Windows XP Unwired | O'Reilly Media

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

To understand Wireless Networking, there are two things that are fundamental: Transmission Control Protocol/Internet Protocol (TCP/IP) and radio waves. TCP/IP governs how data flows across the Internet, whether it is over a dial-up modem, a cable modem, or a wireless network. Radio waves surround us; some carry useful information, others are just noise. This book is more concerned with the former, but the noise is of interest too, since it can drown out the useful signals. The first half of this chapter explains TCP/IP, and the second discusses radio waves. The rest of this book looks at how the two work together.

Most of the concepts presented in this book require a basic understanding of TCP/IP, the networking standard used by the Internet as well as home or office connections. To understand TCP/IP, you'll need to know how computers identify one another (IP addresses), talk to their immediate neighbors (subnet addressing), and talk to machines on the Internet or other networks (routing).

TCP/IP stands for Transmission Control Protocol/Internet Protocol. It is a set of protocols that enable computers on the network to communicate with one another. (A protocol defines how data is transmitted between computers; if both computers adhere to the same protocol, they can exchange data.)

On a TCP/IP network, each computer (also called a host) has an IP address. An IP address is much like a Social Security number: it uniquely identifies each computer on the network. An IP address has four numbers separated by periods and looks like this: 192.168.1.2. Each number occupies 8 bits (1 byte) and thus can range from 0 to 255 (although there are some combinations that are reserved and have special meanings). Each IP address takes up 4 bytes.

By convention, an IP address contains two components, as shown in Figure 1-1.

Figure 1-1:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Most of the concepts presented in this book require a basic understanding of TCP/IP, the networking standard used by the Internet as well as home or office connections. To understand TCP/IP, you'll need to know how computers identify one another (IP addresses), talk to their immediate neighbors (subnet addressing), and talk to machines on the Internet or other networks (routing).

TCP/IP stands for Transmission Control Protocol/Internet Protocol. It is a set of protocols that enable computers on the network to communicate with one another. (A protocol defines how data is transmitted between computers; if both computers adhere to the same protocol, they can exchange data.)

On a TCP/IP network, each computer (also called a host) has an IP address. An IP address is much like a Social Security number: it uniquely identifies each computer on the network. An IP address has four numbers separated by periods and looks like this: 192.168.1.2. Each number occupies 8 bits (1 byte) and thus can range from 0 to 255 (although there are some combinations that are reserved and have special meanings). Each IP address takes up 4 bytes.

By convention, an IP address contains two components, as shown in Figure 1-1.

Figure 1-1: Components of an IP address

The first is the network number , and the second is the host number . Hosts that are on the same physical network normally share the same network number. There are five classes of IP address, indicated by the value of the first byte of the IP address:

Class A: 0 to 127: Each Class A network supports a maximum of 16,777,214 hosts. Though there are a total of 128 network numbers here, only 125 are usable.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Most of the wireless technologies mentioned in the last section make use of radio waves. Wi-Fi, GPRS, GPS, and Bluetooth all utilize radio waves to transmit signals.

Put simply, a radio wave is an electromagnetic wave. It can propagate through a vacuum, air, liquid, or even solid objects. It can be depicted mathematically as a sinusoidal curve as shown in Figure 1-5.

Figure 1-5: A sine wave representing a radio wave

The distance covered by a complete sine wave (a cycle) is known as the wavelength . The height of the wave is called the amplitude . The number of cycles made in a second is known as the frequency. Frequency is measured in Hertz (Hz), also known as cycles per second. So, a 1 Hz signal makes a full cycle once per second. You should be familiar with this unit of measurement: if your new computer operates at 2 GHz, the internal clock of your CPU generates signals at roughly two billion cycles per second.

Note that frequency is inversely proportional to the wavelength — the longer the wavelength, the lower the frequency; the higher the frequency, the lower the wavelength. The wavelength of a 1 Hz signal is about 30 billion centimeters, which is the distance that light travels in one second. A 1 MHz signal has a wavelength of 300 meters.

The sine wave carries data. To receive the transmission (such as audio or video), a radio wave receiver needs to tune itself to the same frequency as the transmitter. The receiver examines the amplitude or the frequency of the received electromagnetic wave in order to get at the transmitted data.

In the next section, I discuss three ways to carry data using radio waves.

