The following is the first part of a six-part series on wireless security. Each tip is excerpted from the Cisco Press book, Network Security First-step by Tom M. Thomas. Check back frequently for the next installment, or go to the main series page for all installments.
 |
|
About the book
|
|
With the proliferation of Internet viruses and worms, many people and companies are considering increasing their network security. But first, you need to make sense of the complex world of hackers, viruses, and the tools to combat them. Network Security First-step explains the basics of the core technologies that make up and control network security.
Author Thomas M. Thomas, II, CCNA, CCNP, CCDA, CCIE No. 9360 is a certified Cisco Systems instructor and the founder of NetCerts.com and the Certified Professional Association – Worldwide, an organization designed to bring together the users of Cisco equipment to learn and network. He was previously a course developer and instructor, and has published several titles on Cisco networking. Tom is currently working as a Senior Principle Consultant with Ericsson IP Infrastructure.
|
|
|
Essentials first: Wireless LANs
This chapter discusses the use of Wireless LANs (WLANs), which are roaring into use almost every time you turn around -- from airports, restaurants, and coffee shops, to people's homes. The growth of personal computers in the 1980s led to the creation of LANs and the Internet in the 1990s; this allowed for connections, regardless of geographic location. WLANs are proving to be the next technology growth area for the 2000s. Businesses are, of course, recognizing the benefits of WLANs and deploying them in ever-increasing numbers. Just as businesses were forced to provide security to PCs and the Internet, so too must businesses understand that, despite the productivity and mobility gains they provide, WLANs have associated security risks that must be addressed.
WLANs offer a quick and effective extension of a wired LAN. By simply installing access points to the wired network, personal computers and laptops equipped with wireless LAN cards can connect with the wired network at broadband speeds (or greater) from up to 300 yards away from the wireless access point. This means that computers are no longer tied to the infrastructure of wires -- rather liberating, isn't it?
The majority of WLAN deployments have used a wireless transmission standard known as 802.11b. The IEEE 802.11b standard operates at the radio frequency of 2.4 Ghz -- a frequency that is unregulated by governments. The 802.11b standard offers connectivity speeds of up to 11 Mbps, which provides enough speed to handle large e-mail attachments and run bandwidth-intensive applications like video conferencing. While the 802.11b standard now dominates the wireless LAN market, other variations of the 802.11 standard are being developed, or have already been approved, to handle increased speeds. 802.11g is the latest standard variation, which offers wireless speeds of up to 56 Mbps.
The various wireless standards are targeted to different industry segments as outlined in Tables 8-1 and 8-2.
Table 8-1 802.11a/WLAN Standard Characteristics
| Standard | IEEE 802.11a, WLAN |
|---|
| Frequency wavelength | 5 GHz |
| Data bandwidth | 54 Mbps, 48 Mbps, 36 Mbps, 24 Mbps, 12 Mbps, 6 Mbps |
| Security measures | WEP, OFDM |
| Optimum operating range | 150 ft. indoors, 300 ft. outdoors |
| Best suited for a specific purpose or device type | Roaming laptops in home or business; computers when wiring is inconvenient |
802.11a never took off; however, the recently ratified 802.11g holds some interesting options to include increased speed and security as Table 8-2 documents.
Table 8-2 802.11g/Wi-Fi Standard Characteristics
| Standard | IEEE 802.11g, Wi-Fi |
|---|
| Frequency wavelength | 2.4 GHz |
| Data bandwidth | 54 Mbps, 48 Mbps, 36 Mbps, 24 Mbps, 12 Mbps, 6 Mbps |
| Security measures | WEP, OFDM, AES (in Broadcom 54 g) and possibly WPA/Wi-Fi protected access |
| Optimum operating range | 1000 ft. under ideal conditions; expect more like 150 ft. indoors and 300 ft. outdoors under normal conditions |
| Best suited for a specific purpose or device type | Roaming laptops in home or business; computers when wiring is inconvenient |
Note that when 802.11b clients are granted access to an 802.11g wireless access point, security inevitably must be set (lowered) to allow 802.11b clients on; thanks to WEP and its problems, the entire network is reduced to a lowest common denominator.
