Chapter 2: Understanding Common Wireless Communications

Exam Objectives

Identifying infrared, Bluetooth, cellular networks, and 802.11 wireless network characteristics

Optimizing features of 802.11 wireless networks

Identifying security settings for 802.11 access points and wireless ­networks

Installing and configuring a SOHO network

Connecting to 802.11 wireless networks

Once the domain of cutting-edge techno-geeks, wireless technology is now for everyone. Wireless technology has entered all aspects of our lives, so as a CompTIA A+ Certified Professional, you need to deal with wireless connectivity. This chapter gives you an overview of the technologies involved.

The main types of wireless devices that you see in this chapter are infrared, Bluetooth, cellular networking, and 802.11 wireless networking.

Understanding Infrared Devices

Of the wireless technologies I cover in this chapter, infrared is the technology that has been around the longest and is likely the most stable in its development. Infrared uses light beams in the infrared spectrum, which is beyond the visible light spectrum. You likely use infrared technology daily if you use a remote control for your TV, VCR, or DVD player. This technology, when used with computerized equipment, follows the standards of IrDA (Infrared Data Association). You can find more information about the association and infrared standards at www.irda.org.

Infrared is a line-of-sight technology; it requires a direct, unobstructed view between the transmitter and the receiver. Because infrared is line-of-sight, it has obvious limitations as to where it can be used. Any objects obstructing the line of sight prevent data transmissions. (Nothing more frustrating than trying to change the TV channel with someone blocking the set.) However, the benefit of line-of-sight is that you do not have interference from or interference with areas outside the line-of-sight, such as devices in the next room.

The goal of infrared networking was for short range (less than a meter), direct line-of-sight (+/–15° cone), and low speed (technologies between 1.6 Kbps and 2.4 Kbps). There are many different specifications, each with a different speed specification. One of those specifications is used for open office–networking, a technology that has been replaced by 802.11b and involved infrared repeaters placed around an office.

Most tasks handled by infrared technology have switched to use newer 802.11 networks and Bluetooth technologies, which use radio frequencies (RF).

Working with Wireless Networks

“Why do I need a wireless network?” was a question people used to regularly ask. You will not hear this question much anymore, though. The main reasons why people want wireless networks these days are increased mobility and to avoid cabling issues.

When wireless networks started, they had access speeds of 1–2 Mbps; current standards have network speeds higher than 100 Mbps. At one time, wireless networking equipment was a premium addition to a network, but this equipment has become a commodity and is inexpensive enough that anybody can start up a wireless network.

Wireless networking should not be used for a primary network because of its limitations, such as obstructions and interference. (See “Troubleshooting Issues,” later in this chapter.) If the user knows what those limitations are, the network should be considered a best-effort network — and as such, it should not be expected to be available or to function at full speed at all times. As a secondary network, though, wireless networking does offer a great deal of flexibility for getting to your data. Any devices that exist on your normal wired network can be present on your wireless network, including firewalls, servers, and printers.

Components of a wireless network

The two main components of wireless networks are clients and access points. Clients are computers with wireless network cards; these cards work just the same as wired network cards, but without the wires. Access points, which act as a consolidation point for multiple wireless clients, have a connection to a traditional wired network. Some new access points allow linking multiple access points through wireless links, extending the range and coverage of a wireless network without having all access points connected to a wired network, thereby saving on wiring costs.

Most laptops now include wireless network cards as an integrated feature, and wireless network cards are available for desktop computers, connecting through PCI, PCI Express (PCIe), or USB. It is great that many computers have integrated wireless cards, but be prepared as new technology arrives on the scene since you will likely end up using an expansion option on your computer to add an updated wireless card to your computer.

Wireless networks used to command a premium, but wireless networking components have become a commodity. You now have several choices, all less than $100. The difference in price between the inexpensive units and expensive units is based on the strength of the radios, the features that are available on the unit, and the brand.

If you work with a wireless network that has an access point, the network client runs in infrastructure mode, which has access points making up the underlying network infrastructure. If the network is composed only of clients joined to form a network, the network runs in ad hoc mode, which is typically used only when people need to exchange files or work together in a location without an access point. This type of work situation often happens when people use a temporary location — say, a conference room — to work on a project for a couple of days. Instead of relying on a 4–8-port mini-switch or hub with which files could be shared, folks can just use an ad hoc wireless network. Both wireless network types are shown in Figure 2-1.

Most wireless networks are composed of access points and wireless clients, so unless the question specifies ad hoc, access points should be expected to be on the network.

