Wireless Networking

What is 802.11?

What is Wi-Fi?

What should I buy?

How do I set it up?

Basics We'll start with a few WiFi basics. A wireless network uses radio

waves, just like cell phones, televisions, and radios do. In fact, communication across a wireless network is a lot like two-way radio communication.

A computer's wireless adapter translates data into a radio signal and transmits it using an antenna.

A wireless router receives the signal and decodes it. It sends the information to the Internet using a physical, wired Ethernet connection.

The process also works in reverse, with the router receiving information from the Internet, translating it into a radio signal and sending it to the computer's wireless adapter.

“Wi-fi” Radios The radios used for WiFi communication are very

similar to the radios used for walkie-talkies, cell phones and other devices. They can transmit and receive radio waves, and they can convert 1s and 0s into radio waves and convert the radio waves back into 1s and 0s. But WiFi radios have a few notable differences from other radios:

They transmit at frequencies of 2.4 GHz or 5GHz. This frequency is considerably higher than the frequencies used for cell phones, walkie-talkies and televisions. The higher frequency allows the signal to carry more data. 5GHz does not penetrate walls and other objects as easily as 2.4GHz.

“Flavors” of Wi-Fi Uses 802.11 networking standards, which come in several

flavors: 802.11b was the first version to reach the marketplace. It's the

slowest and least expensive standard, and it's becoming less common as faster standards become less expensive. 802.11b transmits in the 2.4 GHz frequency band. It can handle up to 11 megabits of data per second, and it uses CCK coding.

802.11g also transmits at 2.4 GHz, but it's a lot faster than 802.11b - it can handle up to 54 megabits of data per second. 802.11g is faster because it uses a more efficient coding technique.

802.11a transmits at 5GHz and can move up to 54 megabits of data per second. It also and uses OFDM coding. Newer standards, like 802.11n, can be even faster than 802.11g. However, the 802.11n standard isn't yet final.

What is a “hotspot”

“Hotspots” are areas that are served by Wi-fi networks. They may be open to the public, open to paid subscribers, or private systems.

There are laws against unauthorized connection to private systems (and attempts to defraud paid subscriber systems).

We’ll get to making your own private hotspot a bit later.

“Modes” of Wi-fi Wi-Fi network devices can be operated in one of the two

available “modes.” Ad-Hoc mode – this is used when there is no “central” device.

For instance, it can be used to set up several notebook computers on a peer-to-peer network with each other. Ad-hoc mode does NOT have a wired connection, it only uses the wireless connections.

Infrastructure mode – this mode is selected in the case where both a wired network and wireless network are connected (such as for your connection to the Internet). Both wireless devices (such as your moving notebook) and wired devices (such as a desktop computer hooked up with CAT5 cable to the router, or the WAN connection to the Internet) are supported.

Connecting up to hotspots Most new laptops and many new desktop computers come with

built-in wireless transmitters. If your laptop doesn't, you can buy a wireless adapter that plugs into the PC card slot or USB port. Desktop computers can use USB adapters, or you can buy an adapter that plugs into the PCI slot inside the computer's case. Many of these adapters can use more than one 802.11 standard.

Once you've installed your wireless adapter and the drivers that allow it to operate, your computer should be able to automatically discover existing networks. This means that when you turn your computer on in a WiFi hotspot, the computer will inform you that the network exists and ask whether you want to connect to it. If you have an older computer, you may need to use a software program to detect and connect to a wireless network.

Windows XP – add SP 2 If you are running XP or XP SP1, you should update to SP2 (for

security reasons and for wireless networking). Built-in support for Wi-Fi Protected Access (WPA) Windows XP

SP2 includes WPA support. If your wireless network adapter and its driver support WPA, you can configure WPA authentication and encryption options from the properties of a wireless network.

Wireless Provisioning Services (WPS) WPS is a set of wireless client extensions that allow for a consistent and automated configuration process.

The Wireless Network Setup Wizard steps you through the configuration of wireless network settings and then writes that configuration to a Universal Serial Bus (USB) flash drive, which you can then use to configure other wireless devices.

Access Points & Routers If you already have several computers networked in your home, you can

create a wireless network with a wireless access point. If you have several computers that are not networked, or if you want to replace your Ethernet network, you'll need a wireless router. This is a single unit that contains:

A port to connect to your cable or DSL modem A router An Ethernet hub or (more commonly) an Ethernet switch A firewall A wireless access point A wireless router allows you to use wireless signals or Ethernet cables

to connect your computers to one another, to a network-capable printer and to the Internet. Most routers provide coverage for about 100 feet (30.5 meters) in all directions, although walls and doors can block the signal. If your home is very large, you can buy inexpensive range extenders or repeaters to increase your router's range.

Which one should I buy?

