Network security remains at the top of everyone’s list these days, especially in wireless networking. When setting security, for example, it is easy to get dragged down some path where each way you go turns into a can of worms. It is hard to catch the worms and stuff them back into the can before they burrow their way into the ground or your system! Besides, worms are getting expensive! This time we will look to clear the air by reviewing the definitions of common wireless-related products, procedure, and protocols.
Wireless or wireless local area networks (WLANs) refer to a broad range of networks that use radio to connect to the network instead of wires. Wireless fidelity (Wi-Fi) refers to a specific type of WLAN that uses specifications within the IEEE802.11 group of standards (802.11b).
802 identifies the group of standards from the Institute of Electrical and Electronics Engineers (IEEE) for local area networks (LANs) and metropolitan area networks (MANs). Each subcommittee is known as a working group or a technical advisory group. 802.3, for example, is the subcommittee for Ethernet. Beneath the subcommittee there can be a “subsubcommittee” called the task group. For example, 802.15.1 is the task group for Bluetooth.
802.11 are the wireless protocols as defined by the IEEE subcommittee and are what OEMs align with. The original spec of 802.11 supported a 1- or 2-Mbps data rate connection on a 2.4GHz RF carrier. The system used either direct sequence spread spectrum (DSSS) modulation techniques or a technique called frequency hopping spread spectrum (FHSS). Each bit to be transmitted is broken into 11 pieces or chips where each chip is broadcast at a slightly different frequency—hence, “spread spectrum.” 802.11a also applies to WLANs, allowing data rates up to 54 Mbps in the 5GHz band using an orthogonal frequency division multiplexing, or OFDM, modulation scheme.
802.11a also stipulates different transmitting power levels allocated to different bands near the carrier. 802.11b is called “high-rate,” or Wi-Fi, that runs at an 11Mbps rate using only DSSS. It was designed in the late 1990s to be more compatible in performance to the wired Ethernet 10BASET1 standard that runs at 10Mbps. The term Wi-Fi was created by an organization called the Wi-Fi Alliance, which oversees tests that certify product interoperability. A product that passes the alliance tests is given the label “Wi-Fi certified” (a registered trademark).
802.11g for WLANs provides 54Mbps at 2.4GHz. Finally, 802.11n also applies to WLANs operating at either 2.4GHz or 5GHz and by using four spatial streams can get data rates to 600Mbps. Spatial streaming refers to the multiple-input multiple-output (MIMO) technique of multiplexing four (typically) RF spaces simultaneously. It refers to carving out a piece (or space) of the channel—it is the spaces that are called spatial streams. These are only the five most popular of the many 802 subcommittees working on a number of new and tweaking a number of old protocols.
There are known security issues with wireless and Wi-Fi. Unsecured networks are everywhere. Hackers employ wardriving—the term used for driving around business parks looking for Wi-Fi networks with little or no security employed. In terms of security, keep in mind the typical Wi-Fi to access point can have a range of up to 300 feet. With a range extender or signal booster, you can easily extend that by another 50 feet.
There are steps you can take to safeguard your Wi-Fi networks. Be sure to employ all the security features you have available. You will find that most adaptors have these as standard features. The most obvious is the use of the service set identifier (SSID). The SSID identifies the WLAN and all that are on that network must use the SSID as part of their packet headers. If you do not know the SSID, you cannot join that network. Most wireless adaptors are defaulted to broadcast that they are available using their SSID. The wireless adaptor is the device that converts wireless to wired LANs. The best adaptors are the type requiring a direct connection to be configured rather than remotely via the wireless communication. The first step in security is to disable these SSID broadcasts on each adaptor, helping to keep you invisible to intruders. If you must use the wireless connection to configure the adaptor, make sure you are using an encrypted connection.
Media access control (MAC) filtering can also help. MAC contains the LAN address of the device. This is where the Ethernet address resides. MAC filtering is simply creating a list of the MAC addresses that are allowed to be a part of the network. If you are not on this list, forget about it, you cannot gain access. As the network grows, maintaining this list can get tedious, but is a method available if needed.
The next step is to enable encryption. The first on the scene and part of the 802.11 set of standards was Wired Equivalent Privacy (WEP). The WEP method—whether using 40-bit or 128-bit encryption—was found fairly easy to crack. If you are bound to use WEP, make sure it is 128-bit encryption and that it is used with as many other security steps as you can. The idea is to have an encryption code or set of keys that the sender uses to encrypt the transmitted data. WEP uses static keys or keys that do not change. The recipient uses the same set of keys to decrypt the data sent. The keys are used to scramble and unscramble the data in the encryption algorithm. The recipient first checks the message to be sure it can unencrypt the data. If it cannot, it simply throws the packet away to make sure this unknown data does not get any further. Hackers have been known to sit in the parking lots of large retailers capturing WEP-encoded data and cracking it to make off with thousands of credit card numbers before being found out.
To resolve some of the now well-known issues with WEP, Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) were created (IEEE 802.11i). WPA comes in two types: one designed for personal use and the other for enterprise use. The personal version uses the concept of a pre-shared key (PSK), in which everyone on the network knows the key or passphrase used to encrypt the data stream. Called WPA Personal or WPA-PSK, it uses a 128-bit RC4 stream cipher with a 48-bit initialization vector (IV). Whew—sounds heavy, man. However, like any password, the passphrase is only as secure as it is “strong.” In other words, make it as long as you can using upper and lower case letters, numbers, and symbols (like ^ or &). Do not use common phrases or words from the dictionary without scrambling them first.
The WPA Enterprise uses an authentication server to manage the keys between the wireless devices on the network. WPA uses the Temporal Key Integrity Protocol (TKIP), which changes 128-bit keys dynamically as the system is used. The idea is that by the time the hacker figures out the key, it has been changed. This combination of TKIP and the IV make it much more protective than the older WEP. WPA2 goes to a 256-bit key and adds a slew of other security features to make it even more robust. One part of that is to use the Advanced Encryption Standard (AES), replacing TKIP. There is also a utility known as Michael that is a method used for authentication coding utilized in WPA, which prevents replay attacks by using a frame counter. All of this results in reducing the number of packets sent with related keys, bigger keys, and IVs, and a secure message system that is harder to crack.
All in all, a wireless system can be easy to crack into unless you deploy all possible security options and enhancements that are waiting to be turned on. Go for the gold—use the maximum security available to you. Most new devices have WPA2 available—use it! We have only scratched the surface in that there are more ways to secure a wireless network. Check out EAP, LEAP, and PEAP, for example. These are versions of the Extensible Authentication Protocols offering protection by separating the message from the authentication process. An investment into making your Wi-Fi deployments as secure as possible is well worth your time! Use the concepts presented here as a baseline to get started in protecting your Wi-Fi installation.
Jeff Kabachinski, MS-T, BS-ETE, MCNE, has more than 20 years of experience as an organizational development and training professional. He is the director of technical development for Aramark Healthcare Technologies in Charlotte, NC. For more information, contact .
- 10BASET = 10: 10Mbps BASE: baseband operation (no carrier) T: Twisted pair. This twisted pair standard also states 100m maximum wire length (~328′).
Check out the entire list of 802 subcommittees to get an idea of current activity at the IEEE: www.ieee802.org/11/QuickGuide_IEEE_802_WG_and_Activities.htm