Escolar Documentos
Profissional Documentos
Cultura Documentos
The two current technologies for wireless personal area networks are Infra Red
(IR) and Bluetooth (IEEE 802.15). These will allow the connectivity of personal
devices within an area of about 30 feet. However, IR requires a direct line of site
and the range is less.
1
WMANS: Wireless Metropolitan Area Networks
These types of networks can be maintained over large areas, such as cities or
countries, via multiple satellite systems or antenna sites looked after by an ISP.
These types of systems are referred to as 2G (2nd Generation) systems.
Below is a table indicating the range that wireless data networks can handle:
Meters Network
0-10 Personal Area Network
0-100 Local Area Network
0-10000 Wide Area Network
Security
The following are three methods of security available when it comes to wireless:
2
SSID (Service Set Identifier)
A list of MAC addresses belonging to the client computers can be inputted into
an Access Point and thus only those computers will be allowed access. When a
computer makes a request, its MAC address is compared to that of the MAC
address list on the Access Point and permission granted or denied. This is a good
method of security but only recommended for smaller networks as there is a
high rate of work involved in entering each MAC address into every Access
Point.
802.11
Using either FHSS (frequency hopping spread spectrum) or DSSS (direct
sequence spread spectrum) this provides a 1 to 2 Mbps transmission rate on the
2.4GHz band.
802.11a
Using the OFDM (orthogonal frequency division multiplexing) this provides up
to 54Mbps and runs on the 5GHz band.
802.11b
This is also known as Wi-Fi or High Rate 802.11 uses DSSS and applies to
wireless LANs. It is most commonly used for private use, at home. It provides an
11 Mbps transmission rate and has a fallback rate of 5.5, 2 and 1 Mbps.
802.11g
This provides a 20+ Mbps transmission rate applies to LANs and runs on the
2.4GHz band.
3
The image below demonstrates the wireless data infrastructure as an extension of
the Internet.
Bluetooth
Bluetooth is a simple type of wireless networking that allows the formation of a
small network with up to eight devices being connected at once. Such devices
would include PDAs, Laptops, Mobile Phones and Personal Computers.
However, Bluetooth may also be found in keyboards, mice, headsets and mobile
phone hands-free kits, amongst others. It was originally invented by Ericsson in
1994. In 1998 the Bluetooth SIG (Special Interest Group) was formed by a small
number of major companies – Ericsson, Nokia, Intel and Toshiba – to help each
other develop and promote the technology. Bluetooth falls under personal area
networking since it is has a very short range – 30 to 300 feet. This sort of range
adds to the security of such a technology in that if someone wanted to sniff your
connection they would not only need special equipment but they would have to
be fairly close to you. The main features of Bluetooth are that unlike Infra Red,
the signal is not affected by walls it uses radio technology, it is not very
expensive, and has little power consumption.
4
another method of authentication which is used for smart cards, certificates and
one-time passwords.
Hardware Requirements
The kind of hardware you would need to setup a wireless network depends on
what the scale of the network will be. However you will almost certainly always
need an access point and a wireless network interface card. If you want to setup
a temporary network between two computers then two wireless NIC cards are
enough. If you wish to share a broadband internet connection then speeds of a
512k and above are required. Lower bandwidth will work but only result in
slower or unacceptable performance.
Access Point
This piece of hardware acts as a bridge between the wired network and wireless
devices. It allows multiple devices to connect through it to gain access to the
network. An AP can also act as a router; a means by which the data transmission
can be extended and passed from one access point to another.
Other than this you would obviously need a desktop computer or laptop to
which this hardware would be attached.
5
Wireless Network Setup
There are two types of wireless network types. These will be explained below.
Infrastructure
Ad-Hoc
Once you have acquired the necessary wireless networking hardware then the
next step is to connect it all together to form a network and allow each device to
communicate. The instructions below will act as basic guidelines of what needs
to be done.
6
Note: Before you carry out any kind of installation, make sure you have the latest
information and drivers from the hardware vendor.
Having said this, it is possible for these conditions to be stretched and the
network still to work well, but this depends on the environment and is different
for each situation.
For this type of installation I will assume that you already have a wired network
set up and that the wireless network will be implemented so that wireless
devices (i.e.: laptop) can join the existing network.
• Plug the access point into the power outlet and existing Ethernet jack on
the network
• Configure the access point (usually via a web browser) to been seen by
your existing network – this will differ depending on the brand of your
access point
• Configure the client computers with the appropriate network settings
required to be able to communicate with the access point.
Refer to the user manual of your hardware for the exact settings. If you are using
the same vendor for all the wireless networking hardware then using the default
settings will usually work! I recommend that you try these out first before you
move into the customization or more advanced techniques stage of the settings.
802.11n, the next Wi-Fi speed standard, is set to offer a bandwidth of around
108Mbps and is still under development. Wi-Fi security should be bettered with
7
the release of the 802.11i standard which will be out in the third quarter of this
year. If you are after assured quality of service then the 802.11e standard will be
of interest to you – this will ensure that packets are delivered in a timely fashion.
