Wireless Networking - Promised LAN Computing, Inc.
Download
Report
Transcript Wireless Networking - Promised LAN Computing, Inc.
Wireless Networking
What is 802.11?
What is Wi-Fi?
What should I buy?
How do I set it up?
Basics
We'll start with a few WiFi basics. A wireless network uses radio
waves, just like cell phones, televisions, and radios do. In fact,
communication across a wireless network is a lot like two-way
radio communication.
A computer's wireless adapter translates data into a radio signal
and transmits it using an antenna.
A wireless router receives the signal and decodes it. It sends
the information to the Internet using a physical, wired Ethernet
connection.
The process also works in reverse, with the router receiving
information from the Internet, translating it into a radio signal and
sending it to the computer's wireless adapter.
“Wi-fi” Radios
The radios used for WiFi communication are very
similar to the radios used for walkie-talkies, cell
phones and other devices. They can transmit and
receive radio waves, and they can convert 1s and
0s into radio waves and convert the radio waves
back into 1s and 0s. But WiFi radios have a few
notable differences from other radios:
They transmit at frequencies of 2.4 GHz or 5GHz.
This frequency is considerably higher than the
frequencies used for cell phones, walkie-talkies and
televisions. The higher frequency allows the signal
to carry more data. 5GHz does not penetrate walls
and other objects as easily as 2.4GHz.
“Flavors” of Wi-Fi
Uses 802.11 networking standards, which come in several
flavors:
802.11b was the first version to reach the marketplace. It's the
slowest and least expensive standard, and it's becoming less
common as faster standards become less expensive. 802.11b
transmits in the 2.4 GHz frequency band. It can handle up to 11
megabits of data per second, and it uses CCK coding.
802.11g also transmits at 2.4 GHz, but it's a lot faster than
802.11b - it can handle up to 54 megabits of data per second.
802.11g is faster because it uses a more efficient coding
technique.
802.11a transmits at 5GHz and can move up to 54 megabits of
data per second. It also and uses OFDM coding. Newer
standards, like 802.11n, can be even faster than 802.11g.
However, the 802.11n standard isn't yet final.
What is a “hotspot”
“Hotspots” are areas that are served by Wi-fi
networks. They may be open to the public,
open to paid subscribers, or private systems.
There are laws against unauthorized
connection to private systems (and attempts
to defraud paid subscriber systems).
We’ll get to making your own private hotspot
a bit later.
“Modes” of Wi-fi
Wi-Fi network devices can be operated in one of the two
available “modes.”
Ad-Hoc mode – this is used when there is no “central” device.
For instance, it can be used to set up several notebook
computers on a peer-to-peer network with each other. Ad-hoc
mode does NOT have a wired connection, it only uses the
wireless connections.
Infrastructure mode – this mode is selected in the case where
both a wired network and wireless network are connected (such
as for your connection to the Internet). Both wireless devices
(such as your moving notebook) and wired devices (such as a
desktop computer hooked up with CAT5 cable to the router, or
the WAN connection to the Internet) are supported.
Connecting up to hotspots
Most new laptops and many new desktop computers come with
built-in wireless transmitters. If your laptop doesn't, you can buy
a wireless adapter that plugs into the PC card slot or USB port.
Desktop computers can use USB adapters, or you can buy an
adapter that plugs into the PCI slot inside the computer's case.
Many of these adapters can use more than one 802.11 standard.
Once you've installed your wireless adapter and the drivers that
allow it to operate, your computer should be able to automatically
discover existing networks. This means that when you turn your
computer on in a WiFi hotspot, the computer will inform you that
the network exists and ask whether you want to connect to it. If
you have an older computer, you may need to use a software
program to detect and connect to a wireless network.
Windows XP – add SP 2
If you are running XP or XP SP1, you should update to SP2 (for
security reasons and for wireless networking).
Built-in support for Wi-Fi Protected Access (WPA) Windows XP
SP2 includes WPA support. If your wireless network adapter and
its driver support WPA, you can configure WPA authentication
and encryption options from the properties of a wireless network.
