The .NET Platform
Development Tools
COM & COM+
Data Access
Web Development
XML Technologies
Windows Servers
Wireless & Mobile
Security issues
Design & Process
Career Development
Analysis & Comment
Disposable Objects
We found this book useful!
You are not logged in: login here to access all areas.
Introduction to wireless networking
All you need to know about 802.11 wireless networking by Tiho Vukasinovic, Service Delivery Director for Avanade UK and Ireland.
Author: Tiho Vukasinovic
Last updated: Nov 2002
I've always been attracted to wireless devices. As a kid I remember begging
my parents over and over again for a radio controlled car. They resisted
the thought for years, but finally I got one. At home I programmed a Philips
6-in-1 remote control to combine the multitude of zappers for my hi-fi
equipment, and I recently purchased radio controlled power switches for
in-house lighting. No wonder I'm a big fan of wireless networking! How It Works Contrary to the peer networking scenario where you need a PC to host
a wireless networking card, an access point is a self-contained device
that acts as a hub and is capable of communicating with many wireless
networking cards at the same time. Access points offer useful features
such as scalability and roaming user support: in other words, you can
add access points as needed to serve more users, and roaming users don't
get disconnected from the network when they are transferred from one access
point to another as they move around. Read on before you run off and purchase an access point with your extended
benefits budget, though. Many vendors realized that the high cost of access
points was preventing the adoption of wireless networking for home networks.
Lucent was one of the first to market a so called residential gateway
- a scaled down version of their access point designed specifically for
use at home. Since then many companies have followed this example. Similar to an access point, a residential gateway is a small box that
operates as soon as you plug it into a power outlet. It doesn't support
as many simultaneous connections, nor does it support roaming, but it
does have an embedded operating system and software that allows you to
share your modem, ADSL or cable Internet connection over the air simply
by plugging in the cable and running a configuration wizard on your computer. If you are installing a wireless network, be sure to verify the communication
speeds from different spots. You can ensure cards communicate at full
speed by positioning your access point(s) wisely. Vendors also sell repeaters,
external antennas and powerful building-to-building transceivers to bridge
long distances. Interoperability Wireless Privacy Support in Windows XP Windows XP automatically discovers wireless networks by polling or listening
to beaconing signals. It tries to configure your wireless card automatically
using the Wireless Zero Configuration service, remembering the configuration
for each wireless networking environment and automatically switching to
the right one for your location. Microsoft has worked with the IEEE, networking vendors and others to
define the IEEE 802.1x standard, which offers security beyond that provided
by WEP. Network devices such as Ethernet switches and access points that
support IEEE 802.1x can use a RADIUS server for authenticating user credentials
before machines are granted access to the network. Access to the wireless
network can be prevented if the authentication process fails. Windows 2000’s ability to detect a network and to
refresh network parameters such as the IP address have been enhanced in
Windows XP to support the transitional nature of a wireless network. The
media sense capability that is used to control network stack configuration
and inform the user of network availability in Windows XP automatically
forces re-authentication when a move to a new access point is detected.
When an IP subnet change is detected, a new IP address is obtained and
additional reconfiguration is performed, including updating Quality of
Service reservations and proxy settings. When multiple networks are available you can configure a preferred network
order. Windows XP will poll each network in your preferred order until
it finds one that is active. You can also opt to connect only to configured,
preferred networks and not to automatically detected ones. If 802.1x security
is enforced then Windows XP’s Zero Configuration Service is intelligent
enough to try other available networks if client authentication fails.
If no wireless networks are found, Windows XP will configure your wireless
network card to use 'ad hoc' networking mode, and you have the option
to disable or force this behaviour. The Future
I live in an old house and I'm planning
a home renovation project. When my stock options have nested long enough
I'll tear down the inner walls and rebuild the place from scratch, throwing
in some CAT5e cabling while I’m at it. In the meantime I’ve
had to find a way to link my computers together and share my Internet
connection without drilling holes or carving walls. Furthermore, I’ve
wanted to be able to roam around the house, taking my portable out on
the terrace to enjoy the little sunshine we get in our country.
Around the time I was doing this
the 802.11b wireless networking protocol matured, and equipment cost had
come down significantly. Several companies started to promote products
for home use so I decided to compare their offerings. I’ll start
off explaining some wireless networking concepts before I dig into the
arguments on which I based my choice.
Wireless network cards usually come in the form of PC Cards that
you slide into the PC Card socket of a portable computer. Most vendors
sell 'PCI to PC Card' adapters for installation in desktop computers so
that you can use the PC Cards in non-portable equipment as well.
However, a wireless network card
is worthless without a service that is willing to communicate with it.
Here you have two options: either you get a second wireless network card,
if the vendor supports 'ad hoc' or peer networking; or you buy an access
point.
In peer networking mode, you need a computer
to host the second wireless card and to share your Internet connection
using the Internet Connection Sharing (ICS) feature in Windows Me, 2000
or XP. You can continue to use the same computer for other tasks, but
you'll need to leave it powered on all the time if you want wireless network
access readily available. Some vendors don’t state explicitly that
they support peer networking, so be sure to verify this. Scalability is
limited since you can’t link many cards together in this mode, and
you don’t have roaming user support either (I’ll explain this
concept in a minute).