With speeds of 70 Mbps and a range of up to 30 miles, the 802.16 standard –
better known as WiMAX, is sure to be a hit. This should make an impact within
the next two years, although Intel have announced they will start shipping
WiMAX enabled chips in the second half of this year.
Types of Security
In Part 1 of this series I mentioned WEP, SSID and MAC Address filtering as
three methods of wireless networking security. Here we will get to know a little
more about these and what other methods of security are available.
In 2004, the IEEE proposed an updated version of WEP; WEP2 to address its
predecessor’s shortcomings. Like WEP it relies on the RC4 algorithm but instead
uses a 128-bit initialization vector making it stronger than the original version of
WEP, but may still be susceptible to the same kind of attacks.
WPA provides encryption via the Temporary Key Integrity Protocol (TKIP)
using the RC4 algorithm. It is based on the 802.1X protocol and addresses the
weaknesses of WEP by providing enhancements such as Per-Packet key
construction and distribution, a message integrity code feature and a stronger IV
(Initialization Vector). The downside of WPA is that unless your current
hardware supports WPA by means of a firmware upgrade, you will most likely
have to purchase new hardware to enjoy the benefits of this security method. The
8
length of a WPA key is between 8 and 63 characters – the longer it is the more
secure it is.
Based on the 802.11i standard, WPA2 was released in 2004 and uses a stronger
method of encryption – AES (Advanced Encryption Standard). AES supports key
sizes of 128 bits, 192 bits, and 256 bits. It is backward compatible with WPA and
uses a fresh set of keys for every session, so essentially every packet that sent
over the air is encrypted with a unique key. As did WPA, WPA2 offers two
versions – Personal and Enterprise. Personal mode requires only an access point
and uses a pre-shared key for authentication and Enterprise mode requires a
RADIUS authentication server and uses EAP.
I covered this is Part 1 and talked about it briefly in the Troubleshooting Wireless
Networks Article, but it’s worth another mention for the benefit of those who
haven’t read my previous literature on the subject and also to refresh one’s
memory. MAC Address Filtering is a means of controlling which network
adapters have access to the access point. A list of MAC Addresses is entered into
the access point and anyone whose MAC address on the wireless network
adapter does not match an entry in the list will not be permitted entry. This is a
pretty good means of security when also used with a packet encryption method.
However, keep in mind that MAC addresses can be spoofed. This type of
security is usually used as a means of authentication, in conjunction with
something like WEP for encryption. Below is a basic image demonstrating the
MAC Address Filtering process:
9
SSID (Service Set Identifier)
Perhaps the most reliable form of security would be to setup a VPN connection
over the wireless network. VPNs have for long been a trusted method of
accessing the corporate network over the internet by forming a secure tunnel
from the client to the server. Setting up a VPN may affect performance due to the
amount of data encryption involved but your mind will be at rest knowing your
data is secure. The VPN option is preferred by many enterprise administrators
because VPNs offer the best commercially available encryption. VPN software
uses advanced encryption mechanisms (AES for example), which makes
decrypting the traffic a very hard, if not impossible, task.
For a clearer understanding of the VPN link method, see the image below.
There are various levels of VPN technology, some of which are expensive and
include both hardware and software. Microsoft does however provide us with a
basic VPN technology – commonly used in small to medium enterprise networks
- Windows 2000 Advanced Server and Windows Server 2003. These are more
than capable of handling your wireless VPN requirements.
802.1X
With 802.1X the authentication stage is done via a RADIUS server (IAS on
Windows Server 2003) where the user credentials are checked against the server.
When a user first attempts to connect to the network they are asked to enter their
username and password. These are checked with the RADIUS server and access
is granted accordingly. Every user has a unique key that is changed regularly to
10
allow for better security. Hackers can crack codes but it does take time, and with
a new code being generated automatically every few minutes, by the time the
hacker cracks the code it would have expired. 802.1X is essentially a simplified
standard for passing EAP (Extensible Authentication Protocol) over a wireless
(or wired) network.
The wireless client (laptop) is known as the Supplicant. The Access Point is
known as the Authenticator and the RADIUS server is known as the
Authentication server.
• When purchasing a wireless NIC card, try and get one that can take an
external antenna. This will allow you to change it for a stronger one if ever
required.
• When you are out and about with your Wi-Fi enabled laptop, disable
Microsoft File and Printer sharing (which enables other computers to
access resources on your computer) so as not to leave your computer
vulnerable to hackers.
• If you are concerned about the interference from other Wireless Access
Points or wireless devices in the area, set the AP and wireless clients to
use a non-overlapping channel such as 1, 6 or 11.
• Change the configuration interface password of the access point before
you enable it. This is more common sense than a tip but most people
overlook this part of setting up a wireless network.
• Only buy an access point that has upgradeable firmware. This will allow
you to take advantage of security enhancements or interface updates.
