Reading List

Informative
The Raw Feed

Humorous
This is True
Shark Tank

News Junkie
Fark.Com
Slashdot
Digg
Wired News
New Scientist
Newsvine

My Notes..

My Chess Games
Wireless Networking
NextGen Secure Computing Base
P2P File Sharing

My Thanks..

LS Blogs
Blogarama

Please read disclaimer at bottom

Rich's Notes on.....

Wireless Networking

What it consists of:

Normal configurations consist of an access point (WAP) and wireless cards to connect to the access point. This is referred to as an Infrastructure configuration.
Wireless cards come in a variety of flavors, PCMCIA for laptops, PCI for desktops and USB for flexible use. USB 1.1 normally comes in the slower speed 802.11b flavor (see protocols below).
10Mb/sec is about the same speed as you get from regular Ethernet. Comparitively, the Internet connection of Cox Communications cable modem service is 5 Mb/sec, so if you're only using the wireless to give you a connection to your broadband connection point and do limited file and printer sharing in your home, 802.11b speeds are adequate.
Wireless LAN technology operates in the 2.4Ghz (except for a) unlicensed spectrum. This could cause potentially cause interference with 2.4Ghz devices such as cordless telephone technologies.

Wireless Protocols

802.11a - 54 Mb/sec - 5 Ghz radio spectrum - 150 ft line-of-sight
802.11b - 11 Mb/sec - estimated range 300 feet line-of-sight
802.11g - 54 Mb/sec* - backward compatible with 802.11b - same range

MIMO - Added antennas, smart antenna powering for better range, less interference with other devices.

*Vendors offer doubling technology that will get you to 108 Mb/sec with matching card/access point vendors. For example, Dlink offer Extreme-G for 802.11g product lines.
802.11a is dead due to no backward compatibility with 802.11b access points, and limited range.
Range seems to be a factor of the radio spectrum being used. To provide for double the frequency with the same power requirements, you end up with less amplitude in the resultant transmission, meaning quicker drop off/range.

Wireless Security Options

MAC Filtering - basically configuring the access point to only accept packets from specific wireless cards. Since the MAC address is something that can be configured in most cards' drivers, this option provides only cursory protection by itself. However, together with a secure implementation of WPA, it could provide additional protection for paranoid administrators.
SSID broadcast - turning off the broadcast of your wireless SSID can make it harder for a hacker ONLY if you're encrypting traffic. If you're doing this securely (WPA), turning off SSID will provide a paranoid level of protection. Leaving SSID broadcasts on may help some dumb clients connect to the proper LAN. (Windows XP)
WEP - Wireless Encryption Protocol - WEP-64, WEP-128 and WEP-256 are available - The WEP protocol provides for encrypted data transmission. However, the following faults exist in the protocol that weaken its implementations greatly, allowing knowlegeable hackers to decrypt traffic:

• key length issue - The uniqueness of the 64-bit encryption key is only 40 bits, WEP128 is only 104 bits
• traffic analysis - The repetitive nature of the underlying protocols (think headers) provides enough cleartext clues to bruteforce the keys
• unchanging keys - WEP does not change its keys on schedules allowing a large amount of traffic using same keys for cryptanalysis
• limited key choice - most keys are entered not in raw form, but are established through a passphrase hash, which provides inadequate entropy to fill the field of available keys.
• easily available cryptanalysis tools make WEP all but useless against a targeted hack attack.

WPA - WiFi Protected Access - uses a mixture of WEP encryption and TKIP (Temporal Key Interchange Protocol) to change its keys on a scheduled basis. Should be implemented by itself to be truly functional, not mixed with WEP implementation. Mixed implementations continue to use single keys for broadcast packets to ensure WEP clients receive packets. By implementing ONLY WPA, temporal keys are used to encrypt broadcast packets, and only WPA subscribers will be able to decrypt them. Passphrase generation of WPA keys may still be done, but passphrases longer than 20 characters should be chosen and should combine symbols and characters to protect against dictionary attacks and provide adequate entropy for the passphrase hash algorithm.
802.1x Authentication - Authentication of a client can be based on a shared secret or a secure login process to a Radius server. Implementing WPA requires an authentication of clients (so they may obtain the temporal keys), but only geeks and Enterprise networks will have Radius servers set up on the back end.

Disclaimer:

The accuracy of the data in these notes, while not considerably suspect, are based upon my own, personal comprehension of the research and facts that I have done. Their truth is not guaranteed, your results may vary, and I may just be completely wrong.....though I doubt it.