Figure 1: Peer Networking
Figure 2: Access Points
Figure 3: Residential Gateway Scenario
In addition to good price/performance,
peer networking mode and 802.11b protocol support (which I cover in more
detail below) I recommend you look for residential gateways when you are
evaluating products for small scale implementations.
The Need for Speed
Today’s wireless products communicate at a maximum speed
of 11 Megabits per second on a single channel in the 2.4 Ghz frequency
band. A channel is typically shared by multiple wireless network cards,
and just like traditional Ethernet, the available bandwidth drops as more
parties participate in the conversation. Furthermore you can only use
up to about 60% of the available bandwidth as after that things start
to get ugly due to congestion. The bottom line is that devices in a wireless
workgroup share a bandwidth equal to 825 kilobytes per second.
Even though most vendors don’t
impose a limit on the number of participants in a wireless workgroup,
and access points can cover 5,000 square meters each, in practice you
can only hook up some 30 users to each access transceiver (most access
points allow you to install a second transceiver in the form of a PC Card
to double its capacity) and around 10 users to residential gateway. A
shared wireless card in peer networking mode usually supports no more
than 6 or 7 nodes. Exactly how many users a wireless workgroup can accommodate
really depends on their activity: watching a video stream eats more bandwidth
than reading email or browsing an intranet.
Wireless network cards communicate
in the 2.4 Gigahertz frequency band and can do so at different speeds.
In open environments with no physical obstructions between the antennas,
the device automatically selects the best data rate for the radio connection.
If you move too far away from an access point, signal quality goes down,
and in the absence of an alternative such as another closer access point,
wireless network cards will automatically slow down their communication
speed to 5.5, 2 or 1 Mbps.
In theory, the maximum distances
between two wireless devices are 160 meters at 11 Mbps, 270 meters at
5.5 Mbps, 400 meters at 2 Mbps and 550 meters at 1 Mbps. The reality is
very different because the range of your wireless devices is seriously
affected when antennas are placed near metal surfaces and solid high-density
materials, or when the radio signal is absorbed by obstacles or objects
such as walls and windows. In areas with floor to ceiling walls, the range
can decrease down to 15% on its maximum value very easily.
Figure 4: Range versus Speed
Some wireless products achieve higher
throughput than others, but this comes at a price and often means you
have to buy all your wireless equipment from the same company.
Last but not least, you don't want
your wireless access card to drain the batteries of your portable computer
too fast. Different cards have different power consumption levels. Fortunately
most cards have doze modes that consume less power during periods of inactivity,
e.g. 9 mA instead of 250 mA. Take a close look at a card's specifications
before you buy it!
The adoption of a new technology is largely driven by the ability
of the industry to agree on standards, and wireless networking is no exception.
By adhering to standards, companies allow their customers to mix and match
products from different vendors. This results in faster and widespread
use of the technology.
At the time I purchased my equipment
the wireless networking standard was 802.11b, as specified by the IEEE
(Institute of Electrical and Electronics Engineers). To promote and market
interoperability between wireless products, the Wireless Ethernet Compatibility
Alliance (WECA) has come up with the Wi-Fi compatibility trademark. Products
that carry the Wi-Fi logo have been tested to comply with IEEE 802.11b
to assure buyers of their interoperability.
Wireless networks carry a huge security risk since data that
is transmitted over the air can easily be picked up by outsiders. A while
ago I plugged in my wireless network card when we moved into our new offices.
Although we didn't have a wireless network installed at the time, the
card picked up beaconing signals from an access point in the local area
and I was assigned an IP address on another company’s network!
The Wired Equivalent Privacy (WEP)
security mechanism in IEEE 802.11b defines a secret key encryption method
to make data in the air unreadable for outsiders, but it does not define
how the secret keys are to be distributed to the client and to the Access
Point nodes. In practice, the secret key will either be stored on the
network card or entered manually by a user or administrator on the systems
in a wireless workgroup. This is very inconvenient and carries a huge
security risk since keys are easily exposed and often remain unchanged
due to the effort it takes to change them.
Participation in a wireless workgroup
requires knowledge of the workgroup’s name or SSID (security set
identifier), however this SSID is transmitted in plain text as part of
the beaconing frames sent out by access points to announce their presence.
Furthermore, most vendors don’t turn on WEP by default, which explains
why it’s so easy to tap into wireless networks. After all, any employee
can easily buy a wireless card or access point and share it or plug it
into a network socket, opening up the company’s network wirelessly
for anyone who wants to peek inside.
Several companies now sell tools that detect
wireless devices by sniffing the packets in the air. This allows corporate
IT personnel to discover security vulnerabilities caused by rogue wireless
devices before they are exploited.
If you think you’re safe because
you have dutifully enabled WEP security and configured secret encryption
keys, then think again. Last year researchers at the University of California
at Berkeley found security holes in the Wired Equivalent Privacy algorithm,
and top cryptographers at the Weitzmann Institute and Cisco Systems discovered
a vulnerability that allows an eavesdropper to capture a small amount
of data and crack the secret key in less than an hour using standard hardware
and publicly available number crunching software.
