This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Welcome to the chapter on Wireless networking. This chapter talks about the basics of wireless networking, setting up of a wireless network and security issues related to wireless networks.
In this chapter, user will learn to:
Discuss the basics of wireless networks
Identify methods to secure wireless networks
Explain the method of implementing a wireless network
Discuss the standards for wireless networking
The wireless network uses radio frequencies to transmit data through the air.
A wireless local area network (WLAN) is a data transmission system. It is designed to provide location-independent network access between computing devices. It does this by using radio waves rather than a cable infrastructure.
Wireless networks operate at the same seven OSI layers and use the same protocols as wired networks. What differs is the type of media used and the methods for accessing the media.
5.1 Wireless Basics
Wireless network modes
In its simplest form, a wireless network consists of two or more PCs communicating directly with each other without cabling or intermediary hardware. The more complicated wireless networks use an access point to centralize wireless communication, as well as to bridge wireless network segments to wired network segments.
Wireless Networks are of two types, Ad hoc mode and Infrastructure mode. Each type has its advantages.
Ad hoc mode:
In Ad hoc wireless network mode, each wireless device is connected to other wireless device in peer-to-peer network. Ad hoc mode does not use an access point; it uses a mesh topology instead.
Two or more wireless nodes communicating in ad hoc mode form an Independent Basic Service Set (IBSS). This is a basic unit of organization in wireless networks. Ad hoc network cannot be used to connect to other networks unless one of the machines is running Internet Connection Sharing (ICS).
Therefore, Ad hoc mode networks are good for small groups of computers. These groups need to transfer files or share printers and temporary networks to be used as study groups or for business meetings.
In infrastructure mode of wireless networks, Wireless Access Points (WAPs) are used to connect the wireless devices to a central device. The configuration is similar to the star topology of a wired network.
The infrastructure mode also enables connection of wireless network segments to wired segments in the network. To set up a wireless network for a large number of PCs, infrastructure mode is used. WAPs allow control of wireless networks from a central location. This permits better control and filtration of network traffic.
A Basic Service Set (BSS) is a single WAP servicing a given area. More WAP's can be added to extend this service area thereby making it an Extended Service Set (ESS).
Infrastructure mode is used for business networks or networks that need to share dedicated resources such as Internet connection and centralised databases. (Refer to figure 5.1)
Figure 5.1: Infrastructure mode
Wireless adapters are used if a small group of computers are to be connected to a decentralized workgroup. However, if wireless network segments are to be connected to wired network, then Wireless access point (WAP) is needed.
It connects wireless network nodes to wireless or wired networks. A basic WAP functions like a hub and works at OSI Layer 1. Combination devices are also used in wireless networks. These work as a high-speed hub or switch, bridge, and router concurrently. Such devices can function at many different OSI layers.
Wireless Network Card:
A wireless network card is necessary for each device on a wireless network. A laptop typically has an expansion (PCMCIA) slot in which the network card fits. A desktop computer needs an internal card, which has an antenna on it. These antennas are optional on most equipment and help to increase the signal on the card.
Figure 5.2: Wireless network card (NIC)
Wireless Access Point:
The wired part of the wireless network is connected to the wireless device in the network with a WAP. WAP allows multiple devices to connect through it so that they can access the network. A WAP can also function as a router so that data transmission can be extended and passed from one access point to another.
Figure 5.3: Wireless access point
Wireless devices operate on specific broadcasting frequencies to prevent interference from other wireless devices operating on the same wireless band. The original 802.11 standards use the 2.4-GHz frequency. Later standards use either 2.4-GHz or 5.0-GHz frequencies. Knowledge of these wireless frequency ranges enables user troubleshoot interference issues from other devices operating in the same wireless band.
802.11 define three different spread-spectrum broadcasting methods used in implementation of wireless networks are:
Direct-sequence spread spectrum (DSSS),
Frequency hopping spread spectrum (FHSS)
Orthogonal frequency-division multiplexing (OFDM).
DSSS sends data out on different frequencies at the same time. It uses a bandwidth of 1 MHz. DSSS is capable of greater data throughput but more prone to interference.
FHSS sends data on one frequency at a time, constantly shifting frequencies. It uses a bandwidth of 1 MHz. Throughput lesser than DSSS and less prone to interference as compared to DSSS
OFDM is the latest method. It combines the use of multiple frequencies as in DSSS and the capability of shifting frequencies as in FHSS.
The IEEE committee has developed wireless standards in the 802 project models for wireless networking. The 802.11 standard defines the security protocols, quality of service and mechanism of wireless networks. All these standards use the Ethernet protocol and the CSMA/CA access method for wireless networks. The standards are used for both infrastructure and an ad-hoc network design.