Section 1.2.2.1: Pulse Modulation

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

In 1970, the University of Hawaii created a wireless network called ALOHANET. Since then, wireless networking has come a long way. ALOHANET operated in the UHF range, and reached 4.8 Kbps, at which speed it could take half an hour to download a 1 MB file. Today, wireless LANs use frequencies of 2.4 GHz and 5 GHz, and can reach speeds (after accounting for network overhead) of 20 Mbps, transferring that 1 MB file in a fraction of a second.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Computer networks have traditionally been Ethernet networks, which use Unshielded Twisted Pair (UTP) cables to wire up all the computers participating in a network. However, as users carry portable computers around (or away from) the office and home, common applications such as email, web browsers, and instant messenger demand network access. Short-range wireless networks can meet the demand for network access without the need for cabling in every place someone might use a computer.

Educational institutions are taking a lead in the adoption of wireless networks, particularly in the classroom environment where students are equipped with a notebook computer and need to move from classroom to classroom while maintaining access to the network. Another area where wireless networking is rapidly gaining ground is among home users. As computers get cheaper and more powerful, it is not uncommon for people to have several computers at home. Wiring up the home is usually undesirable, since it involves costly cable-laying and often destroys the aesthetics of the house. With a wireless network, home users can link up all the computers in the house at an affordable price and without laying a single cable.

Behind the conveniences of accessing the network wirelessly is the IEEE 802.11 standard, a physical layer protocol and a data link layer protocol for wireless communication using radio waves. In this chapter, I lay the foundation for understanding and using a wireless network, so that you can learn how to set up and configure your Windows XP computer for wireless access.

The 802.11 wireless standard is a family of specifications for wireless technology. It was (and is still) developed by the Institute of Electrical and Electronics Engineers (IEEE). 802.11 specifies a client communicating over the air with another client (or through a base station). It comprises the following specifications:

802.11: This is the original specification for wireless networks. The 802.11 standard specifies a transmission rate of 1 or 2 Mbps, and it operates over the 2.4 GHz spectrum. It uses either a Frequency Hopping Spread Spectrum (FHSS) or a Direct Sequence Spread Spectrum (DSSS) modulation scheme.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The 802.11 wireless standard is a family of specifications for wireless technology. It was (and is still) developed by the Institute of Electrical and Electronics Engineers (IEEE). 802.11 specifies a client communicating over the air with another client (or through a base station). It comprises the following specifications:

802.11: This is the original specification for wireless networks. The 802.11 standard specifies a transmission rate of 1 or 2 Mbps, and it operates over the 2.4 GHz spectrum. It uses either a Frequency Hopping Spread Spectrum (FHSS) or a Direct Sequence Spread Spectrum (DSSS) modulation scheme.
802.11b: 802.11b is more popularly known as Wi-Fi (Wireless Fidelity). This is an extension of the original 802.11 specification. More significantly, 802.11b operates at a much higher data rate: 11 Mbps. However, it can also fall back to a slower rate of 5.5, 2, or 1 Mbps. 802.11b uses only DSSS. Like the original 802.11 standard, 802.11b operates in the 2.4 GHz spectrum. Most wireless networks deployed at the time of this writing are 802.11b networks.

The term Wi-Fi has now been extended to cover not only 802.11b, but the entire family of 802.11 specifications, such as 802.11a and 802.11g. The Wi-Fi Alliance (http://www.wi-fi.org/), a nonprofit organization formed to promote 802.11 wireless technologies, uses the term Wi-Fi to refer to 802.11a, 802.11b, and 802.11g wireless networks.

802.11a: The 802.11a is a relatively new extension to the 802.11 specification. It addresses the slower data rate of the 802.11 and 802.11b specifications by allowing data rates of up to 54 Mbps. It does not use the FHSS or DSSS encoding scheme, but instead uses the Orthogonal Frequency Division Multiplexing (OFDM) modulation scheme. The most significant point about 802.11a is that it is not compatible with the existing 802.11b networks because it operates in the 5 GHz spectrum.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

In this section, I discuss some of the terminologies that you will often come across when you set up your wireless network.

By default, encryption is not enabled for wireless networks. Encryption is important because malicious hackers equipped with the necessary software can sniff the packets transmitted by the wireless network, thereby compromising your data. Wired Equivalent Privacy (WEP) is a protocol used for encrypting packets on a wireless network. It uses a 64-bit (or 256-bit, depending on the equipment) shared key algorithm. Although it is far from perfect, WEP increases the protection of your data, but in doing so reduces your effective data rates.

