Tutorials for IEEE 802.11

IEEE	IEEE P802.11, The Working Group for Wireless LANs , IEEE 802.11 Tutorials, IEEE 802.11 Documentation Get IEEE 802 IEEE 802 standards are now available at no charge in PDF format...
802.11 Planet	802.11 vs. 3G Once upon a time, you could hardly open a business magazine without finding a feature that praised 3G wireless telephony as the answer to mobile Internet needs. That was venture capital then. This is fiscally strapped now. In theory, 3G wireless networks are capable of throughput up to 384Kbps, which still puts them at the bottom end of 802.11b's range...
CNN	What is a wireless LAN? A wireless LAN (WLAN) is a local area network (LAN) without wires. WLANs have been around for more than a decade, but are just beginning to gain momentum because of falling costs and improved standards. WLANs transfer data through the air using radio frequencies instead of cables.
Computer.org	A Short Tutorial on Wireless LANs and IEEE 802.11 Mobile IP, IEEE 802.11 Architectures, IEEE 802.11 Layers...
CSD	Troubleshooting WLAN Radio Designs (8/02) Optimizing 802.11b radio architectures can be a challenging task for today's system designers. This two-part series diagnose/correct problems in the transmit and receive portions of a radio design.
Helsinki University of Technology	IEEE 802.11 Wireless LAN This document introduces the IEEE standard 802.11 for Wireless Local Area Network. The document also makes a comparison to GSM cellular network, where the cell size could be much larger. The paper discusses the basis outlining the network planning process, such as frequency, scale of mobility, transmission capacity needs and population variation. Finally the total network planning process of a cellular network is introduced. The question is how does the use of unlicensed frequency band affect the WLAN network planning. Finally the study suggest what are the relevant requirements for wireless communication with short range mobility. It also suggests what GSM planning criteria can be omitted in the WLAN environment. Introduction, The Standards, Basis for the Network Planning Process, Network Planning Process, Conclusion, References, Further Information...
PC Magazine	Home Networking 101 (4/03) An introductory look at home networking including IEEE 802.11b. Extending the Reach of the Wireless LAN (11/02) Today, when you set up a wireless network using a single 802.11b access point, you're lucky if it has a range of 300 feet. And at about 100 feet, its speed begins to drop. If you wish to improve its range, you have to setup another antenna. Come this spring, all of this may change. Vivato, a new networking company based in San Francisco, has announced a line of Wi-Fi switches that, it claims, can extend the range of your wireless network to several kilometers.
Spread Spectrum Scene Online	Tutorial on 802.11 standard (PDF)
Tutorial Reports	Introduction to Wireless LAN (WiFi) and IEEE 802.11 A comprehensive description of the WiFi (IEEE 802.11) wireless networking technologies. Includes information on Architecture, Standards (802.11b, 802.11a & 802.11g), Security and Comparisons with other technologies.
Wireless LAN Alliance (WLANA)	IEEE 802.11 Standard Introduction, How it Will Be Used in End Applications, The Standards Committee, Physical Layer Implementation Choices, Infra-Red Physical Layer, The MAC Layer, What the Future Holds, Compliance.
Wireless Networking	Introduction to Wireless LAN and IEEE 802.11 A comprehensive description of the Wifi (IEEE 802.11) wireless networking technologies. Includes information on Architecture, Standards (802.11b, 802.11a & 802.11g), Security and Comparison with other technologies.
ZDNet	At last, real wireless LAN security Introducing 802.1x and EAP (9/02) After the IEEE recognized the shortcomings of WEP and 802.11, it quickly came up with the 802.1x and EAP solution. A standard for Port Based Access Control for both wired and wireless networking, 802.1x in itself does not make wireless networking secure. However, combine 802.1x with the Extensible Authentication Protocol (EAP) standard, and the gold standard in wireless network security is born; it's now possible to resolve WEP's biggest liability: static user and session keys.

How to Build a Wireless Home Network - Tutorial

This tutorial will guide you through the process of planning, building, and testing a wireless home network. Although mainstream wireless networking has made amazing strides in the past few years, wireless technology and terminology remains a bit difficult for most of us to comprehend. This same guide will help small business networkers, too!

You can build any typical wireless home network, a wireless LAN (WLAN), using this simple three-step approach:

1. Identify the WLAN design that's best for your situation 2. Choose good wireless gear 3. Install gear and test the configured WLAN

In subsequent pages, I break down each of these steps in more detail.

Ready to Go Wireless?

This article assumes you've already made an informed decision to go wireless rather than build a traditional cabled network. Though prices have dropped dramatically from a few years ago, when wireless gear was quite expensive, wireless networks still aren't for everyone (yet). Unsure that wireless will really meet your needs? Use the following supplementary article to help you choose wisely:

• Wired vs wireless - building the right home network

Benefits of Wireless

Wireless offers tangible benefits over traditional wired networking. Ever tried to quickly look up a recipe on the Net while cooking in the kitchen? Do the kids need a networked computer in their bedroom for school projects? Have you dreamed of sending email, instant messaging, or playing games while relaxing on your outdoor patio? These are just some of the things wireless can do for you:

• Why build a wireless home network?

Next Stop - Terminology

The field of computer networking once sat squarely in the domain of techies. Equipment manufacturers, service providers, and "experts" that study the field of networking tend to go quite heavy on technical jargon. The wireless networking industry is gradually improving on this legacy, making products more consumer-friendly and easier to integrate into the home. But there is still much work for the industry to do. Let's take a quick look at the common jargon of wireless home networking and what it all means.
When researching wireless equipment to buy, or talking about wireless networking with friends and family, you should have a solid understanding of this basic terminology.

What is a WLAN?

We've already said that a WLAN is a "typical" wireless home network. That's because a WLAN is a wireless LAN, and a LAN is a related group of networked computers situated in close physical proximity to each other. LANs can be found in many homes, schools, and businesses. Though it's technically possible to have more than one LAN in your home, few do this in practice. In this tutorial, we explain how to build a single standard WLAN for your home.

What is Wi-Fi?

Wi-Fi is an industry name used to market wireless networking products. You'll find a black-and-white Wi-Fi logo or certification emblem on virtually any new wireless equipment you buy. Technically speaking, Wi-Fi signifies conformance to the 802.11 family of wireless communication standards (described below). But because all mainstream wireless home network gear uses the 802.11 standards today, basically the term "Wi-Fi" merely distinguishes wireless equipment from other network gear.

• More about Wi-Fi

What is 802.11a/802.11b/802.11g?

802.11a, 802.11b, and 802.11g represent three popular wireless communication standards. Wireless networks can be built using any of the three, but 802.11a is less compatible with the others and tends to be a more expensive option implemented only by larger businesses. Use the supplemental article below to help you pick 802.11 standard(s) for your wireless LAN.

• Choosing among 802.11a, 802.11b, and 802.11g wireless

What are WEP and Wardriving?

The security of wireless home and small business networks remains a concern for many. Just like we use radio or television receivers to tune into station broadcasts, it's almost as easy to pick up signals from a nearby wireless home network. Sure, credit card transactions on the Web may be secure, but imagine your neighbors spying on every email and instant message you send! A few years ago, some techies popularized the practice of wardriving to raise awareness of this vulnerability in WLANs. With the help of cheap, home-made equipment, "wardrivers" walked or motored through neighborhoods snooping the wireless network traffic emanating from nearby homes. Some wardrivers even logged their computers onto unsuspecting people's home WLANs, essentially stealing free computer resources and Internet access.
WEP is an important feature of wireless networks designed to improve security. WEP scrambles (technically speaking, encrypts) network traffic mathematically so that other computers can understand it, but humans cannot read it. WEP helps protect your WLAN from wardrivers and nosy neighbors, and today, all popular wireless equipment supports it. Because WEP is a feature that can be turned "on" or "off," you'll simply need to ensure it is configured properly when setting up your network.

