In the past few years, 802.11b has become the de facto standard for wireless networking in corporations and even in homes. Several variations (e.g., 802.11a, 802.11g, 802.11i, 802.11x) provide higher bandwidth and, in theory, better security—still, warts and all, 802.11b is here to stay. Let's look at how 802.11b works and discover how to get the most from this technology while minimizing your security risks.

802.11b's Origins
Proprietary wireless networks have been around since the 1990s, and the IEEE 802.11 standard arrived in 1997 as a way to provide interoperability between wireless networking devices from different vendors. In some respects, 802.11 functionality represents a return to the original Ethernet design—Ethernet refers to broadcasting packets into the Ether, much like a radio station. Think of the original 10Base-2 coaxial cabling, in which all the adapters on an Ethernet LAN connected in parallel on one line. The 802.11b standard replaces that line with radio transmission in the license-free 2.4GHz radio band (802.11a uses the 5GHz band, and some dual-mode devices can use either band). Wireless network adapters within range of each other (i.e., up to 500 feet) can exchange data as if they shared a common cable, although link speeds decrease with weaker signal strength, which can be affected by walls, office furniture, or excessive distance between adapters.

Of course, the fact that no cable connects the devices has significant implications—wireless devices can and do move. They might start out of range of one another, move into range, and then back out of range. To accommodate this ever-changing connectivity, 802.11b includes error-checking features that go beyond those available in standard Ethernet. These features impose significant overhead. Although 802.11b devices are usually marketed as operating at 11Mbps, typical throughput speeds are on the order of 6Mbps or less depending on encryption settings and other factors.

Securing Your Wireless Network
Security is also a consideration in a wireless network. To provide a basic level of security, 802.11b includes the Wired Equivalent Privacy (WEP) encryption standard. WEP initially supported 64-bit keys (sometimes called 40-bit because 24 bits are used for an unencrypted Initialization Vector), but most devices now support 128-bit (sometimes called 104-bit for the same reason) or 256-bit keys. Unfortunately, WEP has garnered a lot of attention lately as a result of successful attacks on the encryption standard. Weaknesses in the 802.11b implementation of WEP encryption make it possible for a sophisticated hacker to use off-the-shelf desktop PCs to launch a brute-force attack that cracks the encryption in a matter of hours. However, I believe the real security risks in 802.11b networks arise when the people who set them up don't bother to enable any security.

Most 802.11b networks are designed to be discoverable—after all, if you're trying to add a device to the network, you'd like to have some idea whether the settings are correct. Browsing tools built into the OS (such as the Windows XP tool that Figure 1, page 32, shows) or provided by the wireless network vendor let the user look for a wireless network. The 802.11b equivalent to a conventional Ethernet subnet are an ad hoc network (i.e., peer-to-peer—P2P—with compatible wireless cards) and an infrastructure network (i.e., networking with a wireless Access Point—AP), both of which consist of devices that share common settings. The most fundamental shared setting is the Extended Service Set Identifier (ESSID)—a 32-character identifier (also known as a network name) that uniquely identifies each wireless network, which is used when browsing for a network to connect with.

Just remember, if you don't provide encryption, you're wide open to hacking. You might have read about "war drivers," those hackers who add homemade high-gain antennas to wireless network cards in notebook PCs, park outside corporate buildings or campuses, and amuse themselves by looking at all the unencrypted traffic going by. I've even seen one report of a hacker war-driving from a small airplane.

The instructions provided with most wireless network devices tell you to disable encryption when you first connect a device, and that's certainly appropriate when you set up a new wireless AP. But after you configure your wireless device, no reason exists to leave it wide open.

WEP isn't perfect, but by using it, you make a hacker's life more difficult, which might encourage the hacker to move on to a softer target. Still, a sophisticated technician bent on industrial espionage could eavesdrop on the signal with appropriate radio equipment, record a long string of packets, and subject them to an offline brute-force decryption attack, trying different WEP keys until the packets become readable. For this reason, 802.11b with WEP is banned at high-security government installations; however, as we go to press, the National Security Agency (NSA) has approved a variant of 802.11b that uses a special encryption protocol (details are available at http://www.govcomm
.harris.com/secure-comm).

For business use, you can combine 802.11b with VPN technology to achieve relatively high security—Microsoft does this at its Redmond campus. All 802.11b wireless APs in Redmond reside outside Microsoft's corporate firewall and are considered insecure. The company uses a VPN to let users access resources inside the firewall. The VPN provides data encryption and authentication of a user's access rights when the connection is established. I recommend that you combine a VPN with WEP unless you explicitly want to provide a public Internet gateway from a particular wireless AP.