Chapter 4 talks about WEP in more detail. More secure techniques used for securing wireless networks such as WPA (Wi-Fi Protected Access) and 802.1X are discussed there.

The Service Set Identifier (SSID) acts as a name for a wireless network. All devices participating in a particular wireless network must specify this SSID. The wireless devices will not be able to participate in this network if the SSID is not specified (or not stated correctly). For example, Linksys products use the default SSID "linksys" (D-Link products use "default"). If you are concerned about unauthorized users connecting to your access point, you should change this to something else and disable SSID broadcast in the access point's configuration (see Chapter 4). This makes it harder for unauthorized users to find your access point. Use WEP, or if your hardware supports it, 802.1X to allow only authorized users to connect.

The 802.11b standard defines 14 channels. A channel is a particular frequency that is selected so that a Wi-Fi adapter and an access point can communicate at an agreed frequency. Table 2-3 list the frequencies of the 14 channels.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Up to this point, I have discussed the various standards in wireless networks, in particular the IEEE 802.11 specifications. All the theoretical discussions are not very exciting unless you get your hands dirty and try to set up a wireless network yourself. In the following sections, I show you how to connect to a wireless network using three different wireless cards and adapters.

Although I demonstrate each example using different hardware from Cisco, D-Link, and Linksys, wireless hardware vendors use the same or similar chipsets in their equipment. So, the installation and configuration procedures will be somewhat similar across different vendors and different product lines from the same vendor. You should still consult the documentation that comes with your hardware before installing anything.

Most wireless cards in the market today use the following chipsets:

Atmel
Broadcom
Lucent Hermes
Intersil PRISM-II and Intersil PRISM-2.5
Symbol Spectrum24
TI wireless

Some newer 802.11g wireless products (such as those from Linksys) use the Broadcom chipset.

Intel's Centrino technology initiative promises smaller laptops with extended battery life and mobile features such as 802.11b networking. For the most part, this means that you're buying a laptop with the Wi-Fi technology embedded deep inside the computer. At the time of this writing, Centrino is 802.11b only, and there is no indication that a Centrino laptop would be upgradeable to 802.11g or 802.11a. So, if you purchase a Centrino laptop, you need to obtain an 802.11a adapter to connect to an 802.11a-only network; you could connect to an 802.11g network, but only at 802.11b speeds. Despite this limitation, a Centrino laptop may be right for you if you're only planning to use 802.11b. For insight on what the bigger picture entails, see Glenn Fleishman's "Centrino: Trojan Horse for Future Cell Data" at

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Now that you have a better understanding of wireless networks and how you can connect to one using your wireless card or adapter, the following chapter discusses how you can find connectivity while on the road. For information on using Wi-Fi securely, see Chapter 4.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

If you set up a wireless network in your home or office, you'll probably spend most of your time on that network. However, when you wander away, your wireless adapter will let you access other networks, so why not take advantage of this? For example, you may be traveling and need to get online at the airport or hotel. In this case, you could connect to a commercial or community wireless network (or a cellular network, as described in Chapter 8).

In this chapter, I discuss some of the commercial and community wireless access providers and how you can use them while on the road. I also show you how to hunt for wireless networks using your existing hardware and some free software. This can come in handy when your travel involves a conference, since many conference organizers have begun to include free Wi-Fi as an added feature for attendees.

As more users equip their portable computers with Wi-Fi, opportunities have emerged for anyone who can bring a DSL line and access point into a public space such as a coffee shop, airport, or public library. Some people will set up an access point and charge by the hour; others will charge nothing, just to attract customers or keep them a little longer; some, such as a library, will set it up to make information more accessible. A venue with this kind of public access point is known as a wireless hotspot. The number of wireless hotspots is growing rapidly. Today, you can easily find wireless hotspots in hotels, airports, coffee shops, and metropolitan areas.

In order to see striking views of wireless hotspots in New York City, see the Public Internet Project's maps at http://publicinternetproject.org/research/moremaps.html. Chapter 9 includes instructions for generating your own such maps.

