Wireless networking overview
- NETGEAR products conform to the Institute of Electronics Engineers (IEEE).
- 802.11g standard for wireless LANs.
- 802.11 wireless link, data is encoded using direct-sequence spread-spectrum (DSSS) technology, transmitted in the unlicensed radio spectrum at 2.5 GHz.
- 54Mbps is maximum data rate for the 802.11g wireless link, also will automatically back down from 54Mbps when the radio is weak and interference is occur.
- 802.11 standard ( Wireless Ethernet or Wi-Fi ) by the Wireless Ethernet Compatibility Alliance (WECA, see http://www.wi-fi.net), an industry standard group promoting interoperability among 802.11 standard offers two methods for configuring a wireless network- ad hoc infrastructure.
Infrastructure mode
- Wireless access point, the wireless LAN can operate in the infrastructure mode.
- This mode lets you connect wirelessly to wireless network devices within a area of coverage.
- The access point has one or more antennas that allow you to interact with wireless nodes.
- The wireless access point converts airwave data into wired Ethernet data, acting as a bridge between the wireless LAN and wireless clients.
- Connecting multiple access points via a wired Ethernet backbone can further extend the wireless network coverage.
- As a mobile computing device moves out of the range of one access point, it moves into the range of another.
- As a result, wireless clients can freely roam from one access point domain to another and still
maintain seamless network connection.
Ad Hoc mode ( Peer-to-peer Workgroup)
- Computers are brought together as needed.
- The network has no structure or fixed points- each node can be set up to communicate with any other node.
- No access point is involved in this configuration.
- This mode enables you to quickly set up a small wireless workgroup and allows workgroup members to exchange data or share printers as supported by Microsoft® networking in the various Windows® operating systems.
- Some vendors also refer to ad hoc networking as peer-to-peer group networking.
- Network packets are directly sent and received by the intended transmitting
and receiving stations.
- As long as the stations are within range of one another, this is the easiest
and least expensive way to set up a wireless network.
Network name - Extended Service Set Identification (ESSI)
- One of two types of Service Set Identification (SSID).
- In an ad hoc wireless network with no access points, the Basic Service Set Identification
(BSSID) is used.
- In an infrastructure wireless network that includes an access point, the ESSID is used, but may still be referred to as SSID.
- An SSID is a 32-character (maximum) alphanumeric key identifying the name of the wireless local
area network.
- Some vendors refer to the SSID as the network name. For the wireless devices in a
network to communicate with each other, all devices must be configured with the same SSID.
Wireless Channel
- IEEE 802.11g/b wireless nodes communicate with each other using radio frequency signals in the
ISM (Industrial, Scientific, and Medical) band between 2.4 GHz and 2.5 GHz.
- Neighboring channels are 5 MHz apart.
- Due to the spread spectrum effect of the signals, a node sending signals using a particular channel will utilize frequency spectrum 12.5 MHz above and below the center channel frequency.
- Two separate wireless networks using neighboring channels (for example, channel 1 and channel 2) in the same general vicinity will interfere with each other.
- Applying two channels that allow the maximum channel separation will decrease the
amount of channel cross-talk and provide a noticeable performance increase over networks with
minimal channel separation.
- The available channels supported by wireless products in various countries are
different.
• Regulations in the United States prohibit using channels greater than channel 11.
• For NETGEAR products sold outside the United States, the wireless region
selection determines which channels are available for use in the product.
- The preferred channel separation between the channels in neighboring wireless networks is
25 MHz (five channels).
- This means that you can apply up to three different channels within your
wireless network. In the United States, only 11 usable wireless channels are available, so we
recommended that you start using channel 1, grow to use channel 6, and add channel 11 when
necessary, because these three channels do not overlap.
WEP
Wireless Security
-
The absence of a physical connection between nodes
makes the wireless links vulnerable to eavesdropping and information theft.
-
To provide a certain level of security, the IEEE
802.11 standard has defined two types of authentication.:
-
Open
System authentication, a wireless computer can join any network and receive
any messages that are not encrypted.
The following steps occur when two devices
use Open System Authentication:
1. The station sends an authentication
request to the access point.
2.
The access point authenticates the station.
3.
The station associates with the access point and joins the network.
-
Shared Key authentication, only those computers that
possess the correct authentication key can join the network.
The following steps occur when two devices
use Shared Key Authentication:
1. The station sends an authentication
request to the access point.
2. The access point sends challenge text to
the station.
3. The station uses its configured 64-bit
or 128-bit default key to encrypt the challenge text, and it sends the
encrypted text to the access point.
4. The access point decrypts the encrypted
text using its configured WEP key that corresponds to the station’s default
key. The access point compares the decrypted text with the original challenge
text. If the decrypted text matches the original challenge text, then the
access point and the station share the same WEP key, and the access point
authenticates the station.
5. The station connects to the network.
Key Size and Configuration
The IEEE 802.11 standard supports two types of WEP encryption: 40-bit and 128-bit.
- The 64-bit WEP data encryption method allows for a five-character (40-bit) input.
- 24 factory-set bits are added to the forty-bit input to generate a 64-bit encryption key. (The 24 factory set
bits are not user-configurable).
- This encryption key will be used to encrypt/decrypt all data transmitted via the wireless interface.
- Some vendors refer to the 64-bit WEP data encryption as 40-bit WEP data encryption because the user-configurable portion of the encryption key is 40 bits wide.