Connecting to a network

Every wireless network is identified by an SSID (Service Set Identifier), which is used by all clients on the network, identifying them as members of the network. The SSID is a case-sensitive name of 32 or fewer characters. Every manufacturer sets a default SSID. However, for security and to reduce confusion with neighboring access points, this default should be changed to a unique name. To connect to a wireless network, you need to know the SSID.

Some manufacturers refer to the SSID as a BSSID (Basic Service Set Identifier) or an ESSID (Extended Service Set Identifier). The IEEE 802.11-1999 wireless network standard defines an ESSID as a set of access points using the same SSID and channel, and operating as a single BSSID to their wireless network clients.

After your wireless network card is installed in the computer, determine whether to use Microsoft Wireless Zero Configuration (XP), WLAN AutoConfig (Windows 7 and Vista), or the custom software that comes with some wireless network cards.

XP

If you use the default Windows XP software, open the Network Connections folder and double-click your wireless network card to open the Wireless Status dialog box. This gives you information about your current wireless connection, including connection speed, SSID, and signal strength.

If you are not yet connected to the network, click the View Wireless Network button, which shows you all networks in your area that are broadcasting their SSIDs. To configure a connection to one of the networks, simply select the network and click the Connect button. If you need to enter a security key, you are prompted to enter the required information. The Wireless dialog box and the Wireless Status dialog box are shown in Figure 2-2.

Windows 7 and Vista

If you use the default Windows 7 and Vista software, open the Network and Sharing Center and click the View Status link next to your wireless card. This provides you with the same information that you would see with Windows XP, such as connection speed, SSID, and signal strength. If you are not yet connected to the network, click the Manage Wireless Connections link in the Network and Sharing Center. From there, you can choose to add a new wireless network manually or by viewing from the networks in your area that are broadcasting their SSIDs.

To configure a connection to one of the networks, simply select the network and then click the Connect button. Just like with Windows XP, if you need to enter a security key, you are prompted to enter the required information. Both the Network and Sharing Center and the Wireless Network Connection Status dialog box are shown in Figure 2-3.

Wireless standards

Wireless networks are defined by several standards, and the performance and security features for wireless networks are constantly improving. What’s more, because of constant improvements, new standards continually emerge. Gordon Moore of Intel predicted that the components in a processor’s integrated circuit would double every 24 months. This statement has since been named Moore’s Law, and has been applied to many areas of the computing industry. As Moore’s Law is applied to more sections of the computer industry, wireless is just another section of the industry that falls to those general rules, with speed doubling every two years.

The main wireless standards currently in use are 802.11a, 802.11b, 802.11g, and 802.11n, with other standards on the horizon. Each of these technologies is based upon published standards, and the upcoming ones are usually based upon several draft standards. Some hardware manufacturers have started to supply hardware capable of supporting the upcoming standards and using some of the new features. Typically, if the manufacturer can meet the hardware standards, the software can be updated later via a firmware update.

To go along with the standard features, many vendors choose to implement additional features not in the standard or make propriety enhancements, like many of the vendors who advertise special speed enhancements.

The following sections outline the main features of each of the 802.11 wireless networking standards.

802.11a

Released in 1999 (but not actively shipping until component supply issues were resolved), 802.11a networks operate in the 5 GHz radio spectrum. Other devices, such as newer cordless phones, also run in this unlicensed spectrum. Overall, the 5 GHz space is less occupied by devices compared with the 2.4 GHz space used by most other wireless devices. For 802.11a networks, there are 12 non-overlapping signal channels.

The network rated speed of 802.11a is 54 Mbps, but in most situations you can expect to see about half that speed. The typical range for this type of network is about 100 feet (30 meters).

Although the 5 GHz frequency range is unlicensed, its use for wireless networking has been approved only in the United States, Canada, and Japan; and prior to 2002, only in some European countries. Regulatory changes in 2002 and 2003 opened the 5 GHz frequency range throughout the European Union.

802.11b

Released in 1999, 802.11b technology was able to beat 802.11a technology to the market because it was built on DSSS (Direct-Sequence Spread Spectrum) technology. As such, components required for it were all readily available for production facilities. 802.11b operates in the 2.4 GHz radio spectrum, which is heavily cluttered with cordless phones, Bluetooth (see the “Bluetooth” section, later in this chapter), and spill-over interference from microwave ovens.

The network rated speed of 802.11b is 11 Mbps, but in most situations you can expect to see about 6.5 Mbps because 802.11b is a CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance) network, which sends “I’m going to send data” broadcast messages prior to sending its data, which increases the traffic on the network. (See Book VIII, Chapter 1, for the lowdown on CSMA/CA.) The typical range for this type of network is about 100 feet (30 meters).

