Wireless FAQ
General FAQ
Advanced FAQ
Security FAQ
Basic FAQ
1. What is a Wireless LAN ?
Wireless LANs provide all the functionality of
wired LANs, without the need for physical connections (wires). Data is
modulated onto a radio frequency carrier and transmitted through the ether.
Typical bit-rates are 11Mbps and 54Mbps, although in practice data throughput
is half of this. Wireless LANs can be formed simply by equipping PC's with wireless NICs. If
connectivity to a wired LAN is required an Access Point (AP) is used as a
bridging device. AP's are typically located close to the centre of the wireless
client population.
2. What are the advantages of Wireless LANs ?
a. Mobility:
Wireless LAN systems can provide LAN users with access to real-time information
anywhere in their organization. This mobility supports productivity and service
opportunities not possible with wired networks.
b. Installation Speed and Simplicity:
Installing a wireless LAN system can be fast and easy and can eliminate the
need to pull cable through walls and ceilings.
c. Installation Flexibility:
Wireless technology allows the network to go where wire cannot go.
d. Reduced Cost-of-Ownership:
While the initial investment required for wireless LAN hardware can be higher
than the cost of wired LAN hardware, overall installation expenses and
life-cycle costs can be significantly lower. Long-term cost benef
e.
Scalability:
Wireless LAN systems can be configured in a variety of topologies to meet the
needs of specific applications and installations. Configurations are easily
changed and range from peer-to-peer networks suitable for a small number of
users to full infrastructure networks of thousands of users that enable roaming
over a broad area.
3. What are the disadvantages of Wireless LANs ?
The speed of Wireless LAN is still relative slower
than wired LAN. The most popular wired LAN is operated in 100Mbps, which is
almost 10 times of that of Wireless LAN (10Mbps). A faster wired LAN standard
(1000Mbps), which is 100 times faster, becomes popular as well. The setup cost
of Wireless LAN is relative high because the equipment cost including access
point and PCMCIA Wireless LAN card is higher than hubs and CAT 5 cables.
4. Where can you find wireless 802.11 networks ?
Airports,
hotels, and even coffee shops like Starbucks are deploying 802.11 networks so
people can wirelessly browse the Internet with their laptops. As these types of
networks increase, this will create additional security risk for the remote
user if not properly protected.
5. What is an Access Point?
The AP (access point also known as a base station) is the wireless server that
with an antenna and a wired Ethernet connection that broadcasts information
using radio signals. AP
typically act as a bridge for the clients. It can pass
information to wireless LAN cards that have been installed in computers or
laptops allowing those computers to connect to the campus network and the
Internet without wires.
6. What is IEEE 802.11?
The IEEE 802.11 is a wireless LAN industry
standard, and the objective of IEEE 802.11 is to make sure that different
manufactures' wireless LAN devices can communicate to each other.802.11 provides 1 or 2 Mbps transmission in the
2.4 GHz ISM band using either FHSS or DSSS.
7. What is 802.11b?
802.11b is the
first revision of 802.11 standard allowing data rates up to 11Mbps in the
2.4GHz ISM band. Also known as 802.11 High-Rate and Wi-Fi. 802.11b only uses DSSS,
the maximum speed of 11Mbps has fallbacks to 5.5, 2 and 1Mbps.
8. How fast is 802.11b?
The IEEE 802.11b
standard has a nominal speed of 11 megab
9. What is 802.11a?
802.11a the second revision of 802.11 that operates in the unlicensed 5 GHz
band and allows transmission rates of up to 54Mbps. 802.11a uses OFDM (orthogonal
frequency division multiplexing) as opposed to FHSS or DSSS. Higher data rates
are possible by combining channels. Due to higher frequency, range is less than
lower frequency systems (i.e., 802.11b and 802.11g) and can increase the cost
of the overall solution because a greater number of access points may be
required. 802.11a is not directly compatible with 802.11b or 802.11g networks.
In other words, a user equipped with an 802.11b or 802.11g radio card will not
be able to interface directly to an 802.11a access point. Multi-mode NICs will solve this problem.
10. What is 802.11g?
802.11g is an extension to 802.11b.
802.11g increases 802.11b's data rates to 54 Mbps and still utilise
the the 2.4 GHz ISM. Modulation is based upon
OFDM (orthogonal frequency division multiplexing) technology. An 802.11b radio
card will interface directly with an 802.11g access point (and vice versa) at
11 Mbps or lower depending on range. The range at 54 Mbps is less than for
802.11b operating at 11 Mbps.
11. Is it possible to use products from a variety of
vendors?
Yes. As long as the
products comply to the same IEEE 802.11 standard. The Wi-Fi logo is used to define 802.11b compatible products.
Wi-Fi5 is a compatibility standard for 802.11a products running in the 5GHz band.
12. What is Wi-Fi?
The Wi-Fi logo signifies that a product is
interoperable with wireless networking equipment from other vendors. A Wi-Fi logo product has been tested and certified by the
Wireless Ethernet Compatibility Alliance (WECA). The Socket Wireless LAN Card
is Wi-Fi certified, and that means that it will work
(interoperate) with any brand of Access Point that is also Wi-Fi
certified.
