October 21st, 2002 06:15 PM
Wireless 101 - Setting up your first wireless network
Hopefully this will help you get your first wireless network up and running. Please understand that wireless network technology is changing on a very regular basis and we are seeing a merging/blending of features in the different technologies. I have tried to keep this paper basic. There are a lot of advanced issues not covered here.
First some basic information.
There are currently 3 main standards in use or being defined today:
Uses the 2.4000-GHz to 2.4835-GHz frequency with a maximum data rate of 11Mbps. Depending on the distance and interfering objects the data rate can drop to 5.5 Mbps, 2 Mbps, or 1 Mbps. Possible causes of interference are thick walls, Microwave ovens, and cordless phones.
Uses the 5.15/5.13-GHz through 5.725/5.826-GHz frequency with a maximum data rate of 54Mbps. Distance and interfering objects will also reduce the data rate.
This standard is not yet approved but is planned to operate in the same frequency as 802.11b but will provide data rate comparable to 802.11a
Note 1: Because of the different operating frequencies 802.11a and 802.11b devices will not interoperate with each other.
Note 2: Vendors are now coming out with access points that support both 802.11a and 802.11b standards
Access Point Ė Basically acts like a hub in a wired network. It is a wireless hub or central point that all other wireless devices talk to. There are lots of different types of APís. Some include a wired hub, some include a broadband modem, and some are manageable. The more money the more features.
WEP (Wired Equivalent Privacy) Ė Part of the 802.11x standard that defines encryption for wireless devices. The standards define WEP so that devices from different vendors can talk to each other. Be aware that some vendors use a proprietary WEP to increase security. This can present issues if you want to mix products from different vendors on the same WLAN.
SSID (service set identifier) Ė This is a unique identifier for the wireless network. All devices on the same network must have the same SSID configured.
Channel Ė This is the channel that youíre your particular wireless network will run on. In 802.11b the channel must be the same for all devices. In 802.11a it depends on the vendor. Some vendors have what is called frequency hopping devices that change channels dynamically.
Wireless Mode Ė There are two different modes your wireless network can operate in, Infrastructure and Ad-Hoc. Infrastructure is the normal mode and that is what we will assume for the rest of the paper. Infrastructure mode basically means your wireless client device will talk to an Access Point only. Ad-Hoc mode will allow a wireless device to talk to another wireless device without an Access Point.
Setting up your first network
Note: Most of the following configuration assumes 802.11b
OK you will need an AP (access point)
There is a LOT of choices out there. Vendors are coming out with different flavors faster that people can buy them. Some basic guidelines are:
If you already have a wired network that you want to keep, you can save some money and buy an AP that has a 10BaseT connection. You can also buy APís that have 4 port hubs built in, these are good if you plan on have several PCs/servers in the same room in addition to you wireless devices. These devices are also good if you already have a connection to the Internet (Broadband modem, Firewall, Internet connection sharing device)
If you are looking at moving up to a broadband connection and donít already have a modem there are several flavors of APís that have broadband modems built in. Configuration is sometimes a little more difficult. It usually requires an intimate relationship with your provider to get things started.
Connect your AP to you network or network connection
Follow the manufacturerís instructions for installing the device drivers. This is usually pretty painless.
Note: I have installed wireless devices on all windows operating systems except ME. XP was the easiest as it already has drivers built in. Even Linux wasnít too bad (RH7.3) The important thing about drivers is to make sure you have the latest ones. Check the vendorís web site for updated drivers. It will save you a lot of troubleshooting grief.
Some APís are configured by connecting a PC to the device with a USB cable, some can be configured over the network with telnet or through a web interface. Follow the manufacturerís directions and configure your SSID, Channel, and WEP. If you are going to let your AP assign IP addresses you will also need to configure the DHCP settings. If your AP is also acting as a modem or router you will have additional settings to configure. Make a note of these settings as you will need them when you set up your client devices.
Now you need one or more client devices
There are PC Card devices
There are USB devices
There are PCI cards (these are usually PCI cards with a slot to plug in a PC Card device)
Again, follow the manufacturerís instructions for installed the hardware and software. Go into the configuration for the device. Enter the Mode, SSID, Channel, and WEP information (the stuff you wrote down earlier (you did, didnít you?)). It is VERY important that you enter the information exactly the same because some fields are case sensitive. Most software includes a strength meter as part of the utilities. You should use this to make sure you are in range of the AP. If you are not using DHCP you will then need to configure your IP settings for your wireless adapter.
Note: Windows XP includes drivers for most wireless cards and will even find wireless networks and automatically set most of the configuration parameters (except WEP).
To see other Windows PCís on your network you will also have to make sure they are all configured with the same Workgroup or Domain name.
Thatís it for the network connectivity part. You should be able to browse your Network Neighborhood or My Network Places and see other devices on you network.
Securing your wireless network
Contrary to popular belief, wireless networks CAN be secure. The downside is it usually cost additional money. The more difficult you make it for the hacker the more likely he may move on to an easier WLAN.
Do not rely on WEP as your only method of security. There are well known and reliable methods of cracking WEP.
Some things you should do to make it harder to penetrate you new network are:
Use Private (non Internet routable IP addresses).
This will not help if somebody is wardriving but it will help stop hackers coming in from the Internet.
Do not use common or descriptive names for your SSID and AP name.
This information is in the 802.11x header and is NOT encrypted.
Configure client MAC addresses in you AP.
Some vendors allow you to maintain a list of valid MAC address that are allowed to access the AP. This can be a pain in a corporate environment where client devices might change frequently but it might be worth it.
Do not run DHCP on your wireless network.
This will force the potential hacker to find a valid address.
Do not use the default user ids and passwords.
This is just basic security common sense.
Locate your APís centrally.
This makes it harder for wardrivers to pick up your signal.
For corporate environments you could also:
Consider using EAP for authentication.
Extensible Authentication Protocol allows for a more secure and controllable method of authentication.
Do not broadcast SSID
Some Access Points can be configured so they do not broadcast the SSID. It just makes it a little more difficult for the hacker.
Separate you wireless networks from your wired network using a firewall.
This will segregate you wireless traffic from your internal network traffic and help stop a hacker from getting to everything.
Run dynamic WEP.
This new technology dynamically changes the WEP encryption key at a predetermined time interval. If this interval is set for a short time span (10 minutes) the hacker will be able to crack saved packets but he will not be able to come back and sniff real time.
Note: This technology is vendor specific
The ultimate security:
Run VPN inside your wireless network.
Run a VPN client on your client devices to a VPN concentrator on your wired network. Even after a hacker gets past your WEP the data can not be accessed because it is inside the VPN tunnel.
Troubleshooting your wireless network
Your wireless client device is not functioning properly.
Make sure you are using the latest drivers. Follow the Vendors troubleshooting procedures for that device.
The PC can not see any other devices on the WLAN.
Make sure you are in range of the AP. Most devices include utilities that let you see the signal strength of the AP.
If they are Windows devices, make sure they are in the same workgroup or domain. Make sure they all have File Sharing turned on.
Your client device can not see the Access Point.
Make sure you are within the range limits of the device and protocol.
If you are using 802.11b there are other devices that operate in the same frequency such as microwave ovens, cordless phones, and wireless cameras.
Some web sites that have additional WLAN troubleshooting
Note: If you have money you can invest in some very cool wireless tools. Two that come to mind are from Airmagnet at www.airmagnet.con and Fluke at www.fluke.com . They can make installing and troubleshooting a large WLAN much easier.
Work... Some days it's just not worth chewing through the restraints...