1.  Today’s networks are no longer limited to using cabled, or wired, devices.  Today’s networks have a mix of wired systems along with wireless systems that use radio frequencies to send data to a wireless access point.  The wireless access point may have a connection to the wired network, allowing the wireless devices to communicate with the entire network.

2.  Wireless network uses radio frequencies to transmit data through the air.  This means that if you have a laptop user who wishes to be mobile within the office, you can allow her to access the network through a wireless access point as long as she has a wireless network card in her laptop.  There are two types of wireless networks you can create: an ad hoc mode wireless network or an infrastructure mode wireless network.  Each of these is known as a wireless mode, and each has its advantages.

3.  With ad hoc mode the wireless device, such as a laptop, is connected to other wireless devices in a peer-to-peer environment without the need for a wireless access point.  With infrastructure mode, the wireless clients are connected to a central device, known as a wireless access point.  The wireless client sends data to the access point, which then sends the data on to the destination (as shown in Figure 7-2).  The wireless client can access network resources on the wired network once connected to the access point because the access point has a connection to the wired network.

4.  The advantage of ad hoc mode is that you don’t need to purchase the access point, but the benefit of infrastructure mode is that when you use the wireless access point you get to control who can connect to the wireless network and filter out types of network traffic.  For example, if you use a wireless access point to allow wireless clients to connect to the Internet, you can control which web sites the users can connect to.  This type of centralized control makes infrastructure mode extremely popular.

6.  Standards  The IEEE committee has developed wireless standards in the 802 project models for wireless networking.  Wireless is defined by the 802.11 project model and has several standards defined.  802.11a  The 802.11a wireless standard is an older one that runs at the 5 GHz frequency.  802.11a devices can transmit data at 54 Mbps and are incompatible with 802.11b and 802.11g devices.

7.  802.11b  The 802.11b wireless standard has a transfer rate of 11 Mbps while using a frequency of 2.4 GHz.  These devices are compatible with 802.11g/n devices because they run at the same frequency and follow the WiFi standard.  802.11g  The 802.11g wireless standard is a newer one that was designed to be compatible with 802.11b but also increases the transfer rate.  The transfer rate of 802.11g devices is 54 Mbps using a frequency of 2.4 GHz.  All 802.11g devices are compatible with 802.11b/n devices because they all follow the WiFi standard and run at the same frequency of 2.4 GHz.

8.  802.11n  The 802.11n wireless standard is a new one that is scheduled to be finalized in December 2009.  The goal of 802.11n is to increase the transfer rate beyond what current standards such as 802.11g support.  802.11n will supposedly support transfer rates up to 600 Mbps!  To help accomplish this, 802.11n uses two new features: multiple input multiple output (MIMO) and channel bonding.

9.  MIMO is the use of multiple antennas to achieve more throughput than can be accomplished with only a single antenna.  Channel bonding allows 802.11n to transmit data over two channels to achieve more throughput.  802.11n is designed to be backward compatible with 802.11a, 802.11b, and 802.11g and can run at the 2.4 GHz or 5 GHz frequency.

10.  It is important to note that 802.11a was an early implementation of wireless networking and is not compatible with the Wi-Fi networks.  As an example of the compatibility, my wireless network at my home has an access point that is an 802.11g device, but one of my old laptops has an 802.11b wireless network card.  I am still able to have my old laptop communicate on the network because the two standards are 100 percent compatible with one another.  In this example, the laptop with the 802.11b card only connects at 11 Mbps, while my new laptop with 802.11g card is connecting at 54 Mbps.

11.  Wireless networks today are called WiFi, which stands for wireless fidelity.  802.11b, 802.11g, and 802.11n are all part of the WiFi standard and as a result are compatible with one another.  Wireless transmission speeds decrease as your distance increases from the wireless access point.