13. What types of devices use the 2.4GHz Band?
Various spread spectrum radio communication applications use the 2.4 GHz
band. This includes WLAN systems (not necessarily of the type IEEE 802.11b), cordless phones, wireless medical
telemetry equipment and Bluetooth™ short-range wireless applications,
which include connecting printers to computers and connecting modems or
hands-free k
14. Does the 802.11 interfere with Bluetooth
devices?
Any time devices are operated in the same frequency band,
there is the potential for interference.
Both the 802.11b and Bluetooth devices occupy the
same2.4-to-2.483-GHz unlicensed frequency range-the same band. But a Bluetooth
device would not interfere with other 802.11 devices much more than another
802.11 device would interefere. While more collisions
are possible with the introduction of a Bluetooth device, they are also
possible with the introduction of another 802.11 device, or a new 2.4 GHz
cordless phone for that matter. But, BlueTooth
devices are usually low-power, so the effects that a Bluetooth device may have
on an 802.11 network, if any, aren't far-reaching.
15. Can radio signals pass through walls?
Transmitting through a wall is possible depending upon the material used in
16. What are potential
factors that may causes interference among WLAN products?
Factors
of interference:
1. Obstacles: walls, ceilings, furniture… etc.
2. Building Materials: metal door, aluminum studs.
3. Electrical devices: microwaves, monitors, electric motors.
Solution :
1.Minimizing the number of walls and ceilings
2.Antenna is positioned for best reception
3.Keep WLAN products away from electrical devices, eg:
microwaves, monitors, electric motors,…, etc.
4. Add additional APs if necessary.
17. What's the difference
between a WLAN and a WWAN?
WLANs are generally privately owned,
wireless systems that are deployed in a corporation, warehouse, hospital, or
educational campus setting. Data rates are high and there are no per-packet
charges for data transmission.
WWANs are generally publicly shared data networks designed
to provide coverage in metropolitan areas and along traffic corridors. WWANs are owned by a service provider or carrier. Data
rates are low and charges are based on usage. Specialized applications are
characteristically designed around short, burst messaging.
Advanced FAQ
1. What is Ad Hoc mode ?
A wireless
network consists of a number of stations without access points without using an
access point or any connection to a wired network.
2. What is Infrastructure mode?
Infrastructure
mode implies connectivity to a wired communications infrastructure. If
such connectivity is required the Access Points must be used to connect to the
wired LAN backbone. Wireless clients have their configurations set for
"infrastructure mode" in order to utilize access points relaying.
3. How many Access Points are required in a given
area?
This depends
on the surrounding terrain, the diameter of the client population, and the
number of clients. If an area is large with dispersed pockets of populations
then extension points can be used for extend coverage.
4. What is
Direct-Sequence Spread Spectrum Technology – (DSSS)?
DSSS spreads
5. What is
Frequency-hopping Spread Spectrum Technology – (FHSS)?
FHSS uses a narrowband carrier which hops through a predefined sequence of
several frequencies at a specific rate. This avoids problems with fixed channel
narrowband noise and simple jamming. Both transmitter and receiver must
have their hopping sequences synchronized to create the effect of a single
"logical channel". To an unsynchronised
receivers an FHSS transmission appears to be short-duration impulse
noise. 802.11 may use FHSS or DSSS.
6. Do I need the same kind of antenna on both sides
of a link?
No. Provided the antenna is optimally designed for 2.4GHz or 5GHz operation.
WLAN NICs often include an internal antenna which may
provide sufficient reception.
7. Why the 2.4 GHz Frequency range?
This frequency range
has been set aside by the FCC, and is generally labeled the ISM band. A few
years ago Apple and several other large corporations requested that the FCC
allow the development of wireless networks within this frequency range. What we
have today is a protocol and system that allows for unlicensed use of radios
within a prescribed power level. The ISM band is populated by Industrial,
Scientific and Medical devices that are all low power devices, but can
interfere with each other.
8. What is Server Set ID (SSID)?
SSID is a
configurable identification that allows clients to communicate to the appropriate
base station. With proper configuration, only clients that are configured with
the same SSID can communicate with base stations having the same SSID. SSID
from a security point of view acts as a simple single shared password between
base stations and clients.
9. What is an ESSID?
ESSID stands for
Extended Service Set Identifier and identifies the wireless LAN. The ESSID of
the mobile device must match the ESSID of the AP to communicate with the AP.
The ESSID is a 32-character maximum string and is case-sensitive.
Security FAQ
1. How do I secure the
data across an Access Point's radio link?
Enable Wired
Equivalency Protocol (WEP) to encrypt the payload of packets sent across a
radio link.
2. What is WEP?
Wired Equivalent Privacy. WEP is a security mechanism defined within the
802.11 standard and designed to make the security of the wireless medium equal
to that of a cable (wire). WEP data encryption was designed to prevent
access to the network by "intruders" and to prevent the capture of
wireless LAN traffic through eavesdropping. WEP allows the administrator
to define a set of respective "Keys" for each wireless network user
based on a "Key String" passed through the WEP encryption algorithm.
