Number 251 - April 2004
Zero to Wireless
by David Williams
North Texas PC NEWS, October 2003
   Mobility is the element that wins football games, soccer games and now computer driven ground wars. Going from zero to wireless is plugging a wireless access point onto your network.

   Setup has come to the point that most basic installations work after a few minutes of "Can you see me now, Can you SEE ME NOW?"

   Many applications have no noticeable performance loss over wireless but security is where you lose by most default setups. The same setup that makes it so easy for you to win the flrst "Can you see me now game" is also the same for a wandering hacker.

   The problem begins when you plug in and don't bother or don't know (how) to change the values set at the factory. The levels of security vary with equipment but all share channels and SSID's. The Service Set Identifier or SSID is a 32 character identifier used as a password for wireless LANs or WLAN's, to use the acronym. Every WLAN and those with access must use the same SSID which in itself is a security hole. How many times does everyone use the same password? In WLAN's the SSID is actually broadcast every few seconds in plain text. Search for NetStumbler software if you want to see how easy it is to get on someone's network.

   This common SSID issue applies to every vendor equally and is the downside of having a standard where equipment interoperates with other competing vendors. There are complete encyclopedias of the default SSID and administration access information. See January Texas Technology article "War Driving."

   Hopefully, the equipment you bought allows for turning off default broadcasting the SSID. This does help but the SSID can still be sniffed in the packets going from station to station.
   Turning on WEP encryption is the next security precaution to implement and just slows down but does not prevent your network from being breached. If someone wants on your network and has the patience WEB encryption can be decoded Generate your own WEP keys in any case. This will be explained in your equipment documentation.

   Look for the ability to limit access by MAC address. The MAC address is a unique hardware identifier for every network card and does provide a much higher level of denial for you. It is worth the time to set this up especially if your environment is reasonably small and you aren't using consultants to get up and going.

   Moving up the security ladder is EAP (Extensible Authentication Protocol) authentication but not all WLAN access points support this, especially in the lowest price range. EAP helps administrators with the issue of WEP keys. Since the basic access points require manually assigning and changing the keys, security is improved as EAP dynamically changes WEP keys and uses an authentication database, e.g. RADIUS before permitting a user to utilize the WLAN for other services. EAP opens the door for more security using token cards, certificate exchange etc.

   This is more for large corporations with hefty budgets. If you haven't bought wireless yet ask about support for internal EAP authentication and be sure your access device has upgradeable antennas using BNC style connectors.

   It is possible to secure your wireless network and does require a little planning. By combining the WLAN security features of a quality access point or wireless router you can make it difficult if not essentially impossible to breach your network. "Can you see me now?"
  Number 251 - April 2004