11
• On the same note as above, keep the access point firmware up to date.
Upgrade your firmware whenever a new one is available. It will probably
consist of a new or improved feature.
• When you are not using Wi-Fi on your Wi-Fi enabled laptop, turn it off.
As well as protecting yourself from hackers you will be saving battery
power.
• From time to time, scan the area for rogue access points. If an employee
went out and bought a cheap AP and NIC card, and plugged it into the
corporate network behind the firewall then all your hard work securing
the network will go out the window. This is commonly seen on university
campuses where students purchase hardware and setup a rogue access
point in their dorm rooms.
Hardware vendors, such as Linksys and D-Link have also announced the use of
MIMO (Multiple- In-Multiple-Out) in their products. MIMO allows the signal to
be bounced off several antennas and paths so that data delivery is guaranteed.
Basically, many unique data streams are passed in the same frequency channel. It
is a technology that allows for the boosting of wireless bandwidth and range,
effectively providing better performance for wireless multimedia and
entertainment systems.
In Part 2 (May 2004), I mentioned that there were about 30,000 hotspots
worldwide and that that number should grow to over 210,000 in the next five
years. The latest forecast indicates that by 2006 the number of worldwide
hotspots is predicted to rise to over 110,000.
The Wi-Fi market is booming with over 95% of all laptops shipped in 2005 being
Wi-Fi enabled.
In the last quarter of last year, Wi-Fi hardware revenues grew by 17% over the
previous year.
12
Guest access looks set to be a key requirement for enterprises. The ability to send
and receive mail and access information on the enterprise servers while
attending a meeting at another company is a major plus for mobile workers.
Wireless data revenues are set to grow to 130 billion US Dollars within the next
few years.
50% of hotels in the tourism industry deploy WI-FI themselves, without using a
service provider. They usually bill it to the room or offer it free as an amenity to
guests.
In a recent Poll, forty per cent of people said they would buy a cell phone with
Wi-Fi and only twelve per cent said they would want to get TV on their cell
phone. The possibility of using voWLAN (Voice Over Wireless Local Area
Network) is appealing to many business users. This would allow someone to use
GSM while out and about and switch to voWLAN as soon as they step back into
the office.
You will also want to check that your wireless network adapter is switched on.
Some laptops come with a small blue or red button on the side while others
require you to enable it from the operating system. In Windows, go to device
manager and check that your wireless network adapter is enabled. If you have a
PCMCIA or USB wireless adapter try removing it and then re-inserting it while
Windows is running so it will re-detect it. The lights on the adapter give an
indication of whether there is a problem. On mine, I have two lights; one is
orange to signify that the PCMCIA card has power and the other is green to
show if a connection has been established. A blinking green light means that I am
not in range of a wireless access point or there is a problem with connectivity,
whereas a stable light means a connection has been established successfully.
13
Take a look at your device documentation as these sorts of details will vary with
each product.
Driver Compatibility
It is important to make sure that you have installed the correct device driver for
your wireless network adapter. This can cause all sorts of problems or your
adapter not to function at all. A friend of mine recently set up his own wireless
network at home but complained to me that his wireless network connection was
going “crazy”. Upon inspection I realized that he had configured his router
properly but installed the 5v instead of the 3v driver on his laptop PCMCIA
network card. Once the correct driver was installed, everything began to run
smoothly. It just goes to show how even the smallest detail can make all the
difference so make sure you have the correct driver installed!
14
Access Point Location
You may also want to try changing the position of your access point antenna to
improve performance. Play around with its position and see if you notice a
difference. I find that if I point the antenna sideways or downwards I have better
reception on the floor below. The following images demonstrate what I mean.
The location of your access point is vital. Try and place it in a central location, as
much as possible avoiding physical obstructions and reflective surfaces.
Remember that wireless signals bounce of windows and mirrors, thus decreasing
the range. Experiment with different locations until you find one that is practical
and promising. Most people, including myself, like placing it near the ceiling
since most obstructions are nearer to the floor.
It’s always a good idea to monitor the performance of your signal by using a
diagnostic utility. This will help you to identify how strong your signal is in
different locations and whether other electrical equipment is interfering. Run the
utility when the microwave or cordless phone is in use and see if you notice a
difference. Usually your access point will come with its own monitoring utility.
15
The Access Point transmits the signal. As it travels it decreases, until it hits the
repeater and gets boosted. The newly transmitted signal is then received by an
in-range wireless client.
To utilize the repair feature all you have to do is right click the connection and
select Repair or click the button on the support tab of the status dialog box. This
will disable and then re-enable the connection (which clears many of the error
conditions on wireless network adapters), clear the NetBT cache and flush the
DNS cache. I often find that if my connection signal becomes low after a long
period of activity, pressing the Repair button will boost it up to “Good” or “Very
Good” depending on my location.
16
Network Settings
DHCP Addresses
Encryption Keys
17