Next - Types of Wireless Equipment

The five types of equipment found in wireless home networks are:

• wireless network adapters
• wireless access points
• wireless routers
• add-on wireless antennas
• wireless signal boosters

Some of this equipment is optional depending on your home network configuration. Let's examine each piece in turn.

The building blocks of a wireless LAN are network adapters, access points, wireless routers, add-on wireless antennas and signal boosters. Of these, only network adapters are truly required to build a wireless home network. However, many wireless LANs also utilize some of the other equipment, as explained below.

Wireless Network Adapters

Each computer you wish to connect to a WLAN must possess a wireless network adapter. Wireless adapters are sometimes also called NICs, short for Network Interface Cards. Wireless adapters for desktop computers are often small PCI cards or sometimes card-like USB adapters. Wireless adapters for notebook computers resemble a thick credit card (see Page 1 sidebar for illustration). Nowadays, though, an increasing number of wireless adapters are not cards but rather small chips embedded inside notebook or handheld computers. Wireless network adapters contain a radio transmitter and receiver (transceiver). Wireless transceivers send and receive messages, translating, formatting, and generally organizing the flow of information between the computer and the network. Determining how many wireless network adapters you need to buy is the first critical step in building your home network. Check the technical specifications of your computers if you're unsure whether they contain built-in wireless adapter chips.

Wireless Access Points

A wireless access point serves as the central WLAN communication station. In fact, they are sometimes called "base stations." Access points are thin, lightweight boxes with a series of LED lights on the face (see Page 1 sidebar for illustration). Access points join a wireless LAN to a pre-existing wired Ethernet network. Home networkers typically install an access point when they already own a broadband router and want to add wireless computers to their current setup. You must use either an access point or a wireless router (described below) to implement "hybrid" wired/wireless home networking. Otherwise, you probably don't need an access point.
Many access point products are available on the market; see the following supplementary article for some good examples:

• Best 802.11b wireless access points for home

Wireless Routers

A wireless router is a wireless access point with several other useful functions added. Like wired broadband routers, wireless routers also support Internet connection sharing and include firewall technology for improved network security. Wireless routers closely resemble access points (see Page 1 sidebar for illustration). A key benefit of both wireless routers and access points is scalability. Their strong built-in transceivers are designed to spread a wireless signal throughout the home. A home WLAN with a router or access point can better reach corner rooms and backyards, for example, than one without. Likewise, home wireless networks with a router or access point support many more computers than those without one. As we'll explain in more detail later, if your wireless LAN design includes a router or access point, you must run all network adapters in so-called infrastructure mode; otherwise they must run in ad-hoc mode.
Wireless routers are a good choice for those building their first home network. See the following article for good examples of wireless router products for home networks:

• Best 802.11g wireless routers for home

Wireless Antennas

Wireless network adapters, access points, and routers all utilize an antenna to assist in receiving signals on the WLAN. Some wireless antennas, like those on adapters, are internal to the unit. Other antennas, like those on many access points, are externally visible. The normal antennas shipped with wireless products provide sufficient reception in most cases, but you can also usually install an optional, add-on antenna to improve reception. You generally won't know whether you'll need this piece of equipment until after you finish your basic network setup.

Wireless Signal Boosters

Some manufacturers of wireless access points and routers also sell a small piece of equipment called a signal booster. Installed together with a wireless access point or router, a signal booster serves to increase the strength of the base station transmitter. It's possible to use signal boosters and add-on antennas together, to improve both wireless network transmission and reception simultaneously. Both antennas and signal boosters can be a useful addition to some home networks after the basics are in place. They can bring out-of-range computers back into range of the WLAN, and they can also improve network performance in some cases.

Next - WLAN Configurations

Now that you have a good understanding of the pieces of a wireless LAN, we're ready to set them up according to your needs. Don't worry if you haven't settled on a configuration yet; we will cover all of them.

To maximize benefit from the directions below, have your answers ready for the following questions:

• do you want to extend your wired home network with a WLAN, or are you building a completely new network?
• how many wireless computers do you plan to network, and where in the home will be they be located?
• what operating systems do/will you run on your networked computers?
• do you need to share your Internet connection among the wireless computers? how else will you use this WLAN? file sharing? network gaming?

Installing a Wireless Router

One wireless router supports one WLAN. Use a wireless router on your network if:

• you are building your first home network, or
• you want to re-build your home network to be all-wireless, or
• you want to keep your WLAN installation as simple as possible

Try to install your wireless router in a central location within the home. The way Wi-Fi networking works, computers closer to the router (generally in the same room or in "line of sight") realize better network speed than computers further away. Connect the wireless router to a power outlet and optionally to a source of Internet connectivity. All wireless routers support broadband modems, and some support phone line connections to dial-up Internet service. If you need dial-up support, be sure to purchase a router having an RS-232 serial port. Finally, because wireless routers contain a built-in access point, you're also free to connect a wired router, switch, or hub. (See diagram Page 2 sidebar.)
Next, choose your network name. In Wi-Fi networking, the network name is often called the SSID. Your router and all computers on the WLAN must share the same SSID. Although your router shipped with a default name set by the manufacturer, it's best to change it for security reasons. Consult product documentation to find the network name for your particular wireless router, and follow this general advice for setting your SSID.
Last, follow the router documentation to enable WEP security, turn on firewall features, and set any other recommended parameters.

Installing a Wireless Access Point

One wireless access point supports one WLAN. Use a wireless access point on your home network if:

• you don't need the extra features a wireless router provides AND
• you are extending an existing wired Ethernet home network, or
• you have (or plan to have) four or more wireless computers scattered throughout the home

Install your access point in a central location, if possible. Connect power and a dial-up Internet connection, if desired. Also cable the access point to your LAN router, switch or hub. See the diagram in the Page 3 sidebar for details. You won't have a firewall to configure, of course, but you still must set a network name and enable WEP on your access point at this stage.

Configuring the Wireless Adapters

Configure your adapters after setting up the wireless router or access point (if you have one). Insert the adapters into your computers as explained in your product documentation. Wi-Fi adapters require TCP/IP be installed on the host computer. Manufacturers each provide configuration utilities for their adapters. On the Windows operating system, for example, adapters generally have their own graphic user interface (GUI) accessible from the Start Menu or taskbar after the hardware is installed. Here's where you set the network name (SSID) and turn on WEP. You can also set a few other parameters as described in the next section. Remember, all of your wireless adapters must use the same parameter settings for your WLAN to function properly.

Configuring an Ad-Hoc Home WLAN

Every Wi-Fi adapter requires you to choose between infrastructure mode (called "access point" mode in some configuration tools) and ad-hoc ("peer to peer") mode. When using a wireless access point or router, set every wireless adapter for infrastructure mode. In this mode, wireless adapters automatically detect and set their WLAN channel number to match the access point (router). Alternatively, set all wireless adapters to use ad hoc mode. When you enable this mode, you'll see a separate setting for channel number. All adapters on your ad hoc wireless LAN need matching channel numbers.
Ad-hoc home WLAN configurations work fine in homes with only a few computers situated fairly close to each other. You can also use this configuration as a fallback option if your access point or router breaks:

See also : Ad Hoc Wi-Fi Home Network Diagram

Configuring Software Internet Connection Sharing

As shown in the diagram, you can share an Internet connection across an ad hoc wireless network. To do this, designate one of your computers as the host (effectively a substitute for a router). That computer will keep the modem connection and must obviously be powered on whenever the network is in use. Microsoft Windows offers a feature called Internet Connection Sharing (ICS) that works with ad hoc WLANs.