Wireless Provisioning Services (WPS) WPS is a set of wireless
client extensions that allow for a consistent and automated
configuration process.
The Wireless Network Setup Wizard steps you through the
configuration of wireless network settings and then writes that
configuration to a Universal Serial Bus (USB) flash drive, which
you can then use to configure other wireless devices.
Access Points & Routers
If you already have several computers networked in your home, you
can create a wireless network with a wireless access point. If you
have several computers that are not networked, or if you want to
replace your Ethernet network, you'll need a wireless router. This is a
single unit that contains:
A port to connect to your cable or DSL modem
A router
An Ethernet hub or (more commonly) an Ethernet switch
A firewall
A wireless access point
A wireless router allows you to use wireless signals or Ethernet cables
to connect your computers to one another, to a network-capable printer
and to the Internet. Most routers provide coverage for about 100 feet
(30.5 meters) in all directions, although walls and doors can block the
signal. If your home is very large, you can buy inexpensive range
extenders or repeaters to increase your router's range.
Which one should I buy?
Corporations which already have networking of their
workstations, with switches, firewalls, and
connections to the Internet already established tend
to use Access Points, which only have a single
connection (to the existing network). Most Access
Points also require that some device existing on the
network provide an IP address for the Access Point,
although some Access Points can be configured
with a fixed IP address on their own.
Which one - continued
Wireless Routers were designed to put all
the pieces in a single box. Generally the
pieces (such as the firewall and the switch)
are less capable than the devices used by a
corporation on the company network.
Wireless Routers do work well for home and
home-office users. Note that one may wish to
add additional firewall capability (or a larger
switch)
Ok on the Router – What kind?
As with wireless adapters, many routers can
use more than one 802.11 standard. 802.11b
routers are slightly less expensive, but they're
slower than 802.11a or 802.11g routers. Most
people select the 802.11g option for its speed
and reliability. 802.11a are used mostly in a
corporate setting. 802.11n still does not have
final standards set, so purchase now could
result in obsolete equipment later.
Ok – what brand?
There are lots of good brands (and some real duds) available. I
personally like Linksys. NetGear is popular, Intel and Motorola.
Some DSL suppliers will include a wireless router in their
package for your home when you rent your Internet connection
from them.
Consider purchasing a wireless Internet router of the same brand
as at least one of your wireless network adapters. The benefit is
a small one, but sometimes vendors will optimize communication
protocols of their own equipment; you may see slightly higher
performance. Vendors may also more thoroughly test
compatibility with their own equipment. If you don't own any
adapters (or newer laptops with built-in wireless), consider
purchasing all of your WiFi gear together from the same
manufacturer.
How fast do I need?
First, how many computers are in your home
network? Wireless speed ratings are like
estimated gas mileage. Speed is shared
among all devices. Speed also drops rapidly
with lower signal strength.
How fast is your Internet connection? If you
use wireless mostly to surf with your
notebook, and you are on cable or DSL, even
the older “b” system (11 mHz) is faster than
your Internet connection.
Can I just plug it in and use it?
Well, yes you CAN, but you shouldn’t. Even if
you know and use all the tricks to secure your
network, a real uber-hacker can probably get
in. But if you don’t secure your network –
ANYONE can get in – including the lowlife
that downloads child porn through your
network, and the FBI traces it to YOUR IP
address. “Got some ‘splaining to do!”
Basics of securing the Wi-Fi
Once you plug in your router, it should start working at its default
settings (it is possible that your Internet connection may require
you to put in a user name and password for the Internet to work,
but the local network will work immediately). Most routers let you
use a Web interface to change your settings. You can select:
The name of the network, known as its service set identifier
(SSID) -- The default setting is usually the manufacturer's name.
“Hide” the SSID or display it.
The channel that the router uses -- Most routers use channel 6
by default. If you live in an apartment and your neighbors are
also using channel 6, you may experience interference.
Switching to a different channel should eliminate the problem.