Familiarizing Yourself with 802.11b
As with any technology, your initial exposure to 802.11b can be confusing, in part because of the plethora of unfamiliar terms you'll encounter. I've already mentioned a few; others include

  • Authentication—This value refers to the security used between a wireless AP and wireless network cards. You can use either Open-System Authentication or Shared-Key Authentication. Low-end consumer systems typically use Shared-Key Authentication with WEP; high-end systems might require additional security options. Unless you deliberately set up a public AP for everyone to use, you should specify Shared-Key Authentication and an appropriate form of encryption.
  • Basic Service Set Identifier (BSSID)—The BSSID is the media access control (MAC) address of a wireless network card or wireless AP.
  • Channel Number—In the United States, 802.11b uses 11 channels in the 2.4GHz-band spectrum. Although each channel is 30MHz wide, the center frequencies are spaced only 5MHz apart. As a result, the only channels guaranteed not to interfere with each other are 1, 6, and 11. As a practical matter, you need to use the same channel only when all your wireless devices share an ESSID. In a large, multi-ESSID installation, you should use different channels on adjacent networks to minimize interference.
  • Encryption—The specific form of Shared-Key Authentication that WEP uses in a particular 802.11b network is known as encryption. Generally, this value is set to 64-bit, 128-bit, or disabled. Using 128-bit or higher encryption will make life more difficult for hackers.
  • Fragmentation Threshold—This value sets the maximum size of a wireless packet—larger packets are broken up and transmitted as separate fragments. Typically, you'll want to leave this value set to the factory default, but setting it to a smaller number (around 500 bytes) can improve performance on congested networks.
  • MAC Address FilteringOn some wireless APs, you can specify the addresses of the network cards on your subnet as an additional security feature. Figure 2 shows an example of a wireless access filter list. However, be aware that sophisticated hackers can spoof a MAC address, which defeats this technique.
  • Operating Mode—You can configure the Operating Mode for either an ad hoc network or an infrastructure network. The price of wireless APs is so low these days that the infrastructure mode has become practically universal, even in home networks. However, two notebook or Tablet PC users can still rely on ad hoc mode to exchange files on the road while they're away from a wireless AP.
  • Rate—Some 802.11b devices let you specify a target data transfer rate, typically 1Mbps, 2Mbps, 5.5Mbps, or 11Mbps, or set the rate to automatic (in which case the device sets the highest rate that will provide reliable connectivity). Manually setting a fixed rate can be helpful when addressing a weak signal.
  • RTS Threshold—This value sets the packet size that will trigger Request-to-Send/Clear-to-Send handshaking on an 802.11 network. RTS Threshold is usually disabled by default but might help improve throughput on a wireless network with many clients, some of which might be hidden from each other part of the time.

I've focused on 802.11b in this column because it's by far the most common variant of the 802.11 standard, but several recent developments are worth mentioning. For example, 802.11a is experiencing a resurgence. This older 5GHz standard combined with a new technology called Orthogonal Frequency Division Multiplexing (OFDM) provides higher wireless data transfer rates. Another standard, 802.11g, also uses OFDM to increase throughput in the same 2.4GHz band that 802.11b uses. Several companies offer dual-band devices that can take advantage of an 802.11a connection if it's present, but will fall back to 802.11b when necessary. New standards, including 802.11i and 802.11x, will offer better security (although the security implementations are vendor-dependent and will likely remain so until the IEEE finalizes the 802.11i standard sometime later this year). For more information about 802.11b, see "Related Articles in Previous Issues" or visit the following Web sites:

  • Microsoft's Wi-Fi Page
    http://www.microsoft.com/windows2000/technologies/communications/wifi/default.asp
  • Wi-Fi Alliance Site
    http://www.wi-fi.org
  • 802.11 Planet
    http://www.80211-planet.com
Related Articles in Previous Issues
You can obtain the following articles from Windows & .NET Magazine's Web site at http://www.winnetmag.com.

SHON HARRIS
"802.11 Security Shortcomings," December 2001, InstantDoc ID 22934
TOM IWANSKI
Buyer's Guide, "802.11 Wireless Devices," July 2001, InstantDoc ID 21146
MICHAEL OTEY
"Change Is in the Air," September 2002, InstantDoc ID 25969
MARK WEITZ
"802.11 Wireless LANs" January 2002 Web Exclusive, InstantDoc ID 23322