Foil intruders by containing your radio waves
Wireless networks have an inherent security threat: They transmit radio signals nonstop. However, by limiting the direction and range of those signals, you can improve the security of your network. The logic is simple: If an intruder can't pick up a useful signal, he or she won't be able to successfully connect to your network. You can use three basic methods to limit wireless network radio signals: adjust the output power of your wireless Access Points (APs), cover your walls and windows with specially made signal-confining coverings, and limit the direction in which your wireless antennas transmit signals.You can also use a combination of these methods. Here's how they work.
Adjust Your Power
First, let's talk about adjusting your wireless APs' output power. The FCC regulates the radio spectrum that wireless network equipment uses, including how much power a device can output during radio transmissions. A certain output power level equates to different signal strength levels at different distances: The farther away from the signal the receiver is, the weaker the signal strength will be.
Some, but not all, wireless-equipment manufacturers include adjustable settings in their firmware that let you set the radio transmitter's output power level. For example, a typical AP might output 20 milliwatts (MW) of power, and the firmware interface might let you turn up that power level to as much as 200MW. The AP might also let you turn down the output power to a setting as low as 1MW. By adjusting this setting, you're effectively adjusting the distance the signal will cover. You could feasibly reduce the output power in any given area where you use a wireless network without causing problems with authorized connectivity.
If your AP firmware doesn't let you adjust output power levels, you can install third-party firmware. Several third-party firmware solutions are available for various types of APs, including APs from ASUS, Buffalo Technology, Cisco Systems, Linksys, Motorola, NETGEAR, Siemens, and USRobotics. Consider, however, taking a close look at OpenWrt (http://openwrt.org), DD-WRT (http://ddwrt.gruftie.com), or Sveasoft's Alchemy and Talisman (http://sveasoft.com) AP firmware solutions. Each of these options is a reasonable choice (although OpenWrt is a bit tedious to use because it's modular in design, requiring you to add modules to gain various types of functionality). Keep in mind that not all firmware will work on all APs. You must review the associated Hardware Compatibility Lists (HCLs) to make sure the firmware has been tested successfully on your particular APs. Also, don't overlook the need to verify compatibility with different versions of the same AP models.
Third-party AP firmware is generally easy to install. Each product provides a simple Web-based configuration interface and gives you many extra features that your AP might not support with its original firmware. Keep in mind that, in some cases, using third-party firmware can void a hardware warranty or support package. If someday you need to return the hardware to the vendor, you might be out of luck.
Regardless of which firmware you use, when you adjust AP output power levels, remember that many factors affect overall signal reception. For example, a wireless workstation that's using a high-gain antenna could possibly pick up a very weak AP signal and successfully make a connection to that network. This scenario is possible because high-gain antennas amplify weak signals to make them more usable. These types of antennas also amplify the output signal during transmission back to the AP. Malicious users can use workstations with high-gain antennas to intrude on your network, even when those workstations are far from your APs. Many demonstrations have proved that such antennas can span distances of several miles! To combat this scenario, the second method of limiting wireless signals can come in quite handy.
Cover Your Walls
You can use special wall and window coverings to confine radio signals. Such surface coverings essentially prevent radio signals from moving through the surface to which you apply them. So, for example, you could confine a wireless network to one room or one department area. Likewise, you can prevent outside intruders from sending their signals in.
These surface coverings come in two primary types: a specialized type of paint that contains materials designed to reflect radio signals, or sheets of material designed for application either behind or on top of existing wall coverings. Both types of coverings can be expensive, and they require a considerable amount of work to install. Therefore, they might not be cost effective for your needs and budget constraints.
Narrow the Field
The third method of limiting wireless signals is limiting the direction in which your wireless antennas transmit signals. Nearly every AP sold today comes with omni-directional antennas. An omni-directional antenna broadcasts signals in a 360-degree pattern. The signal pattern looks like a toroid, which is similar to the shape of a donut. To modify an AP so that it broadcasts its signal in a specific direction (instead of every direction), you can either buy directional antennas or modify existing antennas by adding signal reflectors. Adding signal reflectors is undoubtedly the cheaper way to go, as you'll soon learn.
Reflectors cause a signal to travel primarily in the direction the reflector faces. So, for example, if you place an AP in the corner of a room and place reflectors behind the AP antennas, the radio signal will propagate out into the room and very little of the signal will propagate through the wall behind the antenna.
To capture information, a potential intruder needs to be within the path of the radio signal; by using a reflector, you can limit the area where the intruder must be to pick up your AP signals. Using reflectors not only prevents rogue intruders on the streets from accessing your data but can also be useful in buildings shared by many companies. You can use reflectors to limit your signals' propagation into neighboring office suites, thereby reducing potential security problems.
Designing efficient reflectors involves antenna-design engineering—a complicated process that requires considerable knowledge. It's safe to say that most network administrators don't have the right skills to design an efficient reflector. Fortunately, some network administrators who are well versed in radio and antenna design have made their reflector templates available online for anybody to use.
One such person is Michael Erskine, who offers reflector designs that users can retrofit to the omni-directional antennas that are standard equipment on most APs. Erskine's three designs—the Corner Reflector (http://www.freeantennas.com/projects/Ez-10), the Parabolic Reflector (http://www.freeantennas.com/projects/template2), and the Deep Dish Cylindrical Parabolic Reflector (http://www.freeantennas.com/projects/template)—throw an AP's output signal in a specific direction. All three reflectors both increase power in the direction of the signal and severely limit signal power behind the reflectors. Each reflector is incredibly easy to use: You simply construct the reflector and position it on your antenna.
A wonderful benefit of Erskine's designs is that you can make the reflectors yourself by using readily accessible parts that you probably have on hand or that you can obtain from your local grocery store or convenience store. You can make both the Corner Reflector and Parabolic Reflector from either a thin piece of cardboard, a thick piece of paper, or acetate (typically used for printing transparencies). You'll also need some household aluminum foil and glue, such as rubber cement. You can make the Deep Dish Cylindrical Parabolic Reflector (a variation of the Parabolic Reflector), from those same components, or you might consider using a Pringles potato chip can (which is already lined with foil), some wire screen, or a thin piece of flat flexible metal. If your AP has dual antennas, you can simply construct two reflectors and place one on each antenna. Templates are available at Erskine's Web site, so you can print them out to make sure you construct the designs in the proper proportions, which is crucial for optimum performance.
You might wonder what your signal patterns will look like if you use these reflector designs. Radio signals are invisible to the unaided eye, but an antenna-design software package can produce fascimile images that provide a good representation of the signal pattern. In Figures 1 and 2, the mesh is the reflector, the black line is the antenna, and the donut-shaped area is the signal pattern.
Figure 1 shows the signal pattern for both the Parabolic Reflector and the Deep Dish Cylindrical Parabolic Reflector, both of which produce very little signal behind the antenna. Figure 2 shows that the Corner Reflector produces a bit more signal behind the antenna than the other two reflector designs, but it's still an effective design.
These solutions are extremely cost effective. Commercial directional antennas can costs hundreds of dollars each, whereas these reflectors will cost you only pennies, plus a minimal amount of time to build.
Your best bet for limiting your wireless exposure is probably to combine reduced AP output power with the use of antenna reflectors to confine the signals to a limited area. Of course, none of these solutions eliminates the need for the usual wireless network security measures.