Your router's security options -- Many routers use a standard,
publicly-available sign-on, so it's a good idea to set your own
username and password.
Should I hide the SSID?
Wireless access points (APs) of a non-broadcast or hidden wireless
network do not broadcast their Service Set Identifier (SSID). Microsoft®
recommends against their use, and the support for non-broadcast
networks in Microsoft Windows®.
A non-broadcast network is not undetectable. Non-broadcast networks
are advertised in the probe requests sent out by wireless clients and in
the responses to the probe requests sent by wireless APs. Unlike
broadcast networks, wireless clients running Windows XP with Service
Pack 2 or Windows Server® 2003 with Service Pack 1 that are
configured to connect to non-broadcast networks are constantly
disclosing the SSID of those networks, even when those networks
are not in range.
A Windows XP or Windows Server 2003-based wireless client can
inadvertently aid malicious users, who can detect the wireless network
SSID from the wireless client that is attempting to connect. Software
that can be downloaded for free from the Internet leverages these
information disclosures and targets non-broadcast networks.
Security types
Wired Equivalency Privacy (WEP) uses 64-bit or 128-bit
encryption. 128-bit encryption is the more secure option. Anyone
who wants to use a WEP-enabled network has to know the WEP
key, which is usually a numerical password.
WiFi Protected Access (WPA) is a step up from WEP and is now
part of the 802.11i wireless network security protocol. It uses
temporal key integrity protocol encryption. As with WEP, WPA
security involves signing on with a password. Most public
hotspots are either open or use WPA or 128-bit WEP technology.
A newer version (WPA-2) is more secure.
There are other types, these are the most common that are
applicable to home or small office use.
More on security types
WEP can be fairly easily cracked. WPA is more secure, and the
newer WPA-2 is yet more secure. However, a lot of older network
cards (or if you are using an older operating system than
Windows XP) will not work with later security.
An ADDED layer of security can be established beyond
encryption by filtering for specific MAC addresses
Yet another layer of security can be established by NOT using
DHCP to assign network addresses to the workstations and other
devices. Use a non-default IP range, and manually assign IP
addresses to each device, turn OFF the DHCP server on the
LAN side of the Wireless Router.
MAC addresses
Every single Ethernet network device that is made to
standards has its own individual “MAC” (media
access control) address. Supposedly, no two
devices world-wide have the same address (as with
any finite system, eventually enough devices will be
made that the address pool is exceeded)
A MAC address is in “hexadecimal” code, a
numbering system based on 16 instead of 10 (like
humans count). Since we didn’t bother to have extra
numbers above 10, the letters A through F are used
for 11 to 15 (like all computer numbers, we start with
zero instead of one).
More on MAC addresses
A MAC address looks like this:
00-30-12-34-56-AB
The first four numbers identify the
manufacturer. The above indicates a device
made by Broadcom. The remaining eight
numbers are individual serial numbers issued
by that manufacturer.
Why do I care? (explained next)
How I can use MAC addresses
Media Access Control (MAC) address filtering is a
little different from WEP or WPA. It doesn't use a
password to authenticate users - it uses a
computer's physical hardware. MAC address
filtering allows only machines with specific MAC
addresses to access the network. You must specify
which addresses are allowed when you set up your
router. This method is very secure, but if you buy a
new computer or if visitors to your home want to use
your network, you'll need to add the new machines'
MAC addresses to the list of approved addresses.
How do I find out the MAC?
Many devices indicate it somewhere with a
sticker, either on the device or on the original
box.
If it is a computer network connection, Start –
Run – cmd. Use the command prompt box,
type in “ipconfig /all | more” (without the “”)
The MAC address is shown as “Physical
Address” If it doesn’t show on the first
screen, hit the space bar to see more.
Best security
For best security, use WPA-2 or WPA
encryption AND use the MAC address
filtering AND also turn off LAN DHCP and set
IP Addresses manually, using a non-default
IP address range.