If you want to know out whether a particular area has a wireless hotspot, you can search for one at the following web sites:

WiFinder: http://www.wifinder.com/search.php

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

As more users equip their portable computers with Wi-Fi, opportunities have emerged for anyone who can bring a DSL line and access point into a public space such as a coffee shop, airport, or public library. Some people will set up an access point and charge by the hour; others will charge nothing, just to attract customers or keep them a little longer; some, such as a library, will set it up to make information more accessible. A venue with this kind of public access point is known as a wireless hotspot. The number of wireless hotspots is growing rapidly. Today, you can easily find wireless hotspots in hotels, airports, coffee shops, and metropolitan areas.

In order to see striking views of wireless hotspots in New York City, see the Public Internet Project's maps at http://publicinternetproject.org/research/moremaps.html. Chapter 9 includes instructions for generating your own such maps.

If you want to know out whether a particular area has a wireless hotspot, you can search for one at the following web sites:

WiFinder: http://www.wifinder.com/search.php
HotSpotList: http://www.hotspotlist.com/
T-Mobile Hotspots: http://www.t-mobile.com/hotspot/
Wi-Fi Zone Finder: http://www.wi-fizone.org/zoneLocator.asp

In the following sections, I discuss some of the wireless hotspots provided by commercial service providers as well as end users and community groups.

Like the conventional Internet Service Provider (ISP), a Wireless Internet Service Provider (WISP) provides Internet access, albeit wirelessly (from the client to the access point). These providers ranges from the big names, such as T-Mobile, WayPort, and Surf and Sip, to the independent wireless operators found in your neighborhood coffee houses and bars.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Finding commercial wireless operators is easy — very often you can identify the signage hanging outside a coffee house or on the walls of a hotel lobby. If not, when you power up your Windows XP computer equipped with a wireless card, it will display a list of wireless networks available. Examining the SSIDs (see Chapter 2 for more information on SSIDs) will often allow you to identify the network operator instantly.

This section focuses on how you can locate wireless networks when on the road. It is useful as a guide to help you look out for wireless networks in places such as hotels, coffee houses, or libraries.

A simple way to discover wireless networks is to perform a site survey with your wireless network card. Doing a site survey is simple using either Windows XP's built-in capabilities or an advanced tool such as NetStumbler.

Check out the utility software bundled with your wireless card. Very often it comes with an application that allows you to perform site surveys.

Section 3.2.1.1: Windows XP

Windows XP's Wireless Zero Configuration feature automatically discovers the available wireless networks in the vicinity (this feature was illustrated in Chapter 2). However, Windows XP does not allow you to see detailed information about the wireless networks, such as the number of access points available or where they are located. If you need the additional information, you should use the more sophisticated (and free) NetStumbler program.

Section 3.2.1.2: NetStumbler

NetStumbler is a free wireless network discovery tool (written by Marius Miner, a San Francisco Bay area software developer) that runs on Windows-based computers. You can use NetStumbler for site surveys, and it is also a useful tool for detecting unauthorized (rogue) access points.

Check out NetStumbler's web site to see if your wireless card is supported. NetStumbler generally works with wireless cards using the Hermes chipset (refer to Chapter 2 for a list of wireless cards using the Hermes chipset). However, some cards that are not supported by NetStumbler (such as those from Cisco and D-Link) work under Windows XP. My Cisco Aironet 350 works well with NetStumbler.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

With no physical boundary, how can wireless networks be secure? Can they be locked down sufficiently to please security-conscious users? Because the initial wireless security standard was fundamentally flawed, the answer is complicated. In this chapter, I explain the security issues inherent in the 802.11 family and the various ways you can secure a wireless network.

Before we start discussing the gory details of Wi-Fi LAN security, let me make one thing clear: Wired Equivalent Privacy (WEP), the security protocol used by most 802.11 networks at the time of this writing, is fundamentally flawed. Though I talk about WEP in much more detail later in this chapter, here is a quick rundown of WEP's flaws:

All users in a wireless network share the same secret key. (And a secret key is no longer a secret if more than one person knows it.)
The implementation of WEP makes it very susceptible to attacks by hackers. It is not a matter of whether it can be cracked, but a matter of how soon. The flaws in WEP have been proven both in theory and practice.

Although WEP has its flaws, it's worth using to discourage unauthorized users from connecting to your access point. If you need stronger security, you have to rely on other techniques to provide it. In the first part of this chapter, I assume that you are connected to a wireless network (with or without WEP), and that you want to securely access the network resources (including something as simple as surfing the Web or reading your email). I discuss three ways in which you can have more secure wireless communications in the list shown next.