Wireless networks in the 2.4 GHz range have 14 channels available for use. Eleven channels are acceptable everywhere, the United Kingdom and some European countries allow up to 13 channels, and Japan allows all 14 channels. Channels are defined by the center frequency that they use. Some vendors use wider channels than others, overlapping their neighboring channels. Typically channels 1, 6, 11, and 14 are thought to be non-overlapping, so in North America there are three channels that are normally non-overlapping and will not interfere with each other. See Figure 2-4 for a channel diagram of the 802.11b/g spectrum.

802.11g

Released in 2003, 802.11g is an updated version of 802.11b, still running in the 2.4 GHz spectrum but allowing faster data transfer speeds to put it on a performance par with 802.11a. Because it operates in the 2.4 GHz spectrum, it is also backward compatible with 802.11b, making migration to 802.11g an easy step for many organizations because they could update the back-end infrastructure and then update the wireless clients in a manner that fits within the corporate requirements.

The network rated speed for 802.11g is 54 Mbps, but in most situations you can expect about half that speed because the throughput is reduced as distances between the client and access point increase, and the signal suffers from greater interference. Because wireless networks are a shared medium further reduces throughput as the number of users sharing an access point increases the competition for the wireless signal. The typical range for this type of network is about 100 feet (30 meters).

With all the benefits that are available with 802.11g, many companies began producing products well before the standards were ratified.

802.11n

802.11n represents the latest improvements to networking in the 2.4 GHz and 5 GHz spectrums. Originally planned as a replacement for 802.11b/g, the standard now allows for radios operating in the 5 GHz spectrum of 802.11a. Again, this solution suffers from an already congested spectrum. The biggest change that you will see with this technology is the implementation of multiple transmitters and receivers and multiplexing of signals. This technology is referred to as MIMO (Multiple-Input Multiple-Output).

The network-rated speed is up to 200 Mbps (600 Mbps when multiplexed or connected over multiple radios). As with most wireless technology, you should expect typical transfer rates at about half that — in the 300 Mbps area. The typical range for this type of network is about 165 feet (50 meters).

Although there is a lot of talk about cordless phones causing interference with wireless networking, there has been a big boost in 5 GHz phone sales because they do not interfere with 802.11b/g/n networks. New DECT 6.0 phones — which run at 1.9 GHz — are starting to become popular because they do not interfere with any 802.11 wireless networks.

Securing wireless networks

With the proliferation of wireless technology, security has come to the forefront of many conversations, which is odd because it should have been prominent from the very beginning. The main steps you can take to improve wireless security include password management, SSID management, MAC address filtering, WEP, WPA, WPA2, DMZ, DHCP settings, and updating the firmware. Many of these configuration settings can be seen in Figure 2-5. The configuration screens for most access points are accessed using a Web browser and connecting to the IP (Internet protocol) address of the access point, as I did when connecting to the Linksys access point shown in Figure 2-5.

Passwords

All access points ship with a default Administrator username and password. A quick search of the Internet will give you the default usernames and passwords for most manufacturers and models. Usually, in addition to an owner’s manual, a new access point will ship with a Quick Start guide containing an abridged set of steps to follow to apply a basic configuration to the access point. This guide typically includes the default IP address, username, and password used by the access point. When wireless networks started to become widespread, these guides did not suggest changing the default passwords, but most of them now offer the suggestion in the initial setup steps — if not actually forcing you to do it before making any other configuration changes.

Changing the Administrator password should be the first step in the setup procedure. Until you change the password, any person within the range of your access point can make any configuration changes they wish.

SSID broadcasting

Security through obscurity is not the best security measure, but it provides one more layer to your overall network security. The Microsoft Wireless Zero Configuration (XP) or WLAN AutoConfig (Windows 7/Vista) service tries to make it easy for you to connect to wireless networks (as do many hardware vendors that have custom management software), and these configuration tools display all the SSIDs for wireless networks in range of your computer if the access points are broadcasting their SSID. This allows you to select the SSID or wireless network that you want to connect to and quickly configure it. By disabling the broadcasting of your SSID, your network will not show up in the list of detected wireless networks within Windows XP and Vista. If you are not on the list, most people won’t even know your network is there — and therefore, won’t connect to it. Windows 7 will display nonbroadcasting SSIDs as wireless networks named “Other Network.” Connecting to the “Other Network” will require the user to know the actual SSID.

Disabling SSID broadcasting is only a mild security setting, as you discover in the section, “Troubleshooting Issues,” later in this chapter. If someone wants to gain access to your wireless network, disabling SSID broadcasts won’t slow him very much nor prevent that person from knowing that a wireless network exists.