Corporations which already have networking of their workstations, with switches, firewalls, and connections to the Internet already established tend to use Access Points, which only have a single connection (to the existing network). Most Access Points also require that some device existing on the network provide an IP address for the Access Point, although some Access Points can be configured with a fixed IP address on their own.

Which one - continued

Wireless Routers were designed to put all the pieces in a single box. Generally the pieces (such as the firewall and the switch) are less capable than the devices used by a corporation on the company network.

Wireless Routers do work well for home and home-office users. Note that one may wish to add additional firewall capability (or a larger switch)

Ok on the Router – What kind?

As with wireless adapters, many routers can use more than one 802.11 standard. 802.11b routers are slightly less expensive, but they're slower than 802.11a or 802.11g routers. Most people select the 802.11g option for its speed and reliability. 802.11a are used mostly in a corporate setting. 802.11n still does not have final standards set, so purchase now could result in obsolete equipment later.

Ok – what brand? There are lots of good brands (and some real duds) available. I

personally like Linksys. NetGear is popular, Intel and Motorola. Some DSL suppliers will include a wireless router in their package for your home when you rent your Internet connection from them.

Consider purchasing a wireless Internet router of the same brand as at least one of your wireless network adapters. The benefit is a small one, but sometimes vendors will optimize communication protocols of their own equipment; you may see slightly higher performance. Vendors may also more thoroughly test compatibility with their own equipment. If you don't own any adapters (or newer laptops with built-in wireless), consider purchasing all of your WiFi gear together from the same manufacturer.

How fast do I need?

First, how many computers are in your home network? Wireless speed ratings are like estimated gas mileage. Speed is shared among all devices. Speed also drops rapidly with lower signal strength.

How fast is your Internet connection? If you use wireless mostly to surf with your notebook, and you are on cable or DSL, even the older “b” system (11 mHz) is faster than your Internet connection.

Can I just plug it in and use it?

Well, yes you CAN, but you shouldn’t. Even if you know and use all the tricks to secure your network, a real uber-hacker can probably get in. But if you don’t secure your network – ANYONE can get in – including the lowlife that downloads child porn through your network, and the FBI traces it to YOUR IP address. “Got some ‘splaining to do!”

Basics of securing the Wi-Fi Once you plug in your router, it should start working at its default

settings (it is possible that your Internet connection may require you to put in a user name and password for the Internet to work, but the local network will work immediately). Most routers let you use a Web interface to change your settings. You can select:

The name of the network, known as its service set identifier (SSID) -- The default setting is usually the manufacturer's name. “Hide” the SSID or display it.

The channel that the router uses -- Most routers use channel 6 by default. If you live in an apartment and your neighbors are also using channel 6, you may experience interference. Switching to a different channel should eliminate the problem.

Your router's security options -- Many routers use a standard, publicly-available sign-on, so it's a good idea to set your own username and password.

Should I hide the SSID? Wireless access points (APs) of a non-broadcast or hidden wireless

network do not broadcast their Service Set Identifier (SSID). Microsoft® recommends against their use, and the support for non-broadcast networks in Microsoft Windows®.

A non-broadcast network is not undetectable. Non-broadcast networks are advertised in the probe requests sent out by wireless clients and in the responses to the probe requests sent by wireless APs. Unlike broadcast networks, wireless clients running Windows XP with Service Pack 2 or Windows Server® 2003 with Service Pack 1 that are configured to connect to non-broadcast networks are constantly disclosing the SSID of those networks, even when those networks are not in range.

A Windows XP or Windows Server 2003-based wireless client can inadvertently aid malicious users, who can detect the wireless network SSID from the wireless client that is attempting to connect. Software that can be downloaded for free from the Internet leverages these information disclosures and targets non-broadcast networks.

Security types Wired Equivalency Privacy (WEP) uses 64-bit or 128-bit

encryption. 128-bit encryption is the more secure option. Anyone who wants to use a WEP-enabled network has to know the WEP key, which is usually a numerical password.

WiFi Protected Access (WPA) is a step up from WEP and is now part of the 802.11i wireless network security protocol. It uses temporal key integrity protocol encryption. As with WEP, WPA security involves signing on with a password. Most public hotspots are either open or use WPA or 128-bit WEP technology. A newer version (WPA-2) is more secure.

There are other types, these are the most common that are applicable to home or small office use.

More on security types WEP can be fairly easily cracked. WPA is more secure, and the

newer WPA-2 is yet more secure. However, a lot of older network cards (or if you are using an older operating system than Windows XP) will not work with later security.

An ADDED layer of security can be established beyond encryption by filtering for specific MAC addresses

Yet another layer of security can be established by NOT using DHCP to assign network addresses to the workstations and other devices. Use a non-default IP range, and manually assign IP addresses to each device, turn OFF the DHCP server on the LAN side of the Wireless Router.

