wireless by shitingting


									                          The 802.11 Wireless Standard and Virtual Private Networking

        Data communications involves a variety of technologies and physical as well as logical mediums

in business. Perhaps the fastest growing area of the technological arena in data communications is that

of the IEEE 802.3 (wired Ethernet) and 802.11 (wireless Ethernet) projects. There is a great deal of

interest in these projects because they allow just about anyone to develop a computer network,

something that I projected five years ago would catch on quickly when the components became less

expensive and more widely available.

        While traditional 802.3 Ethernet became widely used in households, especially those having

multiple PCs with a high-speed Internet connection, its popularity has been somewhat short-lived. The

reason is not because it is inferior to other technologies; quite the contrary, it’s very reliable, allows for a

large amount of bandwidth, and is highly secure. However, because of its extreme versatility and

continued innovation, 802.11 wireless technologies are an ever-growing part of the networking market.

An even more intriguing part of such a market is management of such devices and mediums associated

with 802.3 and 802.11 called VPN (Virtual Private Networking). These two technologies will be the main

focus of this lecture.

        The 802.11 standard of networking is a fairly recent innovation. Its first debut in the home

networking market occurred probably 2 to 3 years ago. Since then, it has become much less expensive,

refined, and targeted to those who have high-speed Internet connections. Home users who have PCs in

various locations enjoy it because it eliminates the need for 802.3 wired Ethernet lines to be run to

accommodate such a device. Additionally, home users with notebook PCs enjoy its benefits in the form

of the ability to roam freely about their residence while utilizing network resources and the Internet.

        However, as many organizations’ IT professionals will tell you, it is not a top priority unless

roaming wireless devices are a necessity for everyday business. In many colleges, it is used as a social

or academic tool that provides access to students who have wireless devices and wish to use them in

places other than computer labs. The two main advantages to its basic use in this context are that it is

accessible and secure as well as readily available and easy to use. Currently, King’s has wireless access

points to provide this access. Access points are special devices used to bridge wireless and wired

Ben Schultz                                                                                          Page 1 of 5
Ethernet connections. Therefore, it is essential to remember that most if not all of organizations that have

a wireless network also have some sort of wired Ethernet backbone.

           When discussing the 802.11 standard, it is important to remember that many substandards exist.

These are extensions of the 802.11 standard and are classified by the frequency they use and the range

they provide as well as primarily the method in which they encode a signal onto a medium. The most

common type is 802.11b, which operates on a 2.4 Ghz frequency and provides at maximum a 11.0

megabit connection for about 300 feet. The close second to 802.11b is 802.11g.

           This is second only to the “b” technology because it is fairly new although is becoming standard in

most if not all wireless devices. It also operates on a 2.4 Ghz frequency and can provide a much larger

coverage distance and a larger bandwidth of about 54 Mbps at its best. There is also a “super” or “turbo”

802.11g, which is a tweaked version of the standard 802.11g that is primarily done by manufacturers to

set their product apart. Interestingly, most tweaked 802.11g devices are brand-partial. That is, they will

only work in turbo mode with a device that is from the same manufacturer. For example, a turbo charged

PCMCIA card for a notebook PC from Gigabyte would only work with a turbo charged router from

Gigabyte. It probably won’t work with a turbo charged router from Netgear, Linksys, or DLink.

           A third and perhaps less widely accepted substandard of the 802.11 standard is 802.11a. It

utilizes a 5.8 Ghz frequency and provides a staggering coverage area and rivals the 802.11g frequency at

54 Mbps in standard mode as well as 108 Mbps in turbo mode. It does sound a lot like the 802.11g

standard, however, it is much more expensive. However, it is currently a less crowded frequency and

actually seems to be making a comeback, as I saw an advertisement from DLink that provides all three

standards in one device. That is, 802.11a, b, and g were contained standards in wireless PC cards and


           Perhaps the main determinant among adoption of the technologies in an organization is whether

it can control the standard that its users will utilize. For example, businesses prefer and use 802.11a

because it is less accepted among home users, setting them apart, and also because it is much more

reliable. 802.11g devices tend to fluctuate a lot in their signal strength and thus their bandwidth speed.

However, a business that issues devices can do so with one standard. A college campus, for example,

has a variety of students that use different standards based on when they buy equipment, how much

Ben Schultz                                                                                       Page 2 of 5
money they want to spend, as well as a standard’s availability. A college IT department probably couldn’t

adopt a standard of 802.11a because most users devices wouldn’t accommodate it. Primarily, home PC

sales involve a standard of 802.11b or g wireless standards.

        In understanding the uses of the 802.11 standard, it is important to reflect on the past statement

given in this lecture that indicated traditional 802.3 Ethernet’s strong security via encryption. It has been

said that the 802.11 technology of today is extremely unsecured. Open access generally rules because

of the difficulties and expenses associated with limiting access to an 802.11 device. Though open access

can be troublesome in that it usually doesn’t utilize encryption unless specified and is very susceptible to

hacking through specialized “sniffing software” to monitor internet traffic over 802.11 devices, it is the best

way to wirelessly connect at this time. Here’s why.