MAC address filtering

Media Access Control (MAC) address filtering is another step that will slow most casual users from gaining access to your network, but it is not considered strong security on its own. Most access points allow you to perform different types of filtering, and most allow you to at least filter traffic by MAC addresses that are hard-coded onto each network adapter on your wireless network.

Implementing this security step means that for each new network card that you want to operate on your network, you need to adjust your access points. Even with the MAC address restriction in place on your access point, an unscrupulous person can use a network sniffer like AirSnort to see some traffic on the wireless network. In this traffic, such a person can see the MAC addresses of clients who are communicating on your wireless network. By taking this information and using a network card or operating system that allows him to manually control the MAC address, the individual can imitate one of the valid MAC addresses that are allowed to be used on your network. The timing on this is important because if two computers on a network have the same MAC address, all sorts of communication errors can happen.

As I mention previously, MAC address filtering keeps the casual user out of your network, but it shouldn’t be your sole security measure. If somebody wants to get onto your network, this will not slow him down very much.

WEP

The security measures I’ve discussed thus far do not deal with encryption. Wired Equivalent Privacy (WEP) was the first attempt to secure wireless networks by using encryption. Early WEP used a 64-bit key, which was a 40-bit encryption key joined with a 24-bit initialization vector (IV). This was easily breakable. Newer WEP uses a 104-bit encryption key joined with the 24-bit IV, providing a higher level of security.

The benefit of WEP is that it’s fairly easy to configure on both the access point and the client and again provides security against the casual wireless user. One of the main drawbacks to WEP is that technology has not substantially changed on how security keys are managed, such as IVs being sent over the network in plain text. And, if an intruder captures enough traffic from your network, he can deduce your WEP keys, giving him full access to your network. The answer to this problem is WPA.

WPA

Wi-Fi Protected Access (WPA) and WPA2 (also called 802.11i) are all about improving security on wireless networks. Rather than using a single WEP key, WPA uses per-session keys that are agreed upon by the wireless client and the access point after an initial handshaking process. This technology was created in response to the weaknesses that were found in WEP. No security is unbreakable, and creating a better mousetrap just seems to create smarter mice. Still, the security settings available in WPA2 make wireless networks as secure as they can be. As of this writing, the time needed to break the keys used would render the broken keys mostly useless because they would have already been changed on the network.

WPA allows you to use two initial handshaking methods:

An 802.1x authentication (Radius) server

A manually typed preshared key (PSK), which is configured on both the access point and the clients

In your list of security methods, you can choose TKIP (Temporal Key Integrity Protocol), which uses a 128-bit encryption key and a 48-bit IV to secure the data. In addition, after every 10,000 packets of data have been sent, new TKIP keys are generated and used. This regular changing of the keys keeps the network more secure.

WPA2 builds upon this security by adding the U.S. government standard AES (Advanced Encryption Standard) to the data encryption methods, which allows for encryption keys of up to 256 bits.

Older wireless products may not support WPA and WPA2. If compatibility with the widest range of devices is required, WEP might be a requirement for you — but only use it if you must because it is easily cracked.

WPA and WPA2 encryptions are the two most common security methods used to secure wireless networks because the data is encrypted with the password you use (known as the key), and the password acts as a method of authorizing the client (only systems that know the password can connect).

VPNs and DMZs

Although it requires more setup, you can treat your wireless network as a hostile remote network. By hostile, I mean that the network contains many individuals who would like to gain access to the company’s private information stored on its corporate network. Some companies have faith that the security settings that they configured on their wireless access points will keep all unwanted visitors or trespassers off their network. And that is not an unreasonable thought, given the current security settings that are available. However, for those companies that do not trust these security levels available in the current wireless technology, or who are afraid of the smarter mouse arriving on the scene sooner rather than later, other steps can be taken to provide even more secure wireless.

Most companies today have a connection to the Internet coming into their organization, and they treat the Internet as a large hostile remote network. To prevent their private data from being accessed, companies use a firewall where the Internet meets their network, allowing them to inspect and control the data that moves between their network and the Internet. If they have data that they would like some people on the Internet to be able to access (such as data on a Web server or an FTP server), they may implement a second firewall, making another private network. This strategy provides some protection from unwanted visitors gaining access to the Web or FTP server but offers less protection than their normal private network because some people have a right to access the server. In most cases, this more open private net will be placed between the hostile Internet and the private corporate network, creating a less hostile, but still not absolutely safe, Demilitarized Zone (DMZ).