Now let's cover some of the finer points you need to know about home wireless LANs.

Wireless Routers / Access Point Interference within the Home

When installing an 802.11b or 802.11g access point or router, beware of signal interference from other home appliances. In particular, do not install the unit within 3-10 feet (about 1-3 m) from a microwave oven. Other common sources of wireless interference are 2.4 GHz cordless phones, baby monitors, garage door openers, and some home automation devices. If you live in a home with brick or plaster walls, or one with metal framing, you're may encounter difficulty maintaining a strong WLAN signal. Wi-Fi is designed to support signal range up to 300 feet (about 100 m), but barriers reduce this range substantially. All 802.11 communications (802.11a most of all) are affected by obstructions; keep this in mind when installing your access point.

• Range of Wi-Fi LANs

Wireless Routers / Access Point Interference from Outside

In densely populated areas, it's not uncommon for wireless signals from one person's home network to penetrate a neighboring home and interfere with their WLAN. This happens when both households set conflicting communication channels. Fortunately, when configuring an 802.11b or 802.11g access point or router, you can (except in a few locales) change the channel number employed.
In the United States, for example, you may choose any WLAN channel number between 1 and 11. If you encounter interference from neighbors, you should coordinate channel settings with them. Simply using different channel numbers won't always solve the problem. However, if both parties use a different one of the channel numbers 1, 6 or 11, that will guarantee elimination of cross-WLAN interference.

• Change the Wi-Fi Channel Number to Avoid Interference

MAC Address Filtering

Newer wireless routers and access points support a handy security feature called MAC address filtering. I wholeheartedly recommend it. This feature allows you to register wireless adapters with your access point (or router), and force the unit to reject communications from any wireless device that isn't on your list. MAC address filtering combined with WEP encryption affords very good security protection.

• Tip - Enable MAC Address Filtering

Wireless Adapter Profiles

Many wireless adapters support a feature called profiles that allows you to set up and save multiple WLAN configurations. For example, you can create an ad hoc configuration for your home WLAN and an infrastructure mode configuration for your office, then switch between the two profiles as needed. I recommend setting up profiles on any computers you plan to move between your home network and some other WLAN; the time you spend now will save much more time and aggravation later.

WEP Encryption

Among the options you'll see for activating wireless encryption, 128-bit WEP is a safe bet. Older 40 or 64-bit WEP offers inadequate protection. A few 802.11g products support 152-bit or 256-bit WEP, that is fine too, if all of your gear supports it. Newer equipment offers WPA. General-purpose WPA is unnecessarily complex for a home WLAN, but WPA-PSK works well.
To set 128-bit WEP, pick and assign a number called a WEP passkey. You must apply the same WEP settings and passkey to the access point (router) and all adapters.

General Tips

If you've finished installing the components, but your home network isn't functioning correctly, troubleshoot methodically:

• Can't reach the Internet? Temporarily turn off your firewall to determine whether you have a firewall configuration problem, or some other issue.
• Likewise, turn on and test your wireless adapters one by one, to determine if problems are isolated to a single computer or common to all.
• Try ad hoc networking if infrastructure networking isn't functional, and perhaps you'll identify a problem with your access point or router.
• To help you work methodically, as you build your network, write down on paper the key settings like network name, WEP passkey, MAC addresses, and channel numbers (then eat the evidence afterward!).
• Don't worry about making mistakes; you can go back and alter any of your WLAN settings any time.

Finally, don't be surprised if your wireless LAN performance doesn't match the numbers quoted by the manufacturer. For example, although 802.11b equipment technically supports 11 Mbps bandwidth, that is a theoretical maximum never achieved in practice. A significant amount of Wi-Fi network bandwidth is consumed by overhead that you cannot control. Expect to see more than about one-half the maximum bandwidth (5.5 Mbps at most for 802.11b, about 20 Mbps at most for the others) on your home WLAN.

Conclusion

Armed with the information contained in this tutorial, you're now well on your way to building a working home WLAN. Welcome to the world of wireless networking! 

Wireless LAN and IEEE 802.11 - Introduction

A wireless LAN (WLAN or WiFi) is a data transmission system designed to provide location-independent network access between computing devices by using radio waves rather than a cable infrastructure [IEEE 802.11 Wireless LANs, Technical paper].
In the corporate enterprise, wireless LANs are usually implemented as the final link between the existing wired network and a group of client computers, giving these users wireless access to the full resources and services of the corporate network across a building or campus setting.
The widespread acceptance of WLANs depends on industry standardization to ensure product compatibility and reliability among the various manufacturers.
The 802.11 specification [IEEE Std 802.11 (ISO/IEC 8802-11: 1999)] as a standard for wireless LANS was ratified by the Institute of Electrical and Electronics Engineers (IEEE) in the year 1997. This version of 802.11 provides for 1 Mbps and 2 Mbps data rates and a set of fundamental signaling methods and other services. Like all IEEE 802 standards, the 802.11 standards focus on the bottom two levels the ISO model, the physical layer and link layer (see figure below). Any LAN application, network operating system, protocol, including TCP/IP and Novell NetWare, will run on an 802.11-compliant WLAN as easily as they run over Ethernet.
The major motivation and benefit from Wireless LANs is increased mobility. Untethered from conventional network connections, network users can move about almost without restriction and access LANs from nearly anywhere.
The other advantages for WLAN include cost-effective network setup for hard-to-wire locations such as older buildings and solid-wall structures and reduced cost of ownership-particularly in dynamic environments requiring frequent modifications, thanks to minimal wiring and installation costs per device and user. WLANs liberate users from dependence on hard-wired access to the network backbone, giving them anytime, anywhere network access. This freedom to roam offers numerous user benefits for a variety of work environments, such as:

• Immediate bedside access to patient information for doctors and hospital staff
• Easy, real-time network access for on-site consultants or auditors
• Improved database access for roving supervisors such as production line managers, warehouse auditors, or construction engineers
• Simplified network configuration with minimal MIS involvement for temporary setups such as trade shows or conference rooms
• Faster access to customer information for service vendors and retailers, resulting in better service and improved customer satisfaction
• Location-independent access for network administrators, for easier on-site troubleshooting and support
• Real-time access to study group meetings and research links for students

Securing WLAN Technologies Secure Configuration Advice on Wireless Network Setup

The Growth of Wireless LAN

In recent years, there have been a number of substantial developments in the acceptance and functionality of wireless networks. Contemporary organisations are finding their workforce increasingly more mobile, often equipped with notebook computers and spend more of their productive time working away from the standard office-desk or personal-computer environment. Wireless networks support mobile workers by providing the required freedom in their network access. Workers can thus access networked resources from any point within range of a wireless access point. For IT managers, the combination of lowering wireless hardware costs and the ease of implementation in to diverse office environments means that wireless deployment is actively promoted, for it provides the combination of wired network throughput with mobile access and configuration flexibility.
A wireless LAN (WLAN) provides location-independent network access over radio waves rather than traditional cable infrastructures (e.g. 10BaseT, Token Ring, etc.). For most organisations, the WLAN is implemented as the final link between the wired network and the mobile (or inaccessible) wireless devices, thus providing access to all resources and services normally accessible through the wired network.
Previously, WLAN’s were largely implemented in environments (such as warehouses, manufacturing facilities and retail environments) where flexibility of network access took precedence over costly vendor specific wireless implementations. Already, due to the lowering price of components and development of the IEEE 802.11 standards, there has been a large increase in the application of WLAN technology to the corporate enterprise and home environment. Future development areas are likely to include Healthcare equipment and street-wide home Internet access (along the lines of Cable and DSL).
Security often plays second-fiddle to ease-of-use and if security is not transparent to the application and easy to use, it will not be used. However, given the wireless medium, certain security considerations must be applied to protect both the transmitted data and connected hosts. This page aims to explain the current suite of security issues for the most popular WLAN standards and provide advice on the secure configuration of a wireless network.