Virtual Private Networks (VPN): A VPN allows you to remotely access a private network as though you were connected to it physically. Moreover, the entire communication channel is protected by encryption. So if you are connected to a VPN server wirelessly, the packets transmitted between your computer and the access point are encrypted by the VPN connection, which is much more secure than using WEP.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Before we start discussing the gory details of Wi-Fi LAN security, let me make one thing clear: Wired Equivalent Privacy (WEP), the security protocol used by most 802.11 networks at the time of this writing, is fundamentally flawed. Though I talk about WEP in much more detail later in this chapter, here is a quick rundown of WEP's flaws:

All users in a wireless network share the same secret key. (And a secret key is no longer a secret if more than one person knows it.)
The implementation of WEP makes it very susceptible to attacks by hackers. It is not a matter of whether it can be cracked, but a matter of how soon. The flaws in WEP have been proven both in theory and practice.

Although WEP has its flaws, it's worth using to discourage unauthorized users from connecting to your access point. If you need stronger security, you have to rely on other techniques to provide it. In the first part of this chapter, I assume that you are connected to a wireless network (with or without WEP), and that you want to securely access the network resources (including something as simple as surfing the Web or reading your email). I discuss three ways in which you can have more secure wireless communications in the list shown next.

Virtual Private Networks (VPN): A VPN allows you to remotely access a private network as though you were connected to it physically. Moreover, the entire communication channel is protected by encryption. So if you are connected to a VPN server wirelessly, the packets transmitted between your computer and the access point are encrypted by the VPN connection, which is much more secure than using WEP.
Secure Shell (SSH): SSH lets you initiate a shell session (similar to Telnet) or exchange files with a remote server, with the information exchanges all encrypted. When not using a VPN, SSH is an excellent option for securely connecting to another computer.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Imagine you are out of the office and need to access a printer or file server on the office network. Unless you dial in to the company's server, it is not possible for you to access the resources in the office. Moreover, using a dial-up line is not a cheap alternative (despite the slow speed), especially if you are overseas.

A Virtual Private Network (VPN) allows you to establish a secure, encrypted connection to the office's network, all through a public network such as the Internet. Using a VPN, you can work as though you are connected to your company's network.

There are two main types of VPN:

User-to-Network: This type allows a client to use a VPN to connect to a secure network, such as a corporate intranet.
Network-to-Network: This type connects two networks via a VPN connection. This effectively combines two disparate networks into one, eliminating the need for a Wide Area Network (WAN).

Tunneling is the process of encapsulating packets within other packets to protect their integrity and privacy during transit. A tunnel performs such tasks as encryption, authentication, packet forwarding, and masking of IP private addresses. Figure 4-1 shows a tunnel established between two computers through the Internet. Think of a tunnel as a private link between the two computers: whatever one sends to another is only visible to the other, even though it is sent through a public network like the Internet.

Figure 4-1: A tunnel established between two computers in a VPN

The following section discusses some tunneling protocols available for VPNs.

Section 4.2.1.1: PPTP, L2TP, and IPSec

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

If you need to connect to Unix or Linux servers, you may be familiar with utilities such as Telnet and FTP. Telnet lets you connect to a command prompt on a machine over the network. The FTP utility transfers files between your machine and a remote server.

If you are using either Telnet or FTP to connect to a sensitive server, but you're not also using a VPN, you are probably exposing your password to anyone who can access the network you're connected to (perhaps you're on a public network at a wireless hotspot?), the network where the remote server resides, and any network in between. (Ever wonder what networks sit between you and a remote computer? Use the tracert command at the Windows XP Command Prompt to trace the route between your computer and a remote host, as in tracert www.oreilly.com).

Anonymous FTP, in which you use your email address as a password, is not a concern. This is because, as the name implies, all remote users are treated as anonymous guests, and, if the remote FTP server is configured properly, are accorded no privileges that could be abused.

If the remote server supports it, you can use the Secure Shell (SSH) protocol to work with a remote machine's command prompt (replacing Telnet) or securely transfer files (replacing FTP). SSH Communications Security offers SSH utilities for Windows and other platforms. Open source variants include openssh (http://www.openssh.org), which is included with the Cygwin (http://www.cygwin.com) distribution, a Linux-like environment for Windows. However, since Cygwin has a fairly big footprint, a popular open source alternative is PuTTY, a suite of SSH utilities that fit on a floppy disk.