Potential problems – older cards, older
Operating Systems, and even older routers
do not always work well with MAC address
filtering (or even with better encryption)
Installing the router
This example is specific to the popular Linksys WRT-54G,
although the things needed are the same for most routers, the
specific method of implementation varies.
Linksys includes a CD which will go out on your network and
FIND the router. This is generally easier than reading the whole
book to find out what the default IP address is, then connecting.
The setup will walk you through the steps to configure to default
settings. It will NOT take you through modifying the settings to
secure the router.
If you mess up, most all routers have a method of restoring them
completely to the original factory settings. Linksys and others
also provide a way of copying the settings to a computer
readable file so that settings can be reestablished.
Linksys WEP54G ports
WAN
-------LAN------
power
Connections
A network cable should go between the WAN port
and the cable or DSL modem.
Network cables should go between as many of the
LAN ports and wired computers, printers, or other
devices.
The power supply plugs into the power socket.
The two antennas fasten to the antenna connections
(shipped connected).
Note the small button to the lower left of the WAN
port – this is the “reset” button.
The upcoming slides
The next slides discuss configuration.
Although taken from a Linksys manual, the
things needing doing are the same for all the
routers, but the exact location and what the
item is named may vary.
After the slides, if there is sufficient time, a
live connection to a router will be established
using Internet Explorer, and some of these
things will be visible at that time.
Configure with the browser
There are seven main tabs: Setup, Wireless, Security, Access
Restrictions, Applications & Gaming, Administration, and Status.
Additional tabs will be available after you click one of the main
tabs.
To access the Web-based Utility, launch Internet Explorer or
Netscape Navigator, and enter the Router’s default IP address,
192.168.1.1, in the Address field. Then press Enter.
A password request page will appear.
Leave the User Name field blank. The first time you open the
Web-based Utility, use the default password admin. (You can set
a new password from the Administration tab’s Management
screen.) Then click the OK button.
Configure Internet – the WAN
Internet Setup
The Internet Setup section configures the Router to your Internet connection.
Most of this information can be obtained through your ISP.
Internet Connection Type Choose the type of Internet connection your ISP
provides from the drop-down menu.
• DHCP. By default, the Router’s Internet Connection Type is set to Automatic
Configuration - DHCP, which should be kept only if your ISP supports DHCP or
you are connecting through a dynamic IP address.
• Static IP. If you are required to use a permanent IP address to connect to the
Internet, select Static IP.
Internet IP Address. This is the Router’s IP address, when seen from the
Internet. Your ISP will provide you with the IP Address you need to specify here.
Subnet Mask. This is the Router’s Subnet Mask, as seen by users on the
Internet (including your ISP). Your ISP will provide you with the Subnet Mask.
Gateway. Your ISP will provide you with the Gateway Address, which is the ISP
server’s IP address.
DNS. Your ISP will provide you with at least one DNS (Domain Name System)
Server IP Address.
Configure Internet continued
• PPPoE. Some DSL-based ISPs use PPPoE (Point-to-Point Protocol
over Ethernet) to establish Internet connections. If you are connected to
the Internet through a DSL line, check with your ISP to see if they use
PPPoE. If they do, you will have to enable PPPoE.
User Name and Password. Enter the User Name and Password
provided by your ISP. (for PPPoE).
Connect on Demand: Max Idle Time. You can configure the Router to
cut the Internet connection after it has been inactive for a specified
period of time (Max Idle Time). If your Internet connection has been
terminated due to inactivity, Connect on Demand enables the Router to
automatically re-establish your connection as soon as you attempt to
access the Internet again.
Keep Alive Option: Redial Period. If you select this option, the Router
will periodically check your Internet connection. If you are disconnected,
then the Router will automatically re-establish your connection. The
default Redial Period is 30 seconds.
Configure Internet – WAN MAC
The Setup Tab - MAC Address Clone
A MAC address is a 12-digit code assigned to a unique piece of
hardware for identification. Some ISPs will require you to register a
MAC address in order to access the Internet. If you do not wish to reregister the MAC address with your ISP, you may assign the MAC
address you have currently registered with your ISP to the Router with
the MAC Address Clone feature.