Inherent Weaknesses in Wireless Networks

Wireless networks typically utilise radio frequency (RF) signals that are capable of passing through barriers such as cubicle partitions, glass and standard walls. Cement walls and metal tend to act as solid barriers, however due to the reflective nature of the RF signal, they can be received (bounced) around corners when a barrier cannot be penetrated. The signal range, and corresponding power, is thus dependant on intermediary barriers and signal reflections. An interesting exercise is to measure signal strength throughout a building and locating “sweet-spots” (where signal strength is greater than expected given the range from the wireless node). Conducting such an exercise outside of the building can also be highly enlightening.
It is important to understand that many of the security risks and issues associated with WLAN’s also apply to the wired LAN. The real difference between a wired LAN and a wireless LAN is at the physical layer. All other network services and vulnerabilities remain; these include:

• Threats to the physical security of the network
• Attacks from within by “authorised” users
• Unauthorized access and eavesdropping

Often, organisations do not realise that wired LANs also have an unintended wireless component. Almost all types of LAN cabling radiate energy, particularly unshielded twisted pair; this radiation can be significant and detectable. Thus, with sufficient motivation and the right radio equipment, it is possible to intercept wired Ethernet data packets from a point external to most buildings, provided they were equipped with an appropriate antenna.
However, the fact remains that WLAN’s are designed to broadcast network traffic, and devices are readily available to receive and decode this traffic. As such, the current wireless standards were designed to include various methods of encryption and authentication from conception. Unfortunately, many of these security features have suffered from design or implementation flaws. It is important to note that the greater the level of security, the more complex the implementation can be. If network and security managers wish to implement a strong security policy, they will need to possess a reasonable knowledge of the security mechanisms inherent to the technology.

Current Wireless Standards

There are of course numerous standards in the world of wireless networking and it often appears that every vendor has their own. The WLAN market is comprised of many competing technologies, each with different operational characteristics. The most common WLAN standards include:

• HomeRF and HomeRF 2.0 (Wide-band Frequency Hopping (WBFH))
• IEEE 802.11 FH/DS
• Wi-Fi (IEEE 802.11b)
• IEEE 802.11gOFDM & 802.11gPBCC (Wi-Fi speed extension proposal)
• MMAC (HiSWANa)
• HiperLAN/2
• IEEE 802.11a
• Bluetooth

Of these WLAN standards, the most prevalent (and are commonly available at most High Street retailers) will adhere to one of following three standards:

• Bluetooth
• Home RF
• Wi-Fi (Institute of Electrical and Electronics Engineers (IEEE) 802.11b)

Although each standard offers different technological advantages or disadvantages, all three mentioned above operate in the 2.4 GHz Industrial, Scientific & Medical (ISM) band. This band offers 83 MHz of spectrum for all wireless traffic and is currently shared with cordless phones, building-to-building transmissions, and microwave ovens.
An emerging fourth wireless standard is the IEEE 802.11a, operating at the higher 5 GHz U-NII band and offering 300 MHz of spectrum, is not currently certified in Europe although negotiations between IEEE and the European Telecommunications Standards Institute (ETSI) is currently underway.

Band	WLAN Systems	Other Communication Systems	Non-Communication Systems
2.4 GHz 2.4000-2.4835 US 2.4000-2.4835 EU 2.471-2.497 Japan 2.4465-2.4835 France 2.445-2.475 Spain	HomeRF HomeRF 2.0 (WBFH) Wi-Fi (802.11b) Bluetooth	Proprietary cordless phones 802.11 FHSS (1997) 802.11 DSSS (1997) Proprietary vertical applications WLL (shared Internet access)	Microwave ovens Microwave lighting Marine weather radar
5 GHz 5.150-5.390	802.11a (US) HiperLAN1 (Europe) HiperLAN2 (Europe) HiSWAN (Japan)	Mobile satellite systems (MSS) Earth exploration satellite systems (ESSS) Short range wireless systems Radio Location Electronic News Gathering Proprietary vertical applications WLL (shared Internet access)	Radar systems Microwave ovens (future – upper band)
5.470-5.725	HiperLAN1 (Europe) HiperLAN2 (Europe)
5.725-5.875	802.11a (US)

Table 1: Wireless Standards by Frequency Band
It is important to note that both Wi-Fi (802.11b) and 802.11a are service sub definitions of the overall IEEE 802.11 standard. The IEEE 802.11 defines a standard on wireless communications and is not limited to RF communications, but also supports methods such as diffused infrared (IR). IR wireless LANs are inherently more secure and are immune from electromagnetic radiation that can interfere with RF and cable based systems. IR based WLAN’s are often used in high-security applications because the signals are line-of-sight only and will not penetrate solid objects like walls.
The key difference between the Bluetooth and Wi-Fi standards is the expected operational range. Bluetooth’s native 1 Mbps data rate is designed to connect devices that are in close proximity, such as notebook computers to printers and PDA’s to mobile phones. This short-range network is often referred to as a Personal Area Network (PAN). Wi-Fi is designed to offer full LAN connectivity and support the full suite of networking protocols (i.e. TCP/IP).
Bluetooth was never originally designed for truly sensitive data transmission. It is not a true competitor of Wi-Fi, but rather Bluetooth was intended to form PANs, where security is desirable but not absolutely essential, as shown by Bluetooth's goal to facilitate for cordless applications instead of being used for networking purposes.
The Home RF and Wi-Fi technologies both provide very similar services to home users. In the highly competitive wireless market, only one of these standards is expected to survive longterm. Given the wider support from the development community, the greater uptake in the business environment, higher transmission rates, and the greater choice of vendor compatible products – the Wi-Fi standard is expected to win this battle.

Technology: Bluetooth

Developed by the Bluetooth Special Interest Group in May 1998, it was designed to provide short-range, low-cost, low-power wireless communications. The key uses for this technology were seen to be data synchronization between computers, hand-held devices, mobile phones and pagers. Bluetooth is ideally suited to devices that travel in and out of a home network, as opposed to remaining connected to a network for extended periods.
Version 1.0 of the Bluetooth specification was approved in the summer of 1999. The IEEE standards body is currently reviewing a faster successor to Bluetooth (IEEE 802.15.3), which will offer data transfer rates of 20 Mbps, while maintaining backward compatibility.
Key Features of Bluetooth:

• Supports data rates of 1 Mbps to distances of up to 10 meters (Up to 20 Mbps if IEEE 802.15.3 is ratified).
• Can support either one asynchronous data channel and up to three simultaneous synchronous speech channels, or one channel that transfers asynchronous data and synchronous speech simultaneously.
• Supports up to eight wireless devices.
• Frequency hopping to be implemented with Gaussian Frequency Shift Keying (GFSK).
• Uses the Link Manager Protocol (LMP) to configure, authenticate and handle the connections between Bluetooth devices.
• Supported by over 1,300 telecommunications, computing, and networking companies globally.