MAC addresses Every single Ethernet network device that is made

to standards has its own individual “MAC” (media access control) address. Supposedly, no two devices world-wide have the same address (as with any finite system, eventually enough devices will be made that the address pool is exceeded)

A MAC address is in “hexadecimal” code, a numbering system based on 16 instead of 10 (like humans count). Since we didn’t bother to have extra numbers above 10, the letters A through F are used for 11 to 15 (like all computer numbers, we start with zero instead of one).

More on MAC addresses

A MAC address looks like this: 00-30-12-34-56-AB The first four numbers identify the

manufacturer. The above indicates a device made by Broadcom. The remaining eight numbers are individual serial numbers issued by that manufacturer.

Why do I care? (explained next)

How I can use MAC addresses

Media Access Control (MAC) address filtering is a little different from WEP or WPA. It doesn't use a password to authenticate users - it uses a computer's physical hardware. MAC address filtering allows only machines with specific MAC addresses to access the network. You must specify which addresses are allowed when you set up your router. This method is very secure, but if you buy a new computer or if visitors to your home want to use your network, you'll need to add the new machines' MAC addresses to the list of approved addresses.

How do I find out the MAC?

Many devices indicate it somewhere with a sticker, either on the device or on the original box.

If it is a computer network connection, Start – Run – cmd. Use the command prompt box, type in “ipconfig /all | more” (without the “”)

The MAC address is shown as “Physical Address” If it doesn’t show on the first screen, hit the space bar to see more.

Best security

For best security, use WPA-2 or WPA encryption AND use the MAC address filtering AND also turn off LAN DHCP and set IP Addresses manually, using a non-default IP address range.

Potential problems – older cards, older Operating Systems, and even older routers do not always work well with MAC address filtering (or even with better encryption)

Installing the router This example is specific to the popular Linksys WRT-54G,

although the things needed are the same for most routers, the specific method of implementation varies.

Linksys includes a CD which will go out on your network and FIND the router. This is generally easier than reading the whole book to find out what the default IP address is, then connecting. The setup will walk you through the steps to configure to default settings. It will NOT take you through modifying the settings to secure the router.

If you mess up, most all routers have a method of restoring them completely to the original factory settings. Linksys and others also provide a way of copying the settings to a computer readable file so that settings can be reestablished.

Linksys WEP54G ports

WAN -------LAN------ power

Connections

A network cable should go between the WAN port and the cable or DSL modem.

Network cables should go between as many of the LAN ports and wired computers, printers, or other devices.

The power supply plugs into the power socket. The two antennas fasten to the antenna connections

(shipped connected). Note the small button to the lower left of the WAN

port – this is the “reset” button.

The upcoming slides

The next slides discuss configuration. Although taken from a Linksys manual, the things needing doing are the same for all the routers, but the exact location and what the item is named may vary.

After the slides, if there is sufficient time, a live connection to a router will be established using Internet Explorer, and some of these things will be visible at that time.

Configure with the browser There are seven main tabs: Setup, Wireless, Security, Access

Restrictions, Applications & Gaming, Administration, and Status. Additional tabs will be available after you click one of the main tabs.

To access the Web-based Utility, launch Internet Explorer or Netscape Navigator, and enter the Router’s default IP address, 192.168.1.1, in the Address field. Then press Enter.

A password request page will appear. Leave the User Name field blank. The first time you open the

Web-based Utility, use the default password admin. (You can set a new password from the Administration tab’s Management screen.) Then click the OK button.

Configure Internet – the WAN Internet Setup The Internet Setup section configures the Router to your Internet connection.

Most of this information can be obtained through your ISP. Internet Connection Type Choose the type of Internet connection your ISP

provides from the drop-down menu. • DHCP. By default, the Router’s Internet Connection Type is set to Automatic

Configuration - DHCP, which should be kept only if your ISP supports DHCP or you are connecting through a dynamic IP address.

• Static IP. If you are required to use a permanent IP address to connect to the Internet, select Static IP.

Internet IP Address. This is the Router’s IP address, when seen from the Internet. Your ISP will provide you with the IP Address you need to specify here.

Subnet Mask. This is the Router’s Subnet Mask, as seen by users on the Internet (including your ISP). Your ISP will provide you with the Subnet Mask.

Gateway. Your ISP will provide you with the Gateway Address, which is the ISP server’s IP address.

DNS. Your ISP will provide you with at least one DNS (Domain Name System) Server IP Address.

Configure Internet continued • PPPoE. Some DSL-based ISPs use PPPoE (Point-to-Point Protocol

over Ethernet) to establish Internet connections. If you are connected to the Internet through a DSL line, check with your ISP to see if they use PPPoE. If they do, you will have to enable PPPoE.