Enable/Disable. To have the MAC Address cloned, click the radio
button beside Enable.
User Defined Entry. Enter the MAC Address registered with your ISP
here.
Clone Your PC’s MAC Address. Clicking this button will clone the
MAC address.
Change these settings as described here and click the Save Settings
button to apply your changes or Cancel
Changes to cancel your changes
Configure Wireless - SSID
The Wireless Tab - Basic Wireless Settings
The basic settings for wireless networking are set on this screen.
Wireless Network Name (SSID). The SSID is the network name shared among
all devices in a wireless network. The SSID must be identical for all devices in
the wireless network. It is case-sensitive and must not exceed 32 characters
(use any of the characters on the keyboard). For security, you should change
the default SSID (linksys) to a unique name.
Wireless Channel. Select the appropriate channel from the list provided to
correspond with your network settings. All devices in your wireless network must
be broadcast on the same channel in order to function correctly.
Wireless SSID Broadcast. When wireless clients survey the local area for
wireless networks to associate with, they will detect the SSID broadcast by the
Router. To broadcast the Router's SSID, keep the default setting,
Enable. If you do not want to broadcast the Router's SSID, then select Disable.
Change these settings as described here and click the Save Settings button to
apply your changes or Cancel Changes to cancel your changes.
Configure Wireless - Channel
It is not a good idea to leave the router on the
default channel 6 (since all the people who
leave their network wide open will be on the
default channel) 6 is default for “G” systems
1 or 11 is as far away from 6 as you can get
in a “G” system.
Configure Wireless - Security
The Wireless Tab - Wireless Security
The Wireless Security settings configure the security of your wireless network.
There are four wireless security mode options supported by the Router.
WPA Personal. WPA gives you two encryption methods, TKIP and AES, with
dynamic encryption keys. Select the type of algorithm, TKIP or AES. Enter a
WPA Shared Key of 8-63 characters. Then enter a Group Key Renewal period,
which instructs the Router how often it should change the encryption keys.
WPA2 Personal. WPA2 gives you two encryption methods, TKIP and AES, with
dynamic encryption keys. Select the type of algorithm, AES, or TKIP + AES.
Enter a WPA Shared Key of 8-63 characters. Then enter a Group Key Renewal
period, which instructs the Router how often it should change the encryption
keys.
WEP. WEP is a basic encryption method, which is not as secure as WPA. To
use WEP, select a Default Transmit Key (choose which Key to use), and a level
of WEP encryption, 64 bits 10 hex digits or 128 bits 26 hex digits. Then either
generate a WEP key using the Passphrase or enter the WEP key manually.
Some Additional Settings
You can set the router to only be on at certain times. For instance, if
your small business is only open from 8:00am to 5:00pm, Monday
through Friday, you can set the router to turn off the wireless
automatically outside these times. The LAN will remain on.
Firewall – the built-in firewall is not absolutely secure, but it is helpful.
However, it can be turned off, and various settings can be changed.
Don’t forget to change the Administrator password on the router. The
default passwords are widely known.
Firmware updates – Many of these companies make updates available,
usually to cure some deficiency or bug in the unit as shipped. The
manufacturer’s web site will usually have the updates available. (Many
Linux based units also will accept third party firmware which may have
features not available with factory firmware – but no warranty).
Configuration management – allows backup of all the router’s settings
to a file stored on your PC.
Live Demonstration
The router connected to the notebook will not
be connected to anything else, but allows
looking at the screens to see the settings.
This router has some problems (dead WAN
port), but there is enough functionality to use
in the demo.
Question and Answer session
?????????????????
After all this, if it still seems like voodoo, and
you just don’t feel comfortable in setting it up,
but you want a wireless connection
(next slide)
Promised LAN Computing, Inc.
4703 Carolina Avenue
Trent Woods, NC 28562
(252) 636-0407
Jim Cason
Email: [email protected]
Web: http://www.promlancomp.com