The 802.11a wireless standard is an older one that runs at the 5 GHz frequency. 802.11a devices can transmit data at 54 Mbps and are incompatible with 802.11b and 802.11g devices.
The 802.11b wireless standard has a transfer rate of 11 Mbps and use 2.4 GHz frequency. These devices are compatible with 802.11g/n devices because they run at the same frequency and follow the WiFi standard.
The 802.11g wireless standard is a newer one and was designed to be compatible with 802.11b. It also increases the transfer rate. The transfer rate of 802.11g devices is 54 Mbps using a frequency of 2.4 GHz.
All 802.11g devices are compatible with 802.11b/n devices because they all follow the WiFi standard and run at the same frequency of 2.4 GHz.
The 802.11n is the latest standard that uses two new features Multiple input multiple outputs (MIMO) and Channel bonding. MIMO is the use of multiple antennas to achieve more throughputs as compared to a single antenna. Channel bonding allows 802.11n to transmit data over two channels to attain more throughputs. Given below is a table of all the 802.11 standards.
The 802.11 wireless standards are summarised in a tabular format. (Refer to the table 5.1)
Table 5.1: Comparison in wireless standards
802.11 Collision Avoidance :
The 802.11 standard defines two methods of collision avoidance:
Distributed Coordination Function (DCF)
Point Coordination Function (PCF)
Current CSMA/CA devices use the Distributed Coordination Function (DCF) method for collision avoidance.
DCF specifies strict rules for sending data onto the network media. It defines a backoff period above the normal IFS wait period before a wireless network node can try to access the network again when the network is busy. Recieving nodes are required to send an acknowledgement (ACK ) for every packet that they process.
The ACK includes a value that tells other wireless nodes to wait a certain period before trying to access the network media. This period is calculated as the time taken by the data packet to reach its destination and is based on the packet's length and data rate. In case the sending node doesn't receive an ACK, it retransmits the same data packet until it gets a confirmation that the packet has reached its destination.
The channel is a portion of the frequency range available to the wireless network to communicate. Thus, each frequency range is a channel. The 802.11 standard defines 14 channels. These channels have some overlap, hence two nearby WAPs must not use close channels like 6 and 7. Most WAPs use channel 1, 6, or 11 by default. this keeps the channels as far apart from each other as possible. (Refer to table 5.2)
Table 5.2: Different WiFi Channels and their Operating Frequency Ranges
2.3995 GHz - 2.4245 GHz
2.4045 GHz - 2.4295 GHz
2.4095 GHz - 2.4345 GHz
2.4145 GHz - 2.4395 GHz
2.4195 GHz - 2.4445 GHz
2.4245 GHz - 2.4495 GHz
2.4295 GHz - 2.4545 GHz
2.4345 GHz - 2.4595 GHz
2.4395 GHz - 2.4645 GHz
2.4445 GHz - 2.4695 GHz
2.4495 GHz - 2.4745 GHz
2.4545 GHz - 2.4795 GHz
2.4595 GHz - 2.4845 GHz
5.1.3 Authentication and Encryption
A number of wireless authentication and encryption protocols have been developed over the years. The purpose of these protocols is to secure wireless network so that only users with proper official permission can access network resources.
Authentication is a process of identifying a user on computer network.
Data encryption is a process of making data unreadable to prevent access of its contents during data transfer.
Wired Equivalent Privacy (WEP):
Wired Equivalent Privacy (WEP) was designed to give wireless world a security identical to wired network world has. It also adds security to wireless networks.
To configure wireless network with WEP, user needs to specify a shared key on wireless access point (WAP). An outside user will be able to connect to the wireless network only if the user has knowledge of the shared key and configures the workstation using the shared key.
When user configures the shared key on the access point and client, every data sent between the client and the access point is encrypted with WEP. This prevents capturing and reading of data in transit by unauthorised users.
WiFi Protected Access (WPA):
WiFi Protected Access (WPA) was designed to improve security and plug some of the loopholes found in WEP. WPA uses a 128-bit key and the Temporal Key Integrity Protocol (TKIP). TKIP is a protocol that is used to change the keys used for encryption of every packet that is sent. This makes it difficult for hackers to crack the key, which in WEP is not very difficult.
WPA has improved integrity checking and it supports authentication using the Extensible Authentication Protocol (EAP).
WPA operates in two different modes:
WPA-Personal is also known as WPA-PSK, which means WPA preshared key. With WPA-Personal user can configure the access point with a starting key value, known as the preshared key. Preshared key is then used to encrypt the traffic. Most by home users and small businesses use this mode.
WPA-Enterprise is also known as WPA-802.1x. It is a WPA implementation that uses a central authentication server such as a RADIUS server for authentication and auditing features. Large enterprises employ WPA-Enterprise so that existing authentication server can be used to control who has access to the wireless network and to log network access.