What Is Wi-Fi?
The term Wi-Fi (Wireless Fidelity) is often used in discussions of 802.11 networks. Wi-Fi is most certainly the popular marketing word used today when talking about wireless (that is, Wi-Fi hot spots). The term Wi-Fi is fast becoming the common way to describe 802.11 wireless networks; it certainly is much quicker and easier to say, so we let marketing take the credit for making it the mainstream term.
Wi-Fi also refers to certification by the Wi-Fi Alliance, an international nonprofit association of 802.11 product vendors. 802.11 products that receive Wi-Fi certification have been tested and found to be interoperable with other certified products. This means that you can use your Wi-Fi certified product with 802.11 Wi-Fi certified networks, whether they are Apple Computers or Windows-based networks. Although 802.11 products that do not have Wi-Fi certification might work fine with certified devices, the Wi-Fi Certified logo is your assurance of interoperability. You can learn more about the Wi-Fi alliance online at: http://www.weca.net/.
Benefits of Wireless LANs
I had not flown much on airplanes recently, but an important family event -- my brother's wedding -- allowed me the opportunity to fly. Not living near a major airport meant that I had to connect to reach my destination, so I experienced four different airports, each of which offered wireless connectivity to travelers, making layovers in airports a more productive time. Businesses all across the world are using this wireless capability and can easily be enabled for a relatively small financial investment. The benefits of deploying wireless LANs can be summarized as the following:
Attractive price -- Deploying a wireless LAN can be cheaper than a wired LAN because you do not have the need for wires; simply hook up an access point, and it can provide service to multiple computers.
Mobility -- Boost user productivity with the convenience of allowing them to wirelessly connect to the network from any point within range of an access point.
Rapid and flexible deployment -- Quickly extend a wired network with the ease of attaching an access point to a high-speed network connection.
Application agnostic -- As an extension of the wired network, WLANs work with all existing applications. As discussed previously, the standard protocol is TCP/IP, which is supported over all forms of wireless.
Performance -- WLANs offer a high-speed connection that, while equal to Ethernet, is quickly passing it in speed.
The benefits of WLANs are being recognized by individuals and businesses alike; recently the Gartner Group predicted that by 2005, 50 percent of the Fortune 1000 companies will have extensively deployed wireless networks, and that by 2010, the majority of Fortune 2000 companies will depend on wireless technology to meet their business and networking needs.
Wireless Equals Radio Frequency
The first technical concept you need to grasp when discussing what constitutes a threat to a wireless network is that 802.11 networks use radio frequencies to transmit the data back and forth between endpoints, just like the cordless phones or radios you have at home. The key difference is the frequency at which the signals are transmitted.
Radio waves can travel long distances, depending on the frequency being used. Some frequencies can transmit 300–400 feet, requiring little power to do so. Most older technology cordless phones and wireless NICs use the 900-MHz frequency as a carrier wave, which can travel quite a bit farther than most people realize. It is not uncommon for a 900-MHz cordless phone to give a user at least one or two city blocks of use before the handset loses its connection to the base unit. One or two city blocks translates roughly to 400–500 feet.
If your telephone handset can transmit out as far as 500 feet, it means that your wireless connection is capable of similar distances. If you have a Wireless access point (WAP) installed in your office or home, you can bet that people walking by outside are well within its operational envelope. The same holds true if you have a WAP installed in your small office, home office (SOHO) network. If an average WAP is installed in your living room and you live in an apartment complex, you might already be providing Internet service to most of the complex and not even realize it.
Reproduced from the book Network Security First-step, ISBN 1587200996, Copyright 2004, Cisco Systems, Inc. Reproduced by permission of Pearson Education, Inc., 800 East 96th Street, Indianapolis, IN 46240. Written permission from Pearson Education, Inc. is required for all other uses. Visit www.ciscopress.com for a detailed description and to learn how to purchase this title.