It is also common for companies to have remote workers who need access to the corporate network while they are away from the office. This access is given through a special secure channel: a Virtual Private Network (VPN). A VPN relies upon secure authentication and data encryption methods to create a secure and private connection through a firewall to a corporate network. Most often, this security is handled by SSL (Secure Sockets Layer) or IPSec (IP Security), which are two industry standard methods of encrypting TCP/IP or Internet data.

More information about firewalls, VPNs, DMZs, SSL, and IPSec can be found in Book IX, Chapters 1 and 2.

So, by segregating your wireless users into their own DMZ or private segment (protected from the Internet), you can keep any potential wireless intruder away from your private corporate data because users of that wireless network do not have direct access to the corporate network. For your users to access corporate data, they use the same remote access methods, such as a VPN connection, that they would use when on the road. These additional security steps can be layered atop the previously discussed techniques, such as WEP and WPA, forcing users to take more steps to get access to your corporate data, but making the connection more secure.

DHCP server settings

A DHCP (Dynamic Host Configuration Protocol) server provides automatic TCP/IP configuration to network clients by changing normal items that DHCP provides, such as a default gateway or DNS settings for name resolution, or by disabling DHCP altogether. By failing to distribute accurate TCP/IP information to unwanted visitors, and using manual TCP/IP configurations to users, you are implementing another rudimentary security step. This security based on DHCP settings might prevent most casual users from getting ready access to information or gaining access to the Internet through your wireless network. Still, any unwanted intruder who wants to gain access will be able to find correct TCP/IP settings by using a standard packet capture utility, such as Wireshark (www.wireshark.org).

Client isolation

This option, available on many network switches, has found its way to wireless networks as well. When this setting is enabled, wireless clients can talk to the rest of the network but cannot communicate with other clients on the same wireless access point.

Firmware

Not to be forgotten when setting up new wireless networks (or periodically after a network is set up) is to check for firmware updates for your wireless network components or driver updates for your network cards. These updates are how new security features are retrofitted into your wireless products.

Take care when doing this because features are occasionally removed, or you might encounter problems with the new code in the firmware.

Many people have opted to stop using the firmware from their hardware manufacturer and instead use a third-party or open source firmware, such as DD-WRT (www.dd-wrt.com). This firmware works on a variety of hardware platforms, which are listed on its Web site.

Installing and Configuring a SOHO Network

The new A+ Certification exams not only want you to understand the theory of wireless networking, but they also want you to have a basic understanding on how to set up a small office/home office (SOHO) network. In the following sections, you see some of the basic settings that need to be configured on a wireless home router. These settings may look different on each different model of wireless router, but the concepts are all the same.

I am using a DLINK DIR-615 router as the example.

When you take the wireless router out of the box, the first thing you will notice is an Internet port and most likely four other network ports that are the switch part of the home router. The four-port switch is used to connect any wired systems you have to the network.

The first thing you should do is connect your modem from the ISP to the Internet port on the router. This will allow the router to have Internet access and will share that Internet access to the rest of the network.

Basic wireless router settings

You can now connect your system to one of the four switch ports. The home router will assign your system an IP address so that you can surf the Internet, or more importantly, so that you can configure the router. To configure the router, start a web browser and type in the IP address of the router (found in the Getting Started manual). The address is most likely 192.168.0.1 or 192.168.1.1, so you would type that in the address bar of the browser.

When the browser connects to the router, you will see the configuration website of the router, where you can customize all the router settings. You need to log on to the router to make the changes. Use the username of “admin” with either no password or a password of “admin.” If that does not work, you need to check the manual for the username and password.

Configuring the SSID

After you are logged on, the first thing to do is to change the SSID value on the router and then disable SSID broadcasting. To change the SSID on the DIR-615 router, click the Setup link at the top and then the Wireless Settings link on the left. In this example, you want to do a manual configuration, so click the Manual Wireless Network Setup button. The basic wireless configuration displays as shown in Figure 2-6.

To change the SSID, change the Wireless Network Name setting to your desired SSID. I am using APlus. Also notice the Visibility Status setting, which you can set to Invisible to disable SSID broadcasting.

The final setting I want you to notice is an option to enable wireless, which you could deselect to disable the wireless networking aspect of the home router. You could do this if you had no wireless systems and wanted to be sure that no one connected to your wireless network.

Don’t forget to click the Save Settings button after you make changes if you want to have them saved!

DHCP settings

The next item I want to show you is how to configure the DHCP server settings of the home router. On the DIR-615, you can click the Setup link at the top and then the Network Settings link on the left. You will notice you can change the IP address of the router if you like, along with ensuring that the DHCP server is enabled (see Figure 2-7). After ensuring that the DHCP server is enabled, you can configure the range of addresses that you want the DHCP server to give out. Notice that my router is giving out 192.168.1.150 up to 192.168.1.200.