Note : A wireless network can be fine tuned by moving WAPs to other channels as this avoids overlaps when many wireless networks share the same physical space.
WiFi Protected Access 2 (WPA 2):
WPA2 has improved security features compared to WPA. Given a choice user should prefer WPA2 instead of WPA. WPA2 uses the Advanced Encryption Standard (AES) protocol and also supports a number of additional features such as added protection for ad hoc networks and key caching.
Since WPA2 uses AES as its encryption protocol it supports 128-bit, 192-bit or 256-bit encryption.
On the Job
In order to use WPA, user will need to have devices that support WPA. Older wireless cards or access points only support WEP.
A number of different techniques can be used to prevent unauthorized users from connecting to wireless network. To secure wireless infrastructure, user should consider changing settings on the router such as the admin password, the SSID, MAC filtering and so on. Some best practices that user should follow to secure wireless router are:
Change Admin Password
Service Set Identifier (SSID)
MAC Address Filtering
Encrypt Wireless Traffic
Change Admin Password
User should first change the admin password, when the wireless router is taken out of the box and plugged in. The admin password is needed to connect to the web administration pages and to change the settings of the router. All routers have a default admin password. The user should ensure to change the password from the default.
Service Set Identifier (SSID)
The Service Set Identifier is a user defined name given by the user to the wireless network. Without specifying the SSID in the wireless network card settings, no user can connect to a wireless network. To prevent unauthorised access the default SSID must be changed.
However the major drawback is that the wireless routers are configured to advertise this SSID automatically. Even if user changes the SSID to something that is very difficult to guess, the router publicises the name out. This means any user can connect to the network by name without really knowing the name of the network.
Proof of this is when user chooses the option in Windows XP or Windows Vista to connect to a network and a dialog box displays showing all the wireless networks close to user.
To fix this, user should configure the router to not publish the SSID. This will prevent the Windows users from displaying a list of wireless networks and having user network display in the list.
To summarise the SSID issue, user should change the SSID to something hard to estimate and be sure to disable SSID broadcasting on the router.
MAC Address Filtering
Most wireless networks allow user to limit the wireless network cards that can connect to the wireless access point. User can limit systems that can connect to wireless network. This is done by identifying the MAC address of all systems that need to be connected and then configuring the router to deny traffic from all systems except the ones defined by the user. This is known as MAC address filtering.
By default, MAC Address Filtering is not configured on wireless access points. The user has to ensure to configure the MAC Address Filtering. MAC filtering by itself will not keep the determined hacker out. A gritty hacker can monitor traffic in the air, spot the MAC address of an authorized client and then spoof that address so that the hacker's traffic is allowed.
Encrypt Wireless Traffic
To encrypt traffic from the wireless clients to the access point WEP, WPA, or WPA2 can be used. User should try to use the more secure WPA or WPA2.
WEP is a feature used to encrypt content between the wireless client and the access point. When configuring WEP, user must configure the wireless access point with an encryption key and then make sure that each wireless client is using the same key. It is important to be aware that WEP encryption has been cracked with products such as AirSnort. It is therefore advisable, provided the user device supports, to use WPA or WPA 2 as encryption methods.
User should always use the largest encryption code to strengthen wireless access point and wireless cards support (for example, 128 bit versus 64 bit).
WEP or WPA not only encrypts traffic but anyone who wishes to connect to user wireless network must know the key and input the key into their wireless card configuration. This prevents unauthorised access in to the wireless network connection.
Most companies have security concerns using wireless networks. Their fear is justified as hackers have known to bypass MAC filtering, crack WEP key and discover wireless networks despite SSID broadcasting being disabled. So what is the solution?
Enterprises using wireless networks use VPN solutions to secure wireless network clients. In a typical VPN solution for wireless clients, the wireless client first connects to the wireless network and obtains an IP address. The wireless network would already have certain degree of security measure deployed such as SSID broadcast disabled, MAC Filtering, WEP/WPA. The wireless client then establishes a VPN with the corporate network with the VPN Software. The VPN software authenticates the user and also creates an encrypted tunnel to secure transmission of data from client to the corporate network.
5.3 Implementing a Wireless Network
5.3.1 Configuring the Access Point
Wireless access points have a browser-based setup utility. To bring up the configuration page, click the web browser on one of the network client workstations and enter the access point's IP address such as 192.168.1.1. User will need to provide an administrative password including access point's documentation to log in.
Once logged in, the user will have configuration screens for changing basic setup, access point password, security and so on. Different access points offer different configuration options.
5.3.2 Configuring the Client
Before connecting the clients to the wireless network the user must know the following:
SSID Name: Since in all probability SSID broadcasting would have been disabled, it is important to know the SSID Name so that they can be manually input in to the client.
WEP or WPA Key: If wireless network is protected with WEP or WPA, then the client will require the key to connect to the network.