Technology: Home RF

Developed by the Home RF Working Group, it was designed as a lower-cost wireless network technology for use in the home.
Key Features of Home RF:

• Supports data rates of up to 2 Mbps at distances of up to 130 meters. An FCC ruling last August let the group finish spec 2.0 which brought its speed from 2 Mbps up to 10 Mbps distances of up to 15 meters.
• Supports up to three simultaneous voice channels.
• Supports up to 128 network devices.
• Security features include Blowfish encryption (up to 56 bit).
• Supported by several large home computer/network manufacturers.

Technology: Wi-Fi

Wi-Fi is the friendlier name for devices adhering to the IEEE 802.11b High Rate wireless technology standard. It is hoped that IEEE 802.11b will become known as “Wi-Fi” just as IEEE 802.3 is currently known as “Ethernet”. Due to the current prevalence of the Wi-Fi standard and the large installed base of WLAN devices, this standard will be discussed in greater detail in a following section.
Key Features of Wi-Fi:

• Supports data rates of up to 11 Mbps at distances of up to 150 meters. Although some vendors claim to have successfully operated their products to ranges of excess of 500 meters. This range is using an omnidirectional antenna. Using a 21 dB Yagi directional antenna, other people have built links as long as 14 kilometres. Interestingly, this sort of standards “hacking” does not appear to break any laws because the Effective Radiated Power of the Yagi is still under the maximum set by many country authorities.
• Supports up to 128 network devices.
• Security features include authentication and encryption.
• Supports voice over IP (VoIP) data and voice networking capabilities.
• Has widespread industry support.

The IEEE 802.11 Standard and Evolution of 802.11b

Proposed and ratified by the IEEE as 802.11 in 1997, the standard defines the specifications and services for wireless network communications such as:

• Asynchronous and time-critical delivery service support
• Service continuity in extended areas via a distributed system (e.g. Ethernet)
• Network management services
• Registration and authentication services
• Support for standard applications and protocols (e.g. TCP/IP)

It allows for two different (and incompatible) methods of encoding RF signals, FHSS and DSSS. FHSS (Frequency Hopping Spread Spectrum) spreads the communications across 75 sub channels, each consisting of 1 MHz, and continually skipping between them. DSSS (Direct Sequence Spread Spectrum) divides the band into 14 overlapping 22 MHz channels which are utilised one at a time.
FHSS frequency-hopping cards were the first to arrive to the marketplace, as they were cheaper to produce and easier to implement than DSSS. However, as the technology matured and faster processors became available, it became cheaper to implement DSSS. DSSS was the preferred encoding scheme due to US government constraints on broadcasting in the ISM band.
In September 1999, the IEEE 802 committee extended the specification (802.11b) and decided to standardise on DSSS and utilised better encoding techniques. This in turn extended the data throughput from 1-2 Mbps to 5.5-11 Mbps, while allowing backwards compatibility with the older, slower, DSSS standard.
Due to speed and security considerations, various alternatives and extensions to 802.11b are currently under review or have been ratified by the IEEE.

WLAN Topologies

The 802.11 standard defines three basic topologies to be supported by the MAC layer implementation:

• Independent Basic Service Set (IBSS)
• Basic Service Set (BSS)
• Extended Service Set (ESS)

The 802.11 standard further defines the following two modes:

• Ad hoc
• Infrastructure

Mode: Ad-Hoc

The Ad-hoc (sometimes referred to as IBSS topology) mode is analogous to a standard peer-to-peer office network in which no dedicated system is required to assume the role of a server. In WLAN terms, a number of wireless nodes or computers will communicate directly with one another in a mesh or partial-mesh topology (i.e. free-for-all). Typical instances of such an ad-hoc implementation would not connect to a larger network and cover only a limited area. If a client in an ah-hoc network wishes to communicate outside of the peer-to-peer cell, a member MUST operate as a gateway and perform routing.
Bluetooth devices can also form an ad-hoc network. In these networks, one Bluetooth device will act as a master and the others as slaves. The master defines the frequency-hopping behaviour of the network, and it is possible to connect up to 10 of these networks together.

Mode: Infrastructure

Utilising the Infrastructure mode of 802.11 devices requires the installation of at least one wireless Access Point (AP, but also often referred to as a base station) connected to the wired network infrastructure, and a set of wireless nodes or computers. This most basic configuration is referred to as a BSS topology in the 802.11 standard. Communication between wireless nodes, wireless computers and the wired network will be via the AP. Wireless computers conduct all communications through the AP, unlike the Ad hoc peer-to-peer communications.
Before being able to communicate data, wireless clients and AP’s must establish a relationship, or an association. Only after an association is established can the two wireless stations exchange data.
All AP’s transmit a beacon management frame at fixed intervals. To associate with an access point and join a BSS, a client listens for beacon messages to identify the access points within range. The client selection of which BSS to join is carried out in a vendor independent manner. A client may also send a probe request management frame to find an access point associated with the desired SSID (service set identifier).
It is possible to combine multiple wireless access points into a single sub network; this is referred to as an ESS topology. It is thus possible to expand the wireless network with multiple AP’s utilising the same channel or utilise different channels to boost aggregate throughput.
An Access Point acts as a bridge between the wired and wireless networks. The device consists of a radio, a wired network interface and bridging software. It thus acts as the base station for the wireless network, aggregating access for multiple wireless stations onto the wired network.

Roaming Techniques

Although the Wi-Fi standard defines how a wireless computer communicates with an AP, it does not define how roaming should be conducted and supported within an ESS topology network, in particular when a roaming user crosses a router boundary between subnets. Roaming between AP’s is largely reliant on vendor-specific implementations and management. Organisations should carefully evaluate vendors support for roaming and evaluate the ease of operation.
In theory it is possible to implement DHCP across the network and force users to release and renew their IP address as migrate from one subnet to another. However, this is not seen as a practical solution for non-technical staff or where continuous communications are required while roaming.
For environments where DCHP is not in use, Cisco offers a solution referred to as local-area mobility (LAM). Cisco’s LAM enables computers with static addresses to move from one subnet to another while maintaining transparent connectivity without software changes on the roaming host.

Compatibility between Wireless Networks

There has been a lot of talk about interoperation, backwards compatibility and interference between the various WLAN technologies.
The most prevalent WLAN technology, Wi-Fi, has several potential speed increases and security modifications in store from the IEEE 802.11 Task Force g. This yet to be ratified standard (IEEE 802.11g) is proposed to be backwardly compatible with Wi-Fi. It is likely that, in the very near future, wireless products adhering to this standard will replace current Wi-Fi equipment and will be produced by the same companies currently producing Wi-Fi chipsets.
Although sharing the 802.11 nomenclature, Wi-Fi (802.11b) and the faster 802.11a standard are incompatible. Companies with an existing Wi-Fi network cannot simply deploy a new 802.11a network on the Wi-Fi access points and expect to suddenly jump from 11 Mbps to 54 Mbps. The physics and operational characteristics simply do not work that way, and an 802.11a AP will only cover approximately a fourth of the area covered by a Wi-Fi AP. Thus, to cover a similarly sized area and all factors being equal, four 802.11a AP’s are required for every Wi-Fi AP. This is not to say that the two cannot be deployed together. In the near future, it is likely that WLAN access points will support both standards within a single device. Thus Wi-Fi’s range and sustainable 11 Mbps data rate could be complemented with 802.11a’s concentrated 54 Mbps.
Within the crowded 2.4 GHz ISM band, interference between devices can cause concern. Of primary concern has been the interference between Wi-Fi and Bluetooth. However, multiple companies have researched this interference issue and have concluded that, when separated by 2 metres or more, there is no significant interference. With separation distances less than 2 metres, the two technologies can interfere with each other and this can be severe when collocated within a single device (i.e. a combination PCMCIA card). Several solutions have already been proposed; ranging from modifications and extensions to the existing standards, through to recommended best practices and technological advances.