Securing the wireless router

Now I look at how to set some of the security settings I discussed, such as setting an admin password, encryption, and MAC filtering. Finally, I show you how you can lower the power level on the wireless network.

Admin password

It is important to set your admin password on the router right away so that others do not log on to the router and change the settings. To change the admin password, click the Tools link at the top of the page and then type in the desired admin password (see Figure 2-8). Notice that you can configure a user password as well, which would allow someone to connect to the router and view the settings but not change anything.

On this page, you also have the option to allow remote administration if you want to be on the Internet and connect to your router to make changes. This is not recommended because it is more secure to ensure that someone who changes your router configuration is on the local network.

Encryption

After you change the admin password, you can then set up the encryption. Remember that you should use the more secure WPA2 if possible. To configure wireless encryption on the DIR-615, you would click the Setup link at the top of the page and then the Wireless Settings link on the left. Choose WPA-Personal as the security mode and then choose WPA2 Only in the WPA Mode drop-down list (see Figure 2-9).

After you set the WPA mode to WPA2 Only, you then must set the password by typing the password (known as the encryption key) in the Pre-Shared Key box below. Finish things off by clicking the Save Settings button at the top of the page.

MAC filtering

Another step toward securing your wireless network is to enable MAC filtering, which limits what systems can connect to the network by their MAC address. To enable MAC filtering on the DIR-615 router, you would click the Advanced link at the top of the page and the Network Filter link on the left.

Choose the Turn MAC Filtering ON option, and then list the MAC addresses of the systems you want to allow to connect to the wireless network (see Figure 2-10).

Other security settings

You can implement a number of other settings that can aid in the security of the SOHO network. You can place the wireless access point (antenna) in the center of the building and then lower the power level of the wireless access point so that the wireless signal cannot travel as far. The goal here is to prevent someone from outside the office building from connecting to the wireless network.

You could also disable DHCP on the wireless router so that if someone does connect to the router, he does not get an IP address automatically and is then unable to network with your systems on the network. This means that you will need to assign static IP addresses to all your systems.

You should know these security best practices for both wired and wireless SOHO networks for the A+ Certification exams:

Change default usernames and passwords: Ensure that you connect to the wireless router and change any default usernames (if possible) and ensure that you set passwords for the default accounts.

Change the SSID: Change the SSID to something that has no relevance to your physical location or company name.

Set encryption: Ensure that you enable wireless encryption to the highest level possible. For example, use WPA2, but if that is not available, use WPA.

Disable SSID broadcast: After setting the SSID value, ensure that you disable SSID broadcasting. This is known as the visibility setting on some routers.

Enable MAC filtering: Make sure that you enable MAC filtering to limit which devices can connect to your wireless network by MAC address.

Place the access point: Place your wireless access point in the middle of the building so that you can try to get equal coverage throughout the office.

Set radio power levels: After placing the access point in the middle of the building, reduce the power level on the router so that the signal weakens after a short distance. This way, someone sitting out on the street cannot connect to your wireless network.

Assign static IP addresses: Although this is an administrative nightmare, in high-secure environments, you may want to disable DHCP on the router and require static addresses to be configured on any system connecting to the network.

Disable ports: The SOHO network will have wired ports on the switch. Disable any ports on the switch that are not being used to prevent unauthorized systems from connecting to the port.

Provide physical security: Ensure that the routers and switches are in a central room that is locked down to prevent unauthorized personnel from gaining physical access to the router and switches.

Other router settings

You may want to check out a number of other settings on the wireless router. The following are some settings worth knowing for the A+ Certification exams:

Channels: If you find that you keep losing your wireless connection, it could be because other household devices like a cordless phone are interfering with your wireless. You can change the channel of the wireless network, which places it on a different frequency.

Firewall: The home router typically has a firewall feature that is enabled by default. This firewall prevents traffic from the Internet from entering your network.

Port forwarding/triggering: If you are hosting a web server or gaming server, you may need to open ports on your firewall with the port forwarding/triggering feature. When setting up port forwarding, you specify what port to open on the firewall and then the IP address to send that traffic to.

DMZ: Most home routers give you an option to configure a DMZ (demilitarized zone), which is a system that can receive limited traffic from the Internet.

WPS: Wi-Fi Protected Setup (WPS) is a feature that allows you to easily configure wireless security settings such as SSID and encryption, while only requiring users to connect using a PIN.

Basic QoS: Quality of service allows you to control bandwidth utilization on the network. This allows you to ensure that a certain application is not using all your network bandwidth.

