-Fi and only twelve per cent said they would want to get TV on their cell
phone. The possibility of using voWLAN (Voice Over Wireless Local Area
Network) is appealing to many business users. This would allow someone to use
GSM while out and about and switch to voWLAN as soon as they step back into
the office.

Troubleshooting Wireless Network Connections

Check the wires and wireless network adapter
Checking that all your wires are plugged in at the router and from the plug is
one of the first things you should do – provided of course that you have access to
them. Verify that the power cord is connected and that all the lights of the router
and cable/DSL modem are on. This may seem like a ridiculous suggestion but
you should never disregard the obvious. You’d be surprised at how your
configuration can be perfect, and after a while of playing around with settings
you realize that the network cable leading from the router to the cable modem
has come undone slightly.

You will also want to check that your wireless network adapter is switched on.
Some laptops come with a small blue or red button on the side while others
require you to enable it from the operating system. In Windows, go to device
manager and check that your wireless network adapter is enabled. If you have a
PCMCIA or USB wireless adapter try removing it and then re-inserting it while
Windows is running so it will re-detect it. The lights on the adapter give an
indication of whether there is a problem. On mine, I have two lights; one is
orange to signify that the PCMCIA card has power and the other is green to
show if a connection has been established. A blinking green light means that I am
not in range of a wireless access point or there is a problem with connectivity,
whereas a stable light means a connection has been established successfully.

13
Take a look at your device documentation as these sorts of details will vary with
each product.

Driver Compatibility
It is important to make sure that you have installed the correct device driver for
your wireless network adapter. This can cause all sorts of problems or your
adapter not to function at all. A friend of mine recently set up his own wireless
network at home but complained to me that his wireless network connection was
going “crazy”. Upon inspection I realized that he had configured his router
properly but installed the 5v instead of the 3v driver on his laptop PCMCIA
network card. Once the correct driver was installed, everything began to run
smoothly. It just goes to show how even the smallest detail can make all the
difference so make sure you have the correct driver installed!

Low Signal Strength

There are a number of factors that can cause the signal of your access point to
deteriorate and the performance of your network to fall under par. Practically
any appliance that operates on the same frequency level (2.4 GHz) as 802.11b or
802.11g can cause interference with your wireless network. Be sure to keep
cordless phones, microwaves and other electrical equipment at least 1m away
from the access point. Try changing channels on the access point and test it out
on one of the clients. To change the radio channel on the access point login to the
configuration (usually a web based interface) and go to the Wireless Settings
(will vary depending on vendor) section, select a different channel and save
settings. On the client, go to Device Manager, right click your wireless network
adapter and go to Properties. In the advanced tab select the Channel Property
and change the Value to the same number as the one you chose on the Access
Point. Disable and then re-enable the wireless connection.

14
Access Point Location
You may also want to try changing the position of your access point antenna to
improve performance. Play around with its position and see if you notice a
difference. I find that if I point the antenna sideways or downwards I have better
reception on the floor below. The following images demonstrate what I mean.

Antenna pointing upwards (default)

Antenna pointing sideways

The location of your access point is vital. Try and place it in a central location, as
much as possible avoiding physical obstructions and reflective surfaces.
Remember that wireless signals bounce of windows and mirrors, thus decreasing
the range. Experiment with different locations until you find one that is practical
and promising. Most people, including myself, like placing it near the ceiling
since most obstructions are nearer to the floor.

It’s always a good idea to monitor the performance of your signal by using a
diagnostic utility. This will help you to identify how strong your signal is in
different locations and whether other electrical equipment is interfering. Run the
utility when the microwave or cordless phone is in use and see if you notice a
difference. Usually your access point will come with its own monitoring utility.

Installing a repeater for a performance boost

If you’re looking for a boost you can always choose to install a repeater. The job
of a repeater is to receive the signal, regenerate it and rebroadcast it therefore
extending the range of your wireless network. This would sit somewhere
between your Access Point and your wireless client. Some repeaters, like the
Range Expander series from LinkSys, don’t require it to be directly connected to
the network via a cable. However, if security is an issue for you, then be careful
as some of these ignore certain security methods such as MAC address filtering.
Also, some repeaters will only repeat wireless signals coming from its own
product family, i.e.: if you have a D-Link Wireless Router you will have to get a
D-Link repeater. The image below demonstrates the job of a repeater.

15
The Access Point transmits the signal. As it travels it decreases, until it hits the
repeater and gets boosted. The newly transmitted signal is then received by an
in-range wireless client.

Changing the Antenna

Changing the antenna of your access point can increase signal range and overall
performance. Typical access points come with a 2dB or 4dB gain antenna but
there are one’s available with 8, 14 and even 24dB. Antenna gain is measured in
dBi (decibels-isotropic) which basically means how powerful the antenna is and
how far it can provide a signal. Directional antennas are suitable for
environments where you have a direct line of site from one access point to
another and from access point to client; the signal travels in a straight line. Omni-
Directional antennas distribute their signal in a circular 360 degrees motion over
a horizontal pane, which is ideal for square areas.

Install Windows XP SP2

If you are using Windows XP on your wireless client - as I’m sure most of you
are – installing Service Pack 2 would be a good idea. Check the Microsoft
Website for download details. Windows XP Service Pack 2 comes with enhanced
wireless support such as a new network setup wizard, built in support for WPA
(Wi-Fi Protected Access), an updated Wireless Network Connection dialog box
and amongst others, a rather nifty repair feature.

To utilize the repair feature all you have to do is right click the connection and
select Repair or click the button on the support tab of the status dialog box. This
will disable and then re-enable the connection (which clears many of the error
conditions on wireless network adapters), clear the NetBT cache and flush the
DNS cache. I often find that if my connection signal becomes low after a long
period of activity, pressing the Repair button will boost it up to “Good” or “Very
Good” depending on my location.

16
Network Settings
DHCP Addresses

DHCP configuration errors may also cause problems when connecting to a

wireless network. Some of the newer access points on the market come with their
own DHCP server which usually assigns addresses in the 192.168.0.x range. If
your wired network uses a different range then you will probably find that
wireless network clients are able to obtain an IP address and ping the access
point but communication with other clients will not work. Your access point
configuration interface should allow you to set which address scope to use. Set
this to be the same as that of your other clients. You can also just disable the
DHCP server on the access point and allow clients to obtain an address from the
normal DHCP Server on your network.

Encryption Keys

Double check and re-enter your WEP/WPA encryption keys. Wireless

Encryption will vary depending on which type of network you are connecting to.
In Windows XP, on the Association tab of your wireless network properties
dialog box, verify that your network key has been entered correctly and is valid
for the network you are attempting to connect to.

MAC Address Filters

A great form of security to allow restricted access to your network. As I had

explained earlier (introduction), MAC Address Filters are a list of MAC
addresses belonging to the clients that are allowed access to the network. This
will only permit clients with the specified MAC Addresses to communicate with
the network. Having said this, it may be the reason to your problem. Verify that
the problematic client’s MAC is in the address list. If the network card had to be
changed or a new device purchased recently, be sure to add it to the list.

17