- The 128-bit WEP data encryption method consists of 104 user-configurable bits.
-Similar to the 40- bit WEP data encryption method, the remaining 24 bits are factory-set and not user-configurable.
- Some vendors allow pass phrases to be entered instead of the cryptic hexadecimal characters to
ease encryption key entry.
- The 128-bit encryption is stronger than 40-bit encryption, but 128-bit encryption may not be
available outside the United States due to U.S. export regulations.
- When configured for 40-bit encryption, 802.11 products typically support up to four WEP keys.
- Each 40-bit WEP key is expressed as five sets of two hexadecimal digits (0–9 and A–F). For
example, “12 34 56 78 90” is a 40-bit WEP key.
- When configured for 128-bit encryption, 802.11g products typically support four WEP keys, but
some manufacturers support only one 128-bit key.
- The 128-bit WEP Key is expressed as 13 sets of two hexadecimal digits (0–9 and A–F). For example, “12 34 56 78 90 AB CD EF 12 34 56 78 90” is a 128-bit WEP key.
- Typically, 802.11 access points can store up to four 128-bit WEP keys, but some 802.11 client
adapters can only store one.
- Make sure that your 802.11 access and client adapters configurations match.
-Whatever keys you enter for an access point, you must also enter the same keys for the client
adapter in the same order.
How to Use WEP Parameters
- WEP data encryption is used when the wireless devices are configured to operate in Shared Key authentication mode.
- Before enabling WEP on an 802.11 network, you must first consider what type of encryption you require and the key size you want to use.
-There are three WEP Encryption options available for 802.11 products:
• Do Not Use WEP: The 802.11 network does not encrypt data. For authentication purposes, the network uses Open System Authentication.
• Use WEP for Encryption: A transmitting 802.11 device encrypts the data portion of every packet it sends using a configured WEP key. The receiving 802.11g device decrypts the data using the same WEP key. For authentication purposes, the 802.11g network uses Open System Authentication.
• Use WEP for Authentication and Encryption: A transmitting 802.11 device encrypts the data portion of every packet it sends using a configured WEP key. The receiving 802.11 device
decrypts the data using the same WEP key. For authentication purposes, the 802.11 network uses Shared Key Authentication.
WPA Wireless Security
-Wi-Fi Protected Access (WPA) is a specification of standards-based, interoperable security enhancements that increase the level of data protection and access control for existing and future wireless LAN systems.
- WPA offers the following benefits:
• Enhanced data privacy
• Robust key management
• Data origin authentication
• Data integrity protection
How Does WPA Compare to WEP?
- WEP is a data encryption method and is not intended as a user authentication mechanism.
- WPA user authentication is implemented using 802.1x and the Extensible Authentication Protocol (EAP).
- Support for 802.1x authentication is required in WPA.
- In the 802.11 standard, 802.1x authentication was optional. Refer to IETF RFC 2284.
- With 802.11 WEP, all access points and client wireless adapters on a particular wireless LAN must use the same encryption key.
- A major problem with the 802.11 standard is that the keys are
cumbersome to change.
- If you do not update the WEP keys often, an unauthorized person with a sniffing tool can monitor your network for less than a day and decode the encrypted messages.
- Products based on the 802.11 standard alone offer system administrators no effective method to update the keys.
- For 802.11, WEP encryption is optional. For WPA, encryption using Temporal Key Integrity
- Protocol (TKIP) is required. TKIP replaces WEP with a new encryption algorithm that is stronger than the WEP algorithm, but that uses the calculation facilities present on existing wireless devices to perform encryption operations.
- TKIP provides important data encryption enhancements
including a per-packet key mixing function, a message integrity check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism.
- Through these enhancements, TKIP addresses all known WEP vulnerabilities.
How Does WPA Compare to IEEE 802.11i?
- WPA is forward-compatible with the IEEE 802.11i security specification currently under development.
- WPA is a subset of the current 802.11i draft and uses certain pieces of the 802.11i draft that were ready to bring to market in 2003, such as 802.1x and TKIP.
- The main pieces of the 802.11i draft that are not included in WPA are secure IBSS (Ad-Hoc mode), secure fast handoff
(for specialized 802.11 VoIP phones), as well as enhanced encryption protocols such as AESCCMP.
- These features are either not yet ready for market or will require hardware upgrades to implement.
What are the Key Features of WPA Security?
The following security features are included in the WPA standard:
• WPA Authentication.
• WPA Encryption Key Management.
– Temporal Key Integrity Protocol (TKIP).
– Michael message integrity code (MIC).
– AES Support.
• Support for a Mixture of WPA and WEP Wireless Clients.
Definition: 802.11a wireless network communication standard. One of the IEEE standards in the 802.11 series.
802.11a and wireless Interference
- 802.11a transmit radio signals in the frequency range above 5 GHz, a part of wireless spectrum regulated in many countries.
- Regulation means 802.11a gear generally avoids signal interference from other consumer wireless products like cordless phones.
- In contrast, 802.11b/g utilizes frequencies inthe unregulated 2.4 GHz range and is more susceptible to radio interference from other devices
Range of 802.11a networks
- Helps improve network performance and reduce interference the range of an 802.11a signal is limited by use of the high 5 GHz frequency.
- An 802.11a access point transmitter may cover less than one-fourth the area of a comparable 802.11 b/g unit.
- Brick walls and other obstructions affect 802.11a wireless networks to a greater degree than they do comparable 802.11b/g networks.