Access is denied by anyone who does not have an assigned key. WEP comes in
40/64-bit and 128-bit encryption key lengths. Note, WEP has shown to have
fundamental flaws in
3. What is a WEP key?
A WEP key is a user defined string of characters used to encrypt and decrypt
data.
4. Will
128-bit WEP communicate with 64-bit WEP?
No. 128-bit WEP will
not communicate with 64-bit WEP. Although 128 bit WEP also uses a 24 bit
Initialization Vector, but it uses a 104 bit as secret key. Users need to use
the same encryption level in order to make a connection.
5. Can the SSID be encrypted?
WEP, the
encryption standard for 802.11, only encrypts the data packets not the 802.11 management
packets and the SSID is in the beacon and probe management messages. The SSID
is not encrypted if WEP is turned on. The SSID goes over the air in clear text.
This makes obtaining the SSID easy by sniffing 802.11
wireless traffic.
6. By turning off the broadcast of SSID, can someone
still sniff the SSID?
Many APs by default have broadcasting the SSID turned on. Sniffers typically will find the SSID in the broadcast
beacon packets. Turning off the broadcast of SSID in the beacon message (a
common practice) does not prevent getting the SSID; since the SSID is sent in
the clear in the probe message when a client associates to an AP, a sniffer just has to wait for a valid user to associate to
the network to see the SSID.
7. What are
Insertion Attacks?
The insertion
attacks are based on placing unauthorized devices on the wireless network
without going through a security process and review.
8. What is Wireless Sniffer?
An attacker can
sniff and capture legitimate traffic. Many of the sniffer
tools for Ethernet are based on capturing the first part of the connection
session, where the data would typically include the username and password. An
intruder can masquerade as that user by using this captured information. An
intruder who monitors the wireless network can apply this same attack principle
on the wireless.
9. What is the difference between Open System and
Shared Key of Authentication Type?
Open System:
The default authentication service that simply
announces the desire to associate with another station or access point. A
station can authenticate with any other station or access point using open
system authentication if the receiving station designates open system
authentication.
Share Key:
The optional authentication that involves a more rigorous exchange of
frames, ensuring that the requesting station is authentic. For a station to use
shared key authentication, it must implement WEP.
10. What is 802.1x?
IEEE 802.1x Port-Based Network Access Control
is an IEEE (
11.
What is the difference between force-authorized, force-unauthorized and auto?
force-authorized—disables 802.1X and causes the
port to transition to the authorized state without any authentication exchange
required. The port transm
force-unauthorized—causes
the port to remain in the unauthorized state, ignoring all attempts by the
client to authenticate. The switch cannot provide authentication services to
the client through the interface.
auto—enables
802.1X and causes the port to begin in the unauthorized state, allowing only
EAPOL frames to be sent and received through the port. The authentication
process begins when the link state of the port transitions from down to up, or
when an EAPOL-start frame is received. The switch requests the identity of the
client and begins relaying authentication messages between the client and the
authentication server. Each client attempting to access the network is uniquely
identified by the switch by using the client's MAC address.
12. What is AAA?
AAA is the acronym for Authentication, Authorization,
and Accounting and refers to the idea of managing subscribers by controlling
their access to the network, verifying that they are who they say they are (via
login name and password or MAC address) and accounting for their network usage.
13. What is RADIUS?
RADIUS stands for Remote Authentication Dial-In User
Service. RADIUS is a standard that has been implemented into several software
packages and networking devices. It allows user information to be sent to a
central database running on a RADIUS Server, where it is verified. RADIUS also
provides a mechanism for accounting.
WPA is
designed for use with an 802.1X authentication server, which distributes
different keys to each user. The Wi-Fi Alliance calls the pre-shared key
version WPA-Personal or WPA2-Personal and the 802.1X
authentication version WPA-Enterprise
or WPA2-Enterprise.
The
cyclic redundancy check (CRC) used in WEP is inherently insecure. A more secure
message authentication code (usually known as a MAC, but here termed a MIC for "Message Integrity
Code") is used in WPA, an algorithm named "Michael". The MIC
used in WPA includes a frame counter, which prevents replay attacks being
executed; this was another weakness in WEP.
Data
is encrypted using the RC4 stream cipher, with a 128-bit key and a 48-bit
initialization vector (IV). WPA uses Temporal Key Integrity Protocol (TKIP),
which dynamically changes keys as the system is used. When combined with the
much larger IV to defeat the well-known key recovery attacks on WEP.
WPA2
is the certified form of IEEE 802.11i tested by the Wi-Fi Alliance. WPA2
implements the mandatory elements of 802.11i. In particular, the Michael
algorithm is replaced by a message authentication code, CCMP, that is
considered fully secure and RC4 is replaced by AES.
All contents copyright © 2006 ZyXEL Communications Corporation.