Other Wireless

Two more products fall into the wireless networking category: Bluetooth and cellular. Bluetooth is used as a communication link between different devices, and cellular is used for remote dialup networking or Internet access. In both cases, using these wireless devices is very different than the 802.11 wireless networking protocols, which are designed to be a short-range extension of a LAN (local area network).

Bluetooth

Bluetooth follows the standards set out in the IEEE 802.15.1 specification. As a personal area network (PAN), Bluetooth is designed primarily for use in very small areas or short ranges, such as on a person’s body. You have probably seen cordless cellular phone headsets, which operate over the space between the headset in the ear and a phone carried on the hip or in a purse. Most wireless links for today’s cell phones and PDAs use Bluetooth. You might not immediately think of these links as being on a network — after all, you are not surfing the Internet or transferring files — but you are transferring data, in some form, between the devices. There are three classes of devices on Bluetooth networks:

Class 1 devices operate at 100 milliwatt (mW) and have a range of 100 meters.

Class 2 devices operate at 2.5 mW and have a range of 10 meters.

Class 3 devices operate at 1 mW and have a range of about 1 meter.

Most devices are Class 3. Class 3 Bluetooth devices include telephone and computer headsets, PDA-to-PC synchronization, printers, digital cameras, cell phones for synchronizing with PCs, game controllers, remote controls, and instrument collection devices.

Bluetooth has replaced serial or infrared connections that would have been used for many of these functions in the past. Bluetooth is used mainly in low-bandwidth, short-haul situations.

Bluetooth operates in the 2.4 GHz spectrum, specifically around the 2.45 GHz mark. This means that it is open to interference from other devices running in the same spectrum. However, because of its limited range, it tends to cause fewer problems with devices that are outside of its range.

Some Bluetooth devices have a security feature — pairing — that can and should be used when available. There have already been viruses affecting Bluetooth cell phones that were originally set to freely associate with any other Bluetooth device in the area. Most phones now require pairing with devices to communicate.

Pairing registers a pair of devices with each other by using a shared secret key so that they can talk only with other devices that are known. Pairing is used as a means of authentication between devices and can also be used to encrypt data communication between them. Some devices, such as printers, might end up being left open and unsecured to keep a high level of functionality, but this would be a conscious decision to leave pairing turned off, and to leave the device unsecured.

WAN cellular

A wide area network (WAN) — unlike a LAN, which is contained within one or two adjacent buildings — spans a large geographical area and usually involves communication links operated by a Telco. Considering the number of communities and cities planning to set up wide-scale public access wireless networks and the cost of cellular data transfer rates, WAN cellular technology might not become extremely widespread.

In conjunction with your data network provider, you can sometimes get cellular WAN access to your network: wireless wide area network (WWAN). You need a special cellular gateway or a data-enabled phone, which some people might refer to as a modem. Unlike a normal cellular modem that needs to dial another modem to establish a connection, the gateway makes a connection directly to the cellular provider’s network. The gateway may be connected to your computer by USB, Bluetooth, or PCMCIA. This gateway connects to your data network provider and sets up a secure tunnel for access to your corporate network’s resources. The data rates on these connections are usually faster than traditional dialup connections, and they do provide secure access to your LAN data services, but most service providers charge a substantial fee for the service.

Increasing Wireless Network Performance

Some basic steps that you can take to improve wireless performance include the following:

Reduce interference from other sources. This might include changing channels that you are using or changing the spectrum that you are using, such as switching from 2.4 GHz to 5 GHz technologies.

Reduce the number of clients per access point. Because wireless is a shared medium, the fewer clients the access point has to share bandwidth between, the faster each client will be.

Reduce the range between the clients and the access points. As the range between the client and access point increases, the signal quality decreases — and, therefore, the data throughput rate decreases.

Use faster technology. For example, upgrade from 802.11b to 802.11g or 802.11n.

Reduce the material that the signal must travel through. The distance ratings are usually open-air ratings, and construction materials and other objects in the path of the signal will reduce the signal strength.

Outdoor wireless networks set up during the winter can experience problems in the spring when trees in the path of the signal leaf out. Try to anticipate how annual weather and seasonal changes in your area will affect both your wireless equipment and wireless signal.

Use proprietary or nonstandard technology to improve data transfer speeds. This might work only when teamed with specific networks cards from the wireless vendor.

Troubleshooting Issues

Any issues that affect wired networks can affect wireless networks as well. Very often, symptoms show up first on the wireless network. The bandwidth on the wireless network is substantially lower, so when a problem on your network consumes bandwidth — like a worm — it will cause connectivity and performance issues on your wireless network before users of your wired network notice the problem.