13.  Channels  It was stated that 802.11b/g/n all run at the 2.4 GHz frequency, but it is important to understand that 2.4 GHz is a frequency range.  Each frequency in the range is known as a channel.  Most wireless devices allow you to specify which channel you would like to use.  The reason this is important is that if you find that you are having trouble with your wireless network failing a lot, then it could be that the wireless devices are conflicting, or interfering with other wireless devices in your area.

14.  Remember when troubleshooting wireless networks that you could be getting interference from other wireless devices and household devices running on the same channel.  As a fix, experiment by changing the channel used by your wireless network to reduce the amount of interference received.  Adjacent channels have overlapping frequencies and will interfere with one another, so changing from channel 2 to channel 1 will not solve interference problems, but changing from channel 2 to channel 6 might.

16.  Authentication and Encryption  A number of wireless authentication and encryption protocols have been developed over the years.  The purpose of these protocols is to help secure your wireless network, and you should consider them for implementation on your wireless network.

17.  WEP  Wired Equivalent Privacy (WEP) was designed to give the wireless world a level of security that could equate to what the wired networking world has.  In the wired world, someone would have to be in your office to connect a cable to your network, but with wireless networking this is not the case.  Someone could sit outside your building in a parked car and connect to your wireless network.

18.  To configure your wireless network with WEP, you simply specify a shared key, or passphrase, on the wireless access point.  The theory is that if anyone wants to connect to your wireless network, he needs to know the shared key and configure his workstation with that key.  When you configure the shared key on the access point and client, any data sent between the client and the access point is encrypted with WEP.

19.  This will prevent unauthorized individuals from capturing data in transit and being able to read the data.  It is important to understand that there were huge flaws in how WEP implemented its encryption and key usage, and as a result both 64-bit and 128-bit WEP have been cracked.  For security reasons, you should not use WEP unless you have older access points that do not support WPA or WPA2.

20.  WPA  WiFi Protected Access (WPA) was designed to improve upon security and fix some of the flaws found in WEP.  WPA uses a 128-bit key and the Temporal Key Integrity Protocol (TKIP), which is a protocol that is used to change the keys used for encryption for every packet that is sent.  This will make it much harder for hackers to crack the key, which is very easy to do with WEP.

21.  WPA  WiFi Protected Access (WPA) was designed to improve upon security and fix some of the flaws found in WEP.  WPA uses a 128-bit key and the Temporal Key Integrity Protocol (TKIP), which is a protocol that is used to change the keys used for encryption for every packet that is sent.  This will make it much harder for hackers to crack the key, which is very easy to do with WEP.  WPA had a number of other improvements over WEP; for example, it has improved integrity checking and it supports authentication using the Extensible Authentication Protocol (EAP), a very secure authentication protocol.

22.  WPA operates in two different modes, WPA- Personal and WPA-Enterprise.  WPA-Personal is also known as WPA-PSK, which means WPA preshared key.  With WPA-Personal you will configure the access point with a starting key value, known as the preshared key, which is then used to encrypt the traffic.  This mode is used most by home users and small businesses

23.  WPA-Enterprise, also known as WPA-802.1x, is a WPA implementation that uses a central authentication server such as a RADIUS server for authentication and auditing features.  WPA-Enterprise is used by larger companies so that they can use their existing authentication server to control who has access to the wireless network and to log network access.

24.  WPA2  WPA2 improves upon the security of WPA and should be used instead of WPA if you have the choice.  WPA2 uses the Advanced Encryption Standard (AES) protocol instead of TKIP and also supports a number of additional features such as added protection for ad hoc networks and key caching.  Because WPA2 uses AES as its encryption protocol it supports 128-bit, 192-bit, or 256- bit encryption.

25.  There are a number of different techniques that you can use to prevent unauthorized persons from connecting to your wireless network.  You may want to implement some or all of these features.  To help secure your wireless infrastructure, you should consider changing settings on the router such as the admin password, the SSID, and MAC filtering, to name a few.