Security within the Standards

Wi-Fi

By default, Wi-Fi utilises open system authentication, and authenticates anyone who requests authentication. Wireless nodes perform a mutual authentication using this method when joining a network. In many cases the management authentication frames are sent in the clear even when WEP is enabled.
Until very recently, the law used to be that a manufacturer could only export up to 56-bit encryption. The Wi-Fi standard specified up to only 40-bit for export reasons. It is important to note that, with the 40-bit encryption option, a 24-bit initialisation vector is appended and all encryption is conducted with a 64-bit key length. While not officially part of the Wi-Fi standard, many vendors now implement 128-bit key lengths for encrypting data. This 128-bit key consists of the 24-bit initialisation vector and a 104-bit pseudo-random key.
Although the IEEE 802.11 standards body is currently working to improve the security of the standard, it is too late for deployed networks and those networks about to be deployed. Nether the less, Wi-Fi vendors have provided numerous mechanisms to help secure both communications and the operating environment:

Security Feature	Details
Wi-Fi WEP	The Wired Equivalent Privacy (WEP) protocol is used to protect wireless communication from eavesdropping and prevent unauthorised access to the WLAN. WEP relies on a secret key that is shared between an AP and wireless node (e.g. notebook computer). The secret key is used to encrypt packets before they are transmitted, and an integrity check is used to ensure that packets are not modified in transit. WEP utilises the established RC4 stream cipher to encrypt data. The stream cipher operates by expanding a short key into an infinite pseudo-random key stream. Although stream ciphers are commonly vulnerable to several attack methods, WEP was designed to overcome these failings. In particular, WEP uses an Integrity Check (IC) field within the data packet to ensure that it has not been modified in transit, and an Initialisation Vector (IV) is used to augment the shared secret key and produce a different RC4 key for each packet; thus avoiding encrypting two cipher texts with the same key. However, both of these security measures have been found to be implemented incorrectly: The integrity check (which forms part of the encrypted payload of the packet) is implemented as a linear 32-bit checksum. Thus, it is possible to alter individual bits within the encrypted message and correctly adjust the checksum so that the resulting message appears valid. If an attacker has partial knowledge of the contents of the packet, it is possible to intercept and perform selective modification on it. The attacker could thus modify interactions with a file server. If the attacker is able to guess the headers of the data packet, it may be possible to alter the destination IP address and port. By resending this modified packet from a rogue wireless node, the AP will decrypt the packet and forward it on unencrypted to the modified destination. If the destination is Internet based, the attacker could remotely retrieve the plain test data. The initialisation vector in WEP is a 24-bit field, and is sent in the clear text part of the message. Utilising such a small space of initialisation vectors guarantees the reuse of the same key string at a busy access point. This allows an attacker to collect two cipher texts that are encrypted with the same key stream and perform statistical attacks to recover the plain text. Once it is possible to recover the entire plain text for one of the messages, the plain text for all other messages with the same IV follows directly. The 802.11 standard specifies that changing the IV with each packet is optional; some wireless card vendors increment the IV by 1 each packet while others leave this value blank. The result of these flaws in the Wi-Fi implementation of RC4 is that the encryption of data can be broken within 15 minutes. And, more importantly, the time to break the encryption scales linearly with the key length - thus a 128-bit key could be broken within 30 minutes.
Wi-Fi Shared Key Authentication	Shared key authentication uses a standard challenge and response along with a shared secret key to provide authentication. The challenge-response sequence utilises WEP to encrypt the data. Thus this authentication sequence is subject to the weaknesses of WEP.
Wi-Fi Closed Network Access	In a closed network, only clients with knowledge of the network name, or SSID, can join. Essentially, the network name acts as a shared secret. However, the SSID is often transmitted in clear text within the management frames (even if WEP is enabled). Thus simple sniffing will rapidly enumerate the SSID
Wi-Fi Access Control Lists (ACL)	Access to the wireless network can be controlled by limiting access to nodes defined in a central (or shared) list based upon the Ethernet MAC address. There are two problems with this method of control: Loss of flexibility – The Network Administrator needs to maintain an up to date list of valid MAC addresses for every wireless node. Roaming or multi-site users would require changes to the ACL to access the network. MAC Impersonation – Many wireless cards currently available allow the MAC address to be manually changed. MAC addresses are easily sniffed by an attacker as they must appear in the clear even if WEP is enabled.
Wi-Fi Key Management	Wi-Fi defines two methods for using WEP keys: 4 Key Window – A wireless node or AP can decrypt packets enciphered with any of the four defined keys. However, transmission is limited to one of the four manually entered keys (a default key). MAC Unique Key – Each MAC address may have a separate key. The standard recognises that the key mappings table should hold at least 10 entries. As with the standard WEP failings, enforcing a reasonable key period remains a problem, as the keys need to be changed manually. Only a few major Wi-Fi vendors have implemented any form of key management or key agreement in their wireless products.
Future Development of the Standard	The IEEE is currently working on a new standard to address many of these security issues with 802.1x, for port-based authentication on wireless networks. This standard is likely to include: An Extended Encapsulation Protocol (EEP) that allows various authentication protocols. Enable WEP keys to be dynamically generated and sent out. Including multicast support for large organisations. Centralised AP authentication, thus making roaming transparent. Users will receive a logon dialog when roaming between VPN servers on a network, or when resuming from standby mode, if an AP requires alternate identification.

Table 2: 802.11b security measures

Bluetooth

Bluetooth technology provides three security attributes (authorisation, authentication and encryption), and three modes of security:

• Security Mode 1 (non secure) – A device does not initiate any security procedure such as encryption or authentication.
• Security Mode 2 (service-level enforcement security) – A device does not initiate security procedures before channel establishment at the service level.
• Security Mode 3 (link-level enforced security) – A device allows only authenticated connections. The difference between Security Mode 2 and Security Mode 3 is that in Security Mode 3 the Bluetooth device initiates security procedures before the channel is established.

As there are numerous services that a Bluetooth device may have, a sizable database of services the device has authorisation to use is required. The user can choose to “auto” trust devices or “manually” trust devices.