This latest security breach has rendered
WEP basically useless. In their defence, wireless equipment vendors have
always emphasised that WEP should not be used by itself to protect data
but should be augmented with extra layers of security such as VPN or IPSEC.
In practice, however, users don’t make this additional effort and
simply use WLAN equipment in its default, unsafe configuration.
Several efforts are underway to plug
these security holes. The IEEE has recently come up with 802.1x, a draft
standard to ensure the privacy of wirelessly transmitted data. The benefits
of this port-based security mechanism are that it provides authenticated
network access through Remote Authentication Dial-In User Service (RADIUS),
and that it supports automatic distribution and renewal of encryption
keys; two features not supported in a standard Wi-Fi network today.
Additionally, IEEE is working on
802.11i, a framework in which mutual authentication and encryption schemes
can be negotiated between the client and the access point. IEEE 802.1x
can be seen as a subset of 802.11i, but the latter also standardizes the
encryption method and provides a broader set of authentication mechanisms
to choose from. It is unclear when the 802.11i group will propose a solution
to the main IEEE committee.
WEP2, another proposed standard,
is likely to be short lived since it is just as vulnerable to the recently
devised attack as the current WEP scheme.
Working with Windows XP is a real treat in wireless network environments.
As well as automatically detecting and supplying drivers for many wireless
network cards, Windows XP addresses one of the most challenging problems
of wireless computing: seamless roaming.
Let’s take the scenario of
a user who has a wireless network at home and a wireless network with
multiple access points at the office. Assume this user takes the plane
to visit another company that offers wireless networking for its visitors.
As the user roams around, his wireless network card needs to register
with access points at home, at the office, at the airport and at his destination.
During his itinerary the user will cross subnet boundaries and realms
of administrative control, so each new association with an access point
could require a new network name (SSID), new WEP security keys or IEEE
802.1x authentication, a new IP address, re-authentication with different
user credentials, new proxy settings, and more. Configuration becomes
a real challenge for the user if the operating system on his wireless
network station is not self-configuring.
Figure 5: Network Stack Configuration
Figure 6: Wireless Security Configuration
The IEEE 802.1x protocol takes advantage
of the widespread and growing use of RADIUS. When a RADIUS client (in
this case an access point) queries a local RADIUS server, perhaps at an
airport, the server can either query a local database or forward the authentication
request to another RADIUS server for validation, perhaps at the user’s
company or ISP. Service providers at public locations can tap into the
existing RADIUS infrastructure when offering wireless access, allowing
centralized authentication and accounting. This new security scheme is
fully supported in Windows XP and the new version of Internet Authentication
Server (IAS) which is Microsoft’s implementation of RADIUS.
Figure 7: Wireless Network Detection
Figure 8: Available Wireless Networks
Figure 9: Connection Status
Figure 10: Available and Preferred Wireless Networks
Figure 11: Wireless Network Access Settings
While 11 Mbps may seem fast, wireless networks based on 802.11
do have their limitations. I weekly back up my portable computer to my
home machine. I have tried transfering the 7.5 Gb backup file over the
air, but it took so much time that I reverted to a wired 100 Mbps link
for the job. Video is taking more and more bandwidth both at home and
in office environments, and current wireless networks have a hard time
dealing with that too.
Several efforts are underway to address
these issues. Devices based on IEEE 802.11a have recently become available.
This is an updated version of wireless Ethernet capable of transferring
data at 54 megabits per second. WECA, the Wireless Ethernet Compatibility
Alliance, will announce a new compatibility trademark for 802.11a gear
to ensure and market interoperability, just as it did with Wi-Fi.
The problem with IEEE 802.11a is
that it operates in the 5 Ghz frequency band and so is not compatible
with the existing 802.11b Wi-Fi products which operate at 2.4 Ghz. Some
vendors are planning dual frequency access points to cope with this situation
but it is likely to cause frustration, especially for roaming users.
Adding to the confusion is the upcoming
IEEE 802.11g protocol which will boast speeds of approximately 50 megabits
per second while sharing the 2.4 Ghz radio spectrum currently used by
802.11b, Bluetooth (a personal wireless local area network standard) and
other wireless devices such as phones and pagers. Equipment based on this
protocol is a while away, largely because Texas Instruments and Intersil
are each pushing different techniques for transmitting data in 802.11g,
so the promise of backwards compatibility with existing wireless devices
and infrastructure is likely to stall corporate plans for wireless networks
until the dust has settled.
Whatever standard comes out as the
winner, the industry expects it is likely to be the home users who will
drive the future wireless market. Speeds of around 50 megabits per second
are fast enough to make wireless home entertainment centers a reality,
with video servers sending programs digitally and over the air to multiple
flat panel screens in your home. I can hardly wait!
Just for Geeks?
Is all this wireless stuff just for geeks? I don't think so. Let
me give you a couple of examples that helped me realize the benefits of
wireless networking:
Click here for our Privacy Statement. Copyright © Matt Publishing. All rights reserved. No part of this site may be reproduced without the prior consent of the copyright holder.