26.  Change Admin Password  The first thing you should do when you take the wireless router out of the box and plug it in is change the admin password.  The admin password is needed to connect to the web administration pages and change the settings of the router.  All routers have a default admin password, so you want to be sure to change the password from the default.  Figure 7-3 displays how to change the admin password on a D-Link router by going to the Tools link at the top and then choosing the Admin link on the left.

28.  Service Set Identifier (SSID)  The Service Set Identifier (SSID) is a name that you give the wireless network, and in order for someone to connect to your wireless network, that person needs to know the SSID.  Any client who wishes to connect to your wireless network will need to specify the SSID name in their wireless network card settings.  It is important that you change the SSID from the default so that anyone wishing to connect to your wireless network would need to know the name, or SSID.

29.  The problem is that wireless routers are configured to advertise this SSID automatically; so even if you change the SSID to something hard to guess, the router advertises the name out.  To fix this, you should configure your router to not advertise the SSID.  This will prevent the Windows users from displaying a list of wireless networks and having your network display in the list.  You can use a tool such as NetStumbler to do a wireless survey to get a list of wireless networks that are close to you.

31.  MAC Address Filtering  Most wireless networks allow you to limit which wireless network cards can connect to the wireless access point.  You can limit systems that can connect to your wireless network by finding out the MAC addresses of the systems you want to allow to connect and then configuring the router to deny traffic from all systems except the MAC addresses you input (see Figure 7-6). This is known as MAC address filtering

32.  By default, wireless access points are not configured for MAC address filtering, so you want to make sure that you configure it.  Be aware that MAC filtering by itself will not keep the determined hacker out.  A determined hacker can monitor traffic in the air, see the MAC address of an authorized client, and then spoof that address so that the hacker’s traffic is allowed

33.  Encrypt Wireless Traffic  The other point to make about using WEP or WPA is that not only does it encrypt your traffic but anyone who wishes to connect to your wireless network must know the key and input the key into their wireless card configuration.  This helps ensure that people not authorized to use the wireless network cannot connect to the wireless network.

34.  VPN Solutions  Most companies have security concerns with using wireless, and for good reason.  Hackers can bypass the MAC filtering, they can crack the WEP key, and they can use Kismet to discover wireless networks even when SSID broadcasting is disabled— so how do you ensure the security of the wireless network?  Most large companies that are using wireless and have security needs of the utmost importance are using VPN solutions with their wireless clients.

35.  In a typical VPN solution for wireless clients, the wireless client would first connect to the wireless network.  The wireless network may have some of the security precautions we discussed implemented, such as SSID broadcasting disabled, WEP/WPA, or MAC filtering.  The bottom line is if an authorized wireless client connects to the wireless network, that is not where the company network is.  After connecting to the wireless network and getting an IP address, the wireless client will then VPN into the network with the VPN software.

36.  Configuring the Access Point  When you take the wireless access point, or router, out of the box, you will first connect your Internet modem to the WAN port on the wireless router.  You can then connect any wired systems on the network to any of the four ports that exist on the switch part of the router as shown in Figure 7-7.  Once you have everything connected, and the router has power, you will need to go through some basic configuration steps to ensure the security of the device.

38.  Admin Password  The first thing you will want to do is change the wireless router’s administrative password.  This password is set by default by the manufacturer, and anyone who has the same router will know the password.  In order to change the admin password, you will need to start a web browser and type the IP address of the wireless router.  The IP address is normally 192.168.1.1 or 192.168.0.1, depending on the manufacturer.

39.  Service Set Identifier  After changing your router admin password, you will want to change the name of the wireless network, known as the SSID.  Remember that in order to connect to your wireless network, clients have to know the value of the SSID.  To change the SSID on the D-Link router, click the Setup link at the top of the page and then choose the Wireless Settings link on the left.  You can then choose to configure the wireless network settings manually by scrolling to the bottom of the page and choosing the Manual Wireless Network Setup button.