PuTTY is available from http://www.chiark.greenend.org.uk/~sgtatham/putty/. At a minimum, you should download and install (put the .exe somewhere in your Windows PATH) putty.exe. If you want to perform secure file transfers, download

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

A firewall keeps remote users from connecting to your computer, while letting you connect to remote servers. A Windows XP system includes a number of services, such as file sharing, that a remote attacker can use to access your system. In some cases, flaws in Windows can let a remote attacker gain complete control over your system (this is why it's important to run Windows Update frequently, so that you have the latest security updates).

Most wireless access points that have router capabilities also have built-in firewalls (and the firewall is typically enabled by default). But when you are on the road, you should enable Windows XP's firewall, because other users on the wireless network will be able to access your computer if you don't.

To enable the firewall for your wireless connection:

Open the Network Connections folder (Control Panel → Network and Internet Connections → Network Connections).
Right-click on your wireless connection and select Properties. When the connection Properties dialog appears, select the Advanced tab (Figure 4-17).

Figure 4-17: Enabling Windows XP's firewall
Check the box labeled "Protect my computer and network by limiting or preventing access to this computer from the Internet." This enables the basic firewall functionality.
Click Settings. This brings up the Advanced Settings dialog (Figure 4-18). Use the Services tab to configure the inbound services (such as Remote Desktop) that you want other users to have access to. Use the Security Logging tab to configure how connection attempts and failures are logged. The ICMP tab allows you to enable Internet Control Message Protocol (ICMP) requests, which are employed when remote users apply diagnostic utilities such as

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Now that I have discussed the three ways to secure your wireless connection, I'll dive deep into the details of Wi-Fi security. A secure network should (ideally) have the following:

Authentication: This is the process of verifying the identity of a user and making sure that she is who she claims. When you log in to your Windows computer, you are being authenticated via the username and password. In a Wi-Fi network, authentication comes into play when the access point has to determine whether a machine can connect to it.
Authorization: This is the process of allowing or denying access to a specific resource. You may be authenticated as a user, but you may not be authorized to use certain feature perhaps due to your user role (such as Guest, User, Power User, Administrator). For example, suppose you are at a wireless hotspot and have used up your allotted connection time: the network knows who you are, but won't authorize you to access the Internet until you pay for more minutes.
Confidentiality: This ensures the privacy of information that is being transmitted. Only an authorized party (such as the recipient of an email message) can see the information being transmitted. In a Wi-Fi network, confidentiality is supported by protocols such as WEP, WPA, and 802.1X, which encrypt the data that moves through the air.
Integrity: This ensures that the information that you have transmitted has not been tampered with en route to its destination.

Authentication, authorization, confidentiality, and integrity are also addressed by other systems on your network, just as they are on a wired network:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

One of the problems with wireless security is that you don't need expensive tools to break into a wireless network. All you need in your toolbox is a computer, a wireless card, some suitable software, and perhaps a good antenna for receiving wireless signals.

The following is a list of software that you can use to detect wireless networks, sniff wireless packets in transit, and much more. These tools have numerous legitimate uses, such as detecting unauthorized access points, intrusion detection, network traffic analysis, and debugging networked applications such as a web server.

NetStumbler (http://www.netstumbler.com/): NetStumbler is a free application that allows you to detect the presence of wireless networks. Using NetStumbler, you can obtain information about a particular access point, the SSID used, whether WEP is enabled, and so on. Coupled with a GPS, you can even pinpoint the location of an access point. NetStumbler is often used for Wardriving, site surveys, and detecting rogue access points.
AiroPeek NX (http://www.airopeek.com/): AiroPeek is a wireless LAN analyzer from WildPackets. It is an extremely powerful wireless LAN analyzer that most security professionals use (be forewarned, this package costs $3499!). AiroPeek is able to sniff raw wireless packets transmitted through the air, which is why protecting your wireless network with 802.1X, a VPN, SSH, or even WEP is important. Data packets that are not encrypted can easily be sniffed by AiroPeek.
Ethereal (http://www.ethereal.com/): Ethereal is a free network protocol analyzer for Unix and Windows computers. It is similar to AiroPeek in that it allows you to sniff wireless (and wired) packets in transit. Many network protocols are susceptible to sniffing in this manner. For example, Telnet and FTP both send passwords as plaintext (for secure alternatives, see Section 4.3, earlier in this chapter). Figure 4-36 shows an Ethereal session capturing an FTP password.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

So far you have been learning about how wireless networks work and how to connect to one. In this chapter, I show you how to deploy a wireless network yourself. I illustrate this using two different wireless access points and considering how they might be used in two different environments—one at home and another in the office. Of course, many home users will have needs that are closer to that of an office, and some small offices may have needs closer to that of a home user. For the purposes of these examples, the home environment is assumed to have consumer-level broadband access, while the office environment is assumed to have a more extensive wired network in place.