Security Feature	Details
Key Management	The link key (a 128-bit random number) handles all security transactions between two or more parties. It is used in the authentication process and as a parameter when deriving the encryption key. The lifetime of a link key depends on whether it is a semi-permanent or a temporary key. A semi-permanent key can be used after the current session is over to authenticate Bluetooth units that share it. A temporary key lasts only until the current session is terminated and it cannot be reused. Temporary keys are commonly used in point-to-multipoint connections, where the same information is transmitted to several recipients. There are several different types of keys defined in Bluetooth. Link keys can be combination keys, unit keys, master keys or initialization keys, depending on the type of application. In addition to link keys, there is the encryption key. The length of the Personal Identification Number (PIN) code used in Bluetooth devices can vary between 1 and 16 octets. The regular 4-digit code is sufficient for some applications, but higher security applications may need longer codes. The PIN code of the device can be fixed, so that it needs to be entered only to the device wishing to connect. Another possibility is that the PIN code must be entered to the both devices during the initialization. The major problem is likely to be a partial user one. The atypical 4-digit PIN code, is used in combination with other variables to generate the Link Key and Encryption Key. In fact it is the only truly secret key generation variable, the only one (a random number) is transmitted over the air. When using 4 digit PIN codes there are only 10,000 different possibilities. As the process of supplying PIN codes to devices often has to be repeated each time, it is common to set the value to "0000".
Encryption	The Bluetooth encryption system encrypts the payloads of the packets. This is done with a stream cipher E0, which is re-synchronized for every payload. The E0 stream cipher consists of the payload key generator, the key stream generator and the encryption/decryption part. Depending on whether a device uses a semi-permanent link key or a master key, there are several encryption modes available. If a unit key or a combination key is used, broadcast traffic is not encrypted. Individually addressed traffic can be either encrypted or not. If a master key is used, there are three possible modes. Encryption mode 1 - nothing is encrypted. Encryption mode 2 - broadcast traffic is not encrypted, but the individually addressed traffic is encrypted with the master key. Encryption mode 3 - all traffic is encrypted with the master key.
Authentication	The Bluetooth authentication scheme uses a challenge-response strategy, where a 2-move protocol is used to check whether the other party knows the secret key. The protocol uses symmetric keys, so a successful authentication is based on the fact that both participants share the same key. As a side product, the Authenticated Ciphering Offset (ACO) is computed and stored in both devices and is used for cipher key generation later on. If the authentication fails, there is a period of time that must pass until a new attempt at authentication can be made. The period of time doubles for each subsequent failed attempt from the same address, until the maximum waiting time is reached. The waiting time decreases exponentially to a minimum when no failed authentication attempts are made during a time period. Another problem arises with the use of the Link key. Authentication and encryption are based on the assumption that the link key is the participants' shared secret. All other information used in the procedures is generally public. However this can lead to fundamental problems: Assume that devices 1 and 2 use 1's unit key as their link key. Later on, or at the same time, device 3 may communicate with device 1 and use 1's unit key as the link key. 2 uses 1's Link key to decrypt the communication between 1 & 3 Device 2, having obtained 1's unit key earlier, can use the unit key with a faked Bluetooth Device Address to calculate the encryption key and therefore listen to the traffic. It can also authenticate itself to device 1 as device 3 and to device 3 as device 1.   The Bluetooth Device Address is unique to each and every Bluetooth device. However due to its uniqueness it introduces another problem. Once this ID is associated with a person, individuals can be traced and their activities easily logged, thus privacy is violated.

Table 3: Bluetooth security measures

Signals and Data Throughput

Although each of the technologies and standards specify maximum data rates for wireless communications, it is important to realise that these rates differ greatly from what an organisation can expect to achieve using real data in a live environment. Just as wired Ethernet is touted as 10 or 100 Mbps, the actual throughput maximum is roughly 85% of these values due to overheads inherent to the technology. For instance, with Ethernet, once the network traffic load reaches beyond 60%, the probability of network collisions is very high – at levels beyond, this collisions and retransmissions of data can cause the network to stall.
When securing the wireless network by utilising either the native encryption mechanisms or third-party products, actual data throughput can drop even further. Organisations should carefully review not only the strength of the encryption mechanism, but also the overhead to throughput. For instance, Wi-Fi’s highest data rate is 11 Mbps – this corresponds to approximately 7 Mbps actual throughput. Buy utilising WEP, it is not untypical for this rate to drop to 6 Mbps.

Technology	Data Rate	Actual Throughput	Shared Among Users	Estimated Time to Download a 100 MB file (actual throughput)
56.6 Kbps Modem	56.6 Kbps	56.6 Kbps	No	4 hours
Dual channel ISDN	128 Kbps	128 Kbps	No	1 hour 45 minutes
10/100 Ethernet	100 Mbps	85 Mbps	Yes	10 seconds
2Mb Leased Line	2 Mbps	2 Mbps	Yes	6 minutes 40 seconds
Wi-Fi	11 Mbps	5-7 Mbps	Yes	2 minutes 13 seconds
802.11gOFDM	24 Mbps	10-11 Mbps	Yes	1 minute 16 seconds
802.11gPBCC	22 Mbps	10-11 Mbps	Yes	1 minute 16 seconds
802.11a	54 Mbps	31 Mbps	Yes	26 seconds

Table 4: Transmission speed comparisons
Another important consideration is range. Due to the physics of wireless wave propagation, signal strength is inversely proportional to the range between devices. Thus, in real terms, range corresponds to maximum data rates. The maximum rate for Wi-Fi (11 Mbps) can only be achieved within a certain range of the transmitter. Moving further away from the transmitter causes the data rate to “step down” to 5.5 Mbps, 2 Mbps, 1 Mbps and finally no-signal. This range is dependant on the transmitter design and type of receiving antenna.
IEEE 802.11a provides a higher data transfer rate than Wi-Fi (36-54 Mbps versus 11 Mbps) when close to the WLAN access point (within 10-15 metres), making it more attractive for dense user environments that also require high throughput, but the data rate is closer to 9-12 Mbps at ranges over 30 metres.
A typical maximum range (at the lowest data rate of 1 Mbps) for standard Wi-Fi devices is 500 metres. However, utilising improved or specially designed receiving antennas, ranges in excess of 14 km have been achieved. The ranges achieved with standard external PCMCIA Wi-Fi cards are generally poor due to the antenna being in the worst possible orientation: sideways, and very close to the laptop (the radiation pattern is thus almost straight up and down). To address this, and offer greater ranges, many laptop vendors now build the Wi-Fi antennas into and around the screen.

WLAN Security Solutions

The omni directional broadcasting of WLAN traffic is of a primary security concern. Although various mechanisms for securing the data have been included within each of the established wireless standards, the nature of the media ensures that an anonymous attacker or interloper can easily monitor or collect traffic. Given the current range of security flaws within these security mechanisms, it is inevitable that the data content will be decoded or decrypted by those who have the time and tools to do so. Unfortunately, the tools required to sniff, decrypt and gain access to most wireless networks are freely available through numerous sites on the Internet.
While many of the security systems built into the various wireless standards have been proven to be flawed or open to abuse, there are numerous options that an organization may undertake to help deploy these technologies in a secure manner. These options may range from common-sense practices, to physical implementation, through to proven third-party products. Those members of a Corporation for the management of security and system integrity should review the following suggestions to aid their deployment of WLAN technologies

Default Settings

Almost all WLAN products come preconfigured with a suite of default settings, services and passwords. These defaults are well known and various lists exist on the Internet for ready inclusion in to tools designed expressly for compromising the security of your WLAN.
Always review the literature that comes with the WLAN components and be wary of all default settings. In particular, take note of the default security permissions for Bluetooth devices, and the default SSID and WEP keys for Wi-Fi. For AP’s, review the services utilized for remote management of the device (i.e. web admin and SNMP), decide whether these services can be made secure (through appropriate passwords and access controls or limitations), and whether such mechanisms are compatible or consistent with your corporations existing security management procedures.