40.  Wireless Security  As part of securing a wireless router, the first thing you may decide to do is to disable the wireless aspect of the router if you are not using wireless.  A number of people purchase the wireless router and don’t actually have any wireless clients at the time— the best thing to do in this case is disable wireless functionality until you need it.  Most wireless routers will allow you to configure WEP or WPA to encrypt traffic between the client and wireless access point.  Also remember that the WEP or WPA key must be inputted at the client in order for the client to connect to the wireless network.

41.  Controlling Internet Sites  Most wireless routers today allow you to control Internet activity such as what times of the day the Internet is allowed to be used and what Internet sites are allowed to be visited.  There are a number of sites that you may want to block so that your users cannot visit the site.  It may be something as simple as a small company using the wireless router not wanting its employees wasting company time on a site such as facebook.com, or you may want to block inappropriate sites.

42.  View Web Activity  Once you have enabled logging of web activity, you will want to check the logs once in a while.  Most routers allow you to view a list of sites that your users have been visiting, or in the case of the D-Link DIR-615 router you can have the log e-mailed to you if you configure the e-mail settings.  To view the log on the router, go to the Status link at the top of the page and then click the Log link on the left.

43.  Configuring the Client  In order to connect the wireless clients to the network, you want to ensure you have the following information before you get started:  SSID Name Because you have most likely disabled SSID broadcasting, you will need to know the SSID so that you can manually input it into the client.  WEP or WPA Key If you have protected the wireless network with WEP or WPA, you will need to know the key.  MAC Address of Client If you are filtering by MAC addresses, you will need to know the MAC of your client and then input that MAC address into the router.

44.  When troubleshooting why a client will not connect to wireless networks, there are a number of issues to consider.  The following is a list of popular problems when connecting to wireless:  Interference You could be getting interference from other home equipment, such as a cordless phone. Try changing the channel on the Wireless network.  Incorrect encryption You could be using the wrong encryption type or even the wrong encryption key. Verify all encryption settings.  Incorrect channel or frequency You could be using the wrong channel to connect to the wireless network. Verify the channel settings.

45.  Extended Service Set ID (ESSID) mismatch ESSID is another name for SSID. You must input the correct ESSID name in order to connect to the wireless network.  Standard mismatch (802.11a/b/g/n) Be sure that the wireless device you are using is compatible with the wireless network.  Distance and bounce If you are too far from the wireless network, you may not have a strong enough signal to connect. Try moving closer to the access point.  Incorrect antenna placement Be sure to place the antenna in an open area that will get the best coverage. Try placing it up high, such as on a bookshelf

46.  Infrared  Infrared devices contain a transceiver that sends and receives light signals as on-off patterns to create the data that travels at transfer rates up to 4 Mbps. Because line of sight is required, you may need to use a radio frequency solution such as Bluetooth if line of sight becomes an issue.  Bluetooth  Bluetooth is a radio frequency wireless technology that allows systems to connect to peripherals over a distance of up to 10 meters away  Bluetooth is more flexible than infrared because it will automatically connect to other Bluetooth devices and does not depend on line of sight.

47.  Bluetooth is less susceptible to interference because it uses spread-spectrum frequency hopping, which means that it can hop between any of 79 frequencies in the 2.4 GHz range.  Bluetooth hops between frequencies 1600 times per second and provides a transfer rate of up to 1 Mbps.  Bluetooth is a popular technology with handheld devices such as PDAs and cell phones.  Bluetooth is popular with these devices so that users can use their wireless headsets with their cell phones and talk “hands free.”

48.  There are huge security risks with Bluetooth, as it is possible for a hacker to connect to your cell phone remotely via Bluetooth and steal data off your phone.  Disable Bluetooth If you are not using the Bluetooth feature on your phone, then disable Bluetooth through the phone’s menu system.  Phone Visibility If you are using Bluetooth, then set the phone’s visibility setting to invisible so that hackers cannot pick up on your phone with a Bluetooth scanner.  Pair Security Ensure you are using a Bluetooth phone that uses pair security, which allows people to connect to your phone only if they know the PIN code you have set on the phone.