User Name and Password. Enter the User Name and Password provided by your ISP. (for PPPoE).

Connect on Demand: Max Idle Time. You can configure the Router to cut the Internet connection after it has been inactive for a specified period of time (Max Idle Time). If your Internet connection has been terminated due to inactivity, Connect on Demand enables the Router to automatically re-establish your connection as soon as you attempt to access the Internet again.

Keep Alive Option: Redial Period. If you select this option, the Router will periodically check your Internet connection. If you are disconnected, then the Router will automatically re-establish your connection. The default Redial Period is 30 seconds.

Configure Internet – WAN MAC The Setup Tab - MAC Address Clone A MAC address is a 12-digit code assigned to a unique piece of

hardware for identification. Some ISPs will require you to register a MAC address in order to access the Internet. If you do not wish to re-register the MAC address with your ISP, you may assign the MAC address you have currently registered with your ISP to the Router with the MAC Address Clone feature.

Enable/Disable. To have the MAC Address cloned, click the radio button beside Enable.

User Defined Entry. Enter the MAC Address registered with your ISP here.

Clone Your PC’s MAC Address. Clicking this button will clone the MAC address.

Change these settings as described here and click the Save Settings button to apply your changes or Cancel

Changes to cancel your changes

Configure Wireless - SSID The Wireless Tab - Basic Wireless Settings The basic settings for wireless networking are set on this screen. Wireless Network Name (SSID). The SSID is the network name shared among

all devices in a wireless network. The SSID must be identical for all devices in the wireless network. It is case-sensitive and must not exceed 32 characters (use any of the characters on the keyboard). For security, you should change the default SSID (linksys) to a unique name.

Wireless Channel. Select the appropriate channel from the list provided to correspond with your network settings. All devices in your wireless network must be broadcast on the same channel in order to function correctly.

Wireless SSID Broadcast. When wireless clients survey the local area for wireless networks to associate with, they will detect the SSID broadcast by the Router. To broadcast the Router's SSID, keep the default setting,

Enable. If you do not want to broadcast the Router's SSID, then select Disable. Change these settings as described here and click the Save Settings button to

apply your changes or Cancel Changes to cancel your changes.

Configure Wireless - Channel

It is not a good idea to leave the router on the default channel 6 (since all the people who leave their network wide open will be on the default channel) 6 is default for “G” systems

1 or 11 is as far away from 6 as you can get in a “G” system.

Configure Wireless - Security The Wireless Tab - Wireless Security The Wireless Security settings configure the security of your wireless network.

There are four wireless security mode options supported by the Router. WPA Personal. WPA gives you two encryption methods, TKIP and AES, with

dynamic encryption keys. Select the type of algorithm, TKIP or AES. Enter a WPA Shared Key of 8-63 characters. Then enter a Group Key Renewal period, which instructs the Router how often it should change the encryption keys.

WPA2 Personal. WPA2 gives you two encryption methods, TKIP and AES, with dynamic encryption keys. Select the type of algorithm, AES, or TKIP + AES. Enter a WPA Shared Key of 8-63 characters. Then enter a Group Key Renewal period, which instructs the Router how often it should change the encryption keys.

WEP. WEP is a basic encryption method, which is not as secure as WPA. To use WEP, select a Default Transmit Key (choose which Key to use), and a level of WEP encryption, 64 bits 10 hex digits or 128 bits 26 hex digits. Then either generate a WEP key using the Passphrase or enter the WEP key manually.

Some Additional Settings You can set the router to only be on at certain times. For instance, if

your small business is only open from 8:00am to 5:00pm, Monday through Friday, you can set the router to turn off the wireless automatically outside these times. The LAN will remain on.

Firewall – the built-in firewall is not absolutely secure, but it is helpful. However, it can be turned off, and various settings can be changed.

Don’t forget to change the Administrator password on the router. The default passwords are widely known.

Firmware updates – Many of these companies make updates available, usually to cure some deficiency or bug in the unit as shipped. The manufacturer’s web site will usually have the updates available. (Many Linux based units also will accept third party firmware which may have features not available with factory firmware – but no warranty).

Configuration management – allows backup of all the router’s settings to a file stored on your PC.

Live Demonstration

The router connected to the notebook will not be connected to anything else, but allows looking at the screens to see the settings.

This router has some problems (dead WAN port), but there is enough functionality to use in the demo.

Question and Answer session

?????????????????

After all this, if it still seems like voodoo, and you just don’t feel comfortable in setting it up, but you want a wireless connection

(next slide)

Promised LAN Computing, Inc.

4703 Carolina Avenue Trent Woods, NC 28562 (252) 636-0407 Jim Cason Email: jcason@promlancomp.com Web: http://www.promlancomp.com