A number of outside factors, such as microwaves and cordless phones, can affect wireless networks. Because these devices operate throughout and beyond the 2.4 GHz spectrum, and because they do not advertise themselves as wireless networks, they won’t show up in the results in Network Stumbler (more on that in a bit) when you are viewing the strength of wireless networks in the area. To locate these rogue signals, you need to perform a physical inspection — or, better yet, run a spectrum analysis tool. These tools used to cost thousands of dollars, but the price of quality tools has dropped to hundreds of dollars, and some tools cost even less. Managing your wireless frequencies is becoming just as important as managing your wired data networks.

To survey wireless networks in your area so that you can choose a clear channel, take a look at Network Stumbler (www.netstumbler.com). Use this tool to view detailed information about the wireless signals in your area. Figure 2-11 shows how Network Stumbler displays information about access points, including the channels on which they are running, what SSIDs are broadcast (AP 0011951FBEBF is not broadcasting its SSID), and whether they have security enabled. Many other applications do the same type of thing, and this feature is even incorporated into the management software that ships with some network card drivers.

If you know that an access point is not broadcasting its SSID, you can find the SSID by using wireless network auditing tools, like BackTrack (formerly Linux Auditor Security), available at www.remote-exploit.org.

If you can get a good signal but you don’t seem to be able to establish a connection or transfer data with the network, look at the security settings on both the access point and the client computer. If the WEP settings are incorrect or if the network authentication is not set correctly, you might experience either of these problems.

Much the same as WEP keys and settings, if you are using WPA, your problems could be with the shared secret that is configured or the settings for the authentication server, which verify user or access point credentials.

Getting an A+

This chapter goes over some common wireless communications. The following points are covered:

Infrared technology depends on line-of-sight and tends to be used for low-bandwidth solutions.

A number of factors affect wireless signal quality and strength, such as interference, range, and the number of connected clients.

802.11a/b/g networks all have a range of 100 feet (30 meters), and 802.11n has a range of 165 feet (50 meters). 802.11a networks operate in the 5 GHz spectrum, and 802.11b and 802.11g networks operate in the 2.4 GHz spectrum; while 802.11n networks can operate in both spectrums.

WEP and WPA are the most common methods to secure wireless networks, but other options include disabling SSID broadcasting, MAC filtering, placing wireless APs in a DMZ, and changing default passwords.

Bluetooth is used only for short-range communication.

Prep Test

1 Which of the following is not a technology that can be used to connect to a printer?

A Bluetooth

B WWAN

C 802.11b

D Infrared

2 Typical client Bluetooth implementations have what ranges? (Select all that apply.)

A 1 meter

B 5 meters

C 10 meters

D 25 meters

3 What is the standard range of 802.11a/b/g wireless networks?

A 10 meters

B 30 meters

C 50 meters

D 100 meters

4 Which of the following does not impact the quality of wireless signals?

A Microwave ovens

B Air temperature

C Cordless phones

D Distance between access point and clients

5 802.11g networks are backward compatible with which other 802.11 technology?

A 802.11a

B 802.11b

C 802.11i

D 802.11n

6 Which of the following would be used to provide wireless connectivity across a metropolitan area?

A Bluetooth

B Infrared

C Cellular

D MIMO

7 What frequency ranges are used by 802.11 wireless networks? (Select all that apply.)

A 900 MHz

B 1.5 GHz

C 2.4 GHz

D 5.0 GHz

8 Which of the following is not a technology used to secure wireless networks?

A WPS

B WEP

C WPA

D 802.11i

Answers

1 B. Printers from different manufacturers support some of or all the listed wireless technologies, and WWAN is a technology used to connect to your network while out of the office. See “Understanding Infrared Devices,” “Bluetooth,” and “Working with Wireless Networks.”

2 A, C. Bluetooth technology has ranges of 1, 10, and 100 meters depending on the class of devices that are being used. Review “Bluetooth.”

3 B. Most 802.11 wireless networks have a range of 30 meters in open air. Check out “Wireless standards.”

4 B. Air temperature has not been documented to have an impact on wireless networks. Peruse “Troubleshooting Issues.”

5 B. 802.11g uses the same 2.4 GHz spectrum and was designed to be backward compatible with 802.11b. 802.11n is backward compatible with both 802.11g and 802.11b. Take a look at “802.11g.”

6 C. The only technology that will work across a metropolitan area is cellular, which is used for WAN cellular or WWAN connectivity. Peek at “WAN cellular.”

7 C, D. 802.11 networks run at either 2.4 GHz for 802.11b/g/n or 5.0 GHz for 802.11a. Look over “Wireless standards.”

8 A. WPS is not a technology used for wireless security. Study “Securing wireless networks.”