        King’s IT department explored many methods of restricting access to their wireless network at

King’s. The first was to possibly stop broadcasting the SSID (Service Set ID). The Service Set ID (SSID)

is a wireless network’s identifying name. Recently made access points broadcast the SSID so that users’

wishing to connect to the wireless network won’t need to know it. Traditional wireless PC and notebook

wireless PC cards will sense it and make a connection. This is more beneficial because of the

alternative. Not broadcasting SSID creates more difficulty in connecting to a wireless network and then

once a set of users knows the name of a SSID, they can easily tell others.

        However, there are advantages to the Service Set ID concept. For example, it has a specific

VLAN feature that limits users’ abilities to use specific network services. Having multiple SSIDs can allow

for different network privileges at different levels. System administrators can use a non-broadcasted

SSID to work with more functionality depending on their level of granted security.

        The second method to restricting access to the wireless network becomes the concept of access

lists. The trick is to only allow MAC (Medium Access Control) IDs (12-digit hexadecimal numbers that

identify a device, unique to each individual manufactured device) registered to an access list in the

access point to connect to the network. The access point will not allow access to those devices that do

not have registered MAC IDs to access the network. The device will not even “see” that the network

exists. Additionally, for distributed wireless networks, some CISCO system access points are able to

pass MAC ID lists to others on a wide LAN, much like server data replication. However, like the SSID

Ben Schultz                                                                                       Page 3 of 5
issue, it’s fairly easy to mimic someone else’s MAC ID through network sniffing software. MAC IDs in

notebook PCs can even be changed.

         The third option to securing the wireless access network at King’s is Wireless Equivalent Privacy

(WEP) Encryption. It’s similar to the encryption used by traditional 802.3 wired Ethernet networks.

However, the drawback to this idea is that it doesn’t prevent access to the network. And though it will

secure data sent through the network, it’s not very strong compared to 128-bit encryption. Additionally,

since it uses a private key, users must input a “key” to gain access to an access point. Finally, telling

people about such a key has the same effect as SSID being spread throughout an area by word of


         Perhaps the best option of securing the wireless network at King’s and providing more

functionality to its student user base without fear is through the use of VPN (Virtual Private Network)

technology. VPN is a protocol that opts to extend someone’s private network out over the Internet to a

remote location, only in a secure fashion. It’s comparable to a wired local area connection in that it sets

itself up on the user’s PC in much the same fashion. Currently, VPN is not only being considered for

closing the gaps in wireless security, but it is also being considered so that students may gain access to

network resources from outside of the King’s LAN.

         VPN logically works in a very simple manner. For example, in wireless, if all access points are

linked back to the same VLAN, the VLAN can be forced to pass through the VPN connection, which can

allow access to the Internet. If authenticate cannot be made to the VPN server, it won’t pass traffic from

such a device. Therefore, limits can be placed on who can use the wireless network because users must

login. Active Directory can be used to supply the login data. Additionally, VPNs set up a level of


         Insofar as keys are concerned, 802.1x contains a public key encryption mechanism that

broadcasts private keys so that a device that is 802.1x compliant, upon startup, will receive a key that will

form the encryption with no verbal communication between IT professionals and users. In this,

authentication is done. An access point itself is 802.1x compliant so it will reach out to active directory

and authenticate. And so, that seems to alleviate all of the previous issues, and clearly, VPN is a very

positive innovation. However there are two major drawbacks.

Ben Schultz                                                                                       Page 4 of 5
         The first drawback to VPN technology is possibly bandwidth due to overhead. The second, more

important problem is that devices must have client software that will utilize VPN technology and so

installation issues arise for users who don’t know much about technology. Issues over operating systems

arise from this problem. This includes every operating system. Microsoft Windows 2000 and XP have a

VPN technology client preinstalled, but it must be set up. Microsoft Windows 95, 98, 98 Second Edition,

Millennium Edition, and NT do not have such clients preinstalled because they were released before VPN

technology came into existence. However, King’s IT staff is working on a browser agent window is how

we’re trying to deal with this issue to make VPN easy to set up. “Connectoids” do this and provide

updates to VPN connections as well.

         The major point to this lecture is most apparently the great innovations provided by the 802.11

standard as well as its drawbacks and how they can be corrected. Based on the improvements made to

the standard already, it is probably safe to assume that eventually, the security and accessibility (or

prevention of) of the 802.11 standard will improve to at least that of the 802.3 standard. It is possible that

the 802.11 will replace the 802.3 standard, but that remains to be seen. The main idea in all of this is that

innovation mixed together with solid technological securities will ultimately lead to a better use of existing

and future devices that will provide a more robust method of encompassing newer and better standards

of living.

Ben Schultz                                                                                       Page 5 of 5

To top