MAC Address of Client: If users are filtered by MAC addresses, then the MAC address of all authorised client will have to be input in to the router.
Once user has the above information, they can connect the clients to the wireless network.
Connecting a Windows XP Client
In order to connect Windows XP client to a wireless network, user needs to ensure that wireless network card driver is installed. Once the wireless network card driver is installed, the user can connect to a wireless network using the following steps:
1. Click Start and choose Control Panel.
2. Choose Network Connections.
3. Right-click wireless connect and then choose View Available Wireless Networks.
4. A list of available wireless networks is displayed (Refer to Figure 5.4)
Figure 5.4: Presenting a list of available wireless networks from Windows XP
5. Select the desired wireless network from the list and then choose Connect. User will be prompted for the wireless key if the computer is configured for the same.
6. If the wireless network that user needs to connect has SSID broadcasting disabled, then configure a manual connection and specify the name of the wireless network. To do this, click the Change Advanced Settings link on the left.
7. Choose the Wireless Networks page tab at the top of the dialog box.
8. Click Add to add a wireless network.
9. Type the SSID and then choose WEP if needed (Refer to figure 5.5)
10. If user is using WEP, turn off the option "The key is provided for me automatically."
Figure 5.5: Adding wireless network in windows
Infrared and Bluetooth
Infrared and Bluetooth are the latest wireless standards used in wireless network environment.
Infrared is the type of wireless communication. It is a technology that is used by TV and other electronic gadgets remote control along with some computer peripherals. Infrared is typically a line-of-sight technology. Line of sight technology requires no blocks in the pathway of signals being transmitted by communicating devices. With infrared, the two devices need to be within the boundary of one meter from each other..
Infrared devices contain a transceiver that sends and receives light signals as on-off patterns to create the data that travels at transfer rates up to 4 Mbps.
Bluetooth is a radio frequency wireless technology. It allows systems to connect to peripherals in a boundary up to 10 meters. Bluetooth is more flexible than infrared because it automatically connects to other Bluetooth devices. It does not depend on line of sight. This is a popular technology used by handheld devices to connect to other networking components.
Bluetooth is less prone to interference because it uses spread-spectrum frequency hopping. It means that it can hop between any of 79 frequencies in the 2.4 GHz range. Bluetooth hops between frequencies 1600 times per second and provides a transfer rate of up to 1 Mbps.
Bluetooth is a trendy technology with handheld devices such as PDAs and cell phones so that users can use their wireless headsets with their cell phones and talk "hands free."
However, Bluetooth is a huge security risk. It is possible for a hacker to connect to user cell phone remotely via Bluetooth and steal data off the phone. In order to secure Bluetooth-enabled device, the best practices to follow are:
Disable Bluetooth: If user is not using the Bluetooth feature on phone, then disable Bluetooth through the phone's menu system.
Phone Visibility: Set the phone's visibility setting to invisible so that hackers cannot pick up on user phone with a Bluetooth scanner.
Pair Security: Ensure that the Bluetooth phone uses pair security. It allows people to connect to user phone only if they know the PIN code the user has set on the phone.
5.5.1 Chapter Review Questions
1. 802.11b, 802.11g, and 802.11n wireless standards are compatible because they all run at the _________________ GHz frequency range
(A)5 GHz (C )2.3 GHz
(B)2.4 GHz (D)2.5 GHz
2.The wireless mode involves two laptops connecting directly to one another is _________________.
(A)Infrastructure mode (C )Ad hoc mode
(B)Enterprise mode (D)Laptop mode
3. The wireless standard runs at 54 Mbps per second at the 2.4 GHz frequency is _________________.
(A)802.11a (C )802.11b
4. The wireless security protocol the changes the key using TKIP is_________________.
A)WPA (C )WPA2
5. _________________is the name that user assigns to wireless network.
(A)MAC address (C )IP address
(B)WEP key (D)Service Set Identifier (SSID)
6. What should user do with the wireless router to help hide the wireless network from unauthorized users?
(B)Unplug the network cable from the router
(C)Turn it off when it is not being used
(D)Disable SSID broadcasting
7. When the wireless router is powered on, user should ________________.
A)Change the IP address (C )Configure WEP
B)Change the DHCP server scope (D)Change the admin password
8. User has purchased a wireless router but do not plan on having any ireless clients for the initial six months. What should user do to help secure the router?
A)Disable the wireless feature
(D)Disable SSID broadcasting
9. ________________ is the most secure method of wireless encryption.
10. ________________ operates in the 5 GHz frequency range.
A)802.11g (C )802.11a
In this chapter, the user has learnt to:
Basics of wireless networks: standards, channels, authentication and encryption
Methods to secure wireless networks
The method of implementing a wireless network
The standards for wireless networking: Infrared and Bluetooth