The cost for setting up a wireless network has, over the years, been lowered substantially. Today, you can easily set up a wireless network at home for about $200. For that amount, you can get a wireless access point, a wireless PC card (for your notebook), and a USB wireless adapter (for your desktop).

In this section, I am assuming you want your wireless users to access the Internet. If your aim is to simply connect two machines wirelessly, you do not need a DSL/ADSL modem and wireless access point. All you need is a wireless adapter or card for each computer. See Section 5.5 later in this chapter.

To set up your own wireless network, you need the following:

A DSL/ADSL or cable modem with an Ethernet connector (you may also have satellite Internet or a T1 line)
A wireless access point with router functionality
A wireless access card or adapter for each machine that wants to get on the wireless network

Some ISPs, in an attempt to discourage multiple computers from sharing the Internet connection, will bundle a USB-port modem when you sign up for the broadband package. In order to connect a router to your ISP, you'll need to purchase a separate modem with an Ethernet port that is compatible with your ISP. Check with your ISP to obtain a list of compatible modems.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The cost for setting up a wireless network has, over the years, been lowered substantially. Today, you can easily set up a wireless network at home for about $200. For that amount, you can get a wireless access point, a wireless PC card (for your notebook), and a USB wireless adapter (for your desktop).

In this section, I am assuming you want your wireless users to access the Internet. If your aim is to simply connect two machines wirelessly, you do not need a DSL/ADSL modem and wireless access point. All you need is a wireless adapter or card for each computer. See Section 5.5 later in this chapter.

To set up your own wireless network, you need the following:

A DSL/ADSL or cable modem with an Ethernet connector (you may also have satellite Internet or a T1 line)
A wireless access point with router functionality
A wireless access card or adapter for each machine that wants to get on the wireless network

Some ISPs, in an attempt to discourage multiple computers from sharing the Internet connection, will bundle a USB-port modem when you sign up for the broadband package. In order to connect a router to your ISP, you'll need to purchase a separate modem with an Ethernet port that is compatible with your ISP. Check with your ISP to obtain a list of compatible modems.

A typical wireless home/office setup is shown in Figure 5-1 (note that the PC with Ethernet connection is optional).

Figure 5-1: Architecture for a wireless network

A wireless access point is a wireless device that routes traffic in a wireless network. It is usually attached to an existing wired network, or to a Wide Area Network (WAN) connection such as a cable or DSL/ADSL modem. Basically, the purpose of the wireless access point is to provide a centralized location for exchanging wireless traffic sent by wireless devices. Wireless access points generally come in two flavors:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Figure 5-13 shows the Motorola SB4200 cable modem popularly used to connect to residential broadband services. Many users have ADSL/DSL modems instead of cable; some users even have satellite Internet access. Regardless of whether you use cable, ADSL/DSL, or satellite, you should have a device (such as the cable modem shown in Figure 5-13) with flashing lights and an Ethernet port that provides you with Internet access. You may have bought this device in a computer store or directly from your ISP, or perhaps you rent it from your ISP.

Figure 5-13: The Motorola SB4200 cable modem

Some ISPs may have supplied you with a device that uses a USB connection to your computer instead of Ethernet, or even a card that was installed inside your computer. To connect your broadband service to a wireless network, you'll need an external device with an Ethernet port. You may need to contact your ISP's technical support, explain what you are trying to do (give them the simplest version of the story: you're trying to connect a wireless access point to your broadband service), and request the correct device. If your ISP refuses to help or doesn't understand your request, it is time to find a new ISP.

A common limit of broadband connections is that only one computer can be connected to the Internet at any one time. As discussed in Chapter 2, there are many ways the ISP can impose the restriction, such as MAC address locking, or issuing a single IP address to the cable modem. So to enable multiple computers to wirelessly access the Internet, you could use a wireless router. (See DHCP and NAT earlier in this chapter for information on how DHCP and NAT features found in wireless routers work around this limitation.) One such wireless router is the Linksys BEFW11S4 802.11b Wireless Access Point with 4-port switch (see Figure 5-14).