The Value of the Data

Consider the value of the data that could be transmitted over the WLAN. The data will be broadcast and may be collected by an anonymous observer. Depending on the security settings and encryption levels used for the WLAN traffic, the difficulty in decoding or decrypting the data may range from trivial through to almost impossible. Beware though, if an observer is able to collect a sizable amount of data and is willing to invest the time and effort, almost all encrypted data can be decrypted.
Organizations should review the value of the data being broadcast and ascertain how important it is that an outsider should not be able to render it readable. For some organizations the value of the data may be best measured in time – consider competitive tender document that may have a life of a couple of months, a sensitive financial data that may have a life of several years, or private banking details that must be kept secret for decades. For some organizations the value of the data may be measured in reputation.
Even using the best commercial encryption algorithms, given the advances in computer processing power, it is unlikely that such confidential data will remain secret in several years should an observer choose to decrypt the data.

Treat as Untrusted

Do not inherently trust connections from the WLAN. Wireless AP’s should be handled similarly to Internet and Dial-in (e.g. RAS) connections. Best practices dictate that all AP’s should be located with separate firewall zones (i.e. DMZ) and similar access controls or filtering rules should be configured as for Internet access into the organization. This is not to say that the AP’s should be located outside the corporate firewall on the same network as the Internet, but on a separate untrusted segment controlled with appropriate rules and policies.
Just as external users may access an organizations LAN through the Internet or RAS services using technologies such as Radius, Kerberos, Secure Sockets Layer (SSL) encryption and virtual private networks (VPN’s) - an organization should extend these authentication and encryption techniques through to the WLAN and carefully examine all access procedures.
The most widely used mechanism for securing VPN traffic is the Internet Protocol Security (IPSec) specification, as defined by the IEEE. IPSec can use keyed hash algorithms (MD5, SHA, HMAC) for authenticating packets, DES, 3DES and other bulk algorithms for encrypting data, and digital certificates for validating public keys.
By employing this solution, WEP is no longer required (as all encryption is handled by the VPN channel) and should be disabled. The VPN server(s) provide the necessary authentication and full encryption over the WLAN. Utilising digital certificates at each wireless node helps ensure strong authentication.
As a more general policy, all organizations should be using secure communication methods all the time to transfer data, even internally. Consider utilizing SSL encryption for internal applications and Intranet components.

Fault Tolerance

Deploying multiple access points on the same frequency can increase the fault tolerance and adds range to a wireless segment, but won't increase your overall bandwidth. When one access point in a segment fails, the wireless clients seamlessly roam to the other access points without interrupting service, provided the appropriate roaming technologies have been configured. Not all vendor WLAN products may support seamless network roaming – choose carefully.

Be Capable of Monitoring the WLAN

Invest in appropriate network technologies to readily identify wireless AP’s or PC Card’s that may be misbehaving and cause a degradation of service. It is important to note that even a single PC Card can saturate a wireless segment. Whether an organization has just one user or 50 on a segment, each user will contend for the same amount of bandwidth. After all, a Wi-Fi network utilizes CSMA/CA (Carrier Sense Multiple Access/Collision Avoidance), and like shared Ethernet, have a finite capacity and a certain amount of overhead associated with it. This is especially important given the threat from attackers who may purposefully seek to disrupt the WLAN services. Such an attack may cost less than £400 to an attacker (i.e. Palm computer and Wi-Fi PCMCIA card) and could be performed anywhere within range of the WLAN.

Be Capable of Detecting and Responding to Intruders

It is important not only to be able to monitor the WLAN, but also record and identify attacks. Modern Intrusion Detection Systems (IDS) are capable of identifying and responding to many of the most popular and dangerous attacks in an automated manner. Where possible, network IDS sensors should be placed on the WLAN DMZ segment, and the organizations wired LAN. Key hosts, particularly authentication servers on the wired LAN used to authorize access from the WLAN should utilize host based IDS sensors.
Having protected the organizations LAN and key authentication servers, ensure that the client WLAN devices (e.g. laptops, printers and access points) on the “dirty” side of the DMZ are also properly secured. As these devices are now likely to be primary targets of an attacker - ensure that each device has been hardened to appropriate security standards, have current anti-virus detection agents, and utilize updated personal IDS monitors.

Security Education

Ensure that both the WLAN end users and administrative staff understand the security limitations of the technology. It is vital that users be aware of the vulnerabilities of the data they may access or share over the WLAN to other users, and understand the secure access methods available to them. For administrative staff, it is equally important they understand the security configuration of the environment and have the skills to readily maintain and monitor the integrity of the WLAN.
All staff with access to WLAN components of an organisations infrastructure must understand and use good password policies. Almost all security mechanisms used by any organisation can be compromised or thwarted by poor passwords.

Be Aware of Country Specific Laws

Regulation of radio frequency bands is often country specific, and various laws exist controlling their usage. Additionally, many countries have specific laws relating to the monitoring of radio frequency data and the protection of personal data that may be observed and recorded.
Consider the following two wireless standards, 802.11b and 802.11a. 802.11b operates in the 2.4 GHz ISM band and defines a total of 14 frequency channels. Channels 1 through 11 are approved for use within the U.S.; whereas most of Europe can use channels 1 through 13, with the notable exception of France, where only channels 10 through 13 are available. 802.11a operates in the 5 GHz U-NII and, although approved for use in the U.S., is not currently approved for European.
Both suppliers and implementers of all WLAN technologies must carefully review the legal implications of installing and using such wireless technologies. Use of devices operating outside the approved radio frequency bands may interfere with 3rd-party devices, and is likely to lead to legal prosecution in most countries. Additionally, local laws relating to maximum encryption key length, radio broadcast power and range, reception and observation of unintended radio frequency data (e.g. the WLAN from across the road), and data protection regulations must also be carefully reviewed.

Understand the Operational Characteristics of the Technology

Focusing on 802.11b, an important concept to note regarding channel assignments is that the channel actually represents the centre frequency that the transceiver within the radio and access point uses (e.g., 2.412 GHz for channel 1 and 2.417 GHz for channel 2). There is only 5 MHz separation between the centre frequencies, and an 802.11b signal occupies approximately 30 MHz of the frequency spectrum. The signal falls within about 15 MHz of each side of the centre frequency.
As a result, an 802.11b signal overlaps with several adjacent channel frequencies. This leaves only three channels (channels 1, 6, and 11 for the U.S.) that can be used without causing interference between access points. For WLAN’s with only one access point, it is possible to set the access point to any one of the channels. Often, the default setting shipped by the vendor will be adequate. If there are two or three access points, assign any combination of channels 1, 6, and 11. Doing so will keep the signals far enough apart in the RF spectrum to avoid problems.

Channel Number	Frequency (GHz) – Channels are 22MHz wide
1*	2.412 (US FCC, Europe ETSI, Japan)
2	2.417 (US FCC, Europe ETSI, Japan)
3	2.422 (US FCC, Europe ETSI, Japan)
4	2.427 (US FCC, Europe ETSI, Japan)
5	2.432 (US FCC, Europe ETSI, Japan)
6*	2.437 (US FCC, Europe ETSI, Japan)
7	2.442 (US FCC, Europe ETSI, Japan)
8	2.447 (US FCC, Europe ETSI, Japan)
9	2.452 (US FCC, Europe ETSI, Japan)
10	2.457 (US FCC, Europe ETSI, Japan, France)
11*	2.462 (US FCC, Europe ETSI, Japan, France)
12	2.467 (Europe ETSI, Japan, France)
13	2.472 (Europe ETSI, Japan, France)
14	2.484 (Japan)

 Table 4: 802.11b channel median frequencies (* indicates non-overlapping channels)