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Your office might have a router that allows your computers to access the network and Internet. You would most likely be using DHCP to obtain IP addresses for all the computers. (If your office doesn't have any of this, perhaps you are starting from scratch — in that case, your office will resemble a home network in that your wireless access point is your first foray into networking.) In this section, I discuss the issues involved with adding a wireless network to an office environment using the D-Link DI-714P+ Wireless Access Point as an example.

Be sure to check with your administrator before you connect your access point to your network switch. End users who deploy wireless networks without the permission of the administrator pose a security risk, since wireless networks are generally not adequately protected. These unauthorized access points are known as rogue access points.

Also, do not connect an access point to a hub; connect it to a switch instead. Hubs are broadcast devices, and so all the packets received by a port in a hub will be broadcast to the wireless segment if an access point is connected to a hub.

The D-Link DI-714P+ (see Figure 5-16) is an enhanced 802.11b wireless access point with router functionality. It comes with AirPlus technology that allows up to 22 Mbps of data transfer rate if used together with D-Link's AirPlus wireless card (such as the D-Link DWL-650+). Besides this, it also includes a printer port for connecting a printer, so the access point can also act as a print server.

Figure 5-16: The D-Link DI-714P+ Wireless Router

Figure 5-17 shows the network configuration.

Figure 5-17: The configuration of an office network

As shown in Figure 5-17, the DI-714P+'s WAN port is plugged into the switch. Your desktop systems can be connected either to the switch or the LAN ports of the DI-714P+ (see Figure 5-18).

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

To connect your access point to the Internet, use a straight-through Ethernet cable to plug the access point's WAN port into your cable modem, DSL modem, router, or whatever piece of equipment in your home or office that is responsible for providing Internet access. After you plug it in, turn on the access point's switch (assuming it has one — some access points can only be powered down by unplugging them), and it will power up, perform its initialization, and then request a DHCP address from the cable or DSL modem or router.

You may need to reboot your cable or ADSL/DSL modem in order for the access point to obtain an IP address. This is especially important in cases where the modem was initially connected directly to the PC and may have locked itself to the MAC address of the PC (see Locking MAC Addresses in Chapter 2).

To configure the wireless router, connect your computer to one of the wireless router's LAN ports using a straight-through Ethernet cable (if your computer has an autosensing Ethernet port, you can use either a straight-through or crossover cable). For the Linksys BEFW11S4, load the following URL in your web browser: http://192.168.1.1/. For the D-Link DI-714P+, use http://192.168.0.1/. When prompted for a username and password, use "admin" as your username and leave the password field empty.

The default IP address, username, and password may be different for different access point models and manufacturers. Check your access point manual for the correct defaults.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

So far, we have been talking about wireless networks that involve an access point. While this is primarily the way most wireless networks are constructed and used, there are times where you do not have access to an access point and need to simply connect to another computer wirelessly. This mode of wireless connectivity is known as ad-hoc mode.

To enable two computers to connect wirelessly without using an access point, you would just need a wireless card/adapter on each computer. Then, take the following steps:

Right-click on the Wireless Network connection icon located in the tray and select View Available Wireless Networks. Click on Advanced.
The Wireless Network Connection Properties window will appear (see Figure 5-28).

Figure 5-28: Adding a new wireless network
Click on Advanced. Select the option "Computer-to-computer (ad hoc) networks only" (see Figure 5-29). (To connect to either an access point or another computer directly, select the option "Any available network (access point preferred)".) Click Close.

Figure 5-29: Choosing the type of network access

The change in Step 3 will prevent you from connecting to an access point. When you want to go back to connecting to an access point, return to this dialog and reset it to its original value — the default is "Any available network (access point preferred)"

Click on Add... and give the ad-hoc wireless network an SSID (see Figure 5-30). Check the option "This is a computer-to-computer (ad hoc) network; wireless access points are not used". Click OK. Click OK again to dismiss the Connection Properties dialog.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Content preview·Buy PDF of this chapter|

Table of Contents

Section 1.2.2.1: Pulse Modulation

Section 3.2.1.1: Windows XP

Section 3.2.1.2: NetStumbler

Section 4.2.1.1: PPTP, L2TP, and IPSec