Docstoc

Guide to Wireless Networking

Document Sample
Guide to Wireless Networking Powered By Docstoc
					 Guide to Setting Up
 a Wireless Network




                           DirectSupport Programme
                                           ruralnet|uk

                            National Rural Enterprise Centre
                       Stoneleigh Park, Warwickshire CV8 2RR, UK

                         Tel: 0845 1300 411 Fax: 0845 1300 433

                                  Web: www.ruralnetuk.org
                  ruralnet|uk is a registered rural regeneration charity (1089238)

RNUK Ltd is a wholly owned trading subsidiary of ruralnet|uk working in urban and rural regeneration
                                   (Company Number 4275701)
                                              Contents
1.     Purpose of this Guide ................................................................................2

2.     What is a Wireless Network? ......................................................................3

3.     Wireless Network standards .......................................................................4

4.     A Typical Network ....................................................................................7

5.     Wireless Network Components ...................................................................9

6.     Networks, the Internet and TCP/IP............................................................ 12

7.     Planning Your Network ............................................................................ 14

8.     Setting up your Wireless Network ............................................................. 20

9.     Wireless Network Security ....................................................................... 22

Appendix 1 Setting up your computer to use DHCP.............................................. 26

Appendix 2 How to find the MAC address of a personal computer .......................... 32

Glossary of Terms and Acronyms ...................................................................... 36
                       1. Purpose of this Guide
This guide has been commissioned by the Department for Education and Skills, in
partnership with NIACE (National Institute of Adult and Continuing Education), to
support those working with wireless networks for Adult and Community Learning.
It has been written by the DirectSupport initiative, which has been supporting UK
online centres, Wireless Outreach Projects, and similar Community ICT access
programmes, since 2000. DirectSupport is run by the charity ruralnet|uk,
together with other community development partners.

The guide is for learning practitioners, and their support staff, who are
considering the installation of a new wireless network or want to understand the
implications in extending an existing network by using wireless components. It
offers information to tutors and community development practioners, who may
work in outreach venues, in learning access centres, or in small organisations.
Those who may not have a technical team on call, and require simple DIY
guidance on how to set up a small network of computers to share files, printers
and connect to an existing Internet connection, will find this guide helpful.

It sets out to explain the basic principles behind wireless networking, the different
standards available and the components needed to set up the network. It also
discusses how to add a wireless segment to an existing network constructed
using cables or wires – a wired network. It covers configuring the network,
setting up network security and basic troubleshooting. The guide assumes a basic
understanding of computer networking, but is not intended as a comprehensive
guide to network design, management or support

Readers from organisations which have a network maintained by their own
technical support staff should obtain advice from these staff before connecting
wireless components to the existing network.
                     2. What is a Wireless Network?
For many years, it has been possible to connect two or more computers together
using cables, so that computer users can exchange and store files, share printers,
share an Internet connection or other common resources. If you were to get a
wired network installed today, it would most likely be constructed using ‘Category
5’ cable, which is designed to carry network signals at speeds of 10 Mbps1 or 100
Mbps for distances of up to 100m between devices on the network. Which speed
is used will depend on the network devices available, but most 100 Mbps devices
can also work at 10 Mbps.2 Higher speed network devices and cables are
available, but these are normally used to connect servers or data storage devices
together rather than office computers.

Wireless networking is a technology that enables the cabling that connects each
computer to the network to be replaced by a specially coded wireless signal.
When fitted with a wireless network card, a computer can exchange data with
other similarly equipped computers nearby without the need to be plugged into a
network point, forming a wireless network. Since the wireless network uses the
same protocols and addressing schemes as a wired network, the two types of
network can be freely mixed.

Like a wired network, a wireless network is neutral to the operating systems used
by the computers on the network. Whether you are a PC user, a Mac user or a
Linux user you will be able to wireless network if you install the appropriate
wireless card in your computer or laptop.

In the last two or three years, low cost wireless components have produced a
number of ways of connecting computers together wirelessly. These networks are
growing in popularity with many organisations because they offer low purchase
costs, almost no installation costs and they allow wireless equipped computers to
be freely moved around the room, the building or even outside.

Wireless networks can be easily assembled with only basic knowledge of
computers and networking. Most wireless components are built with their own
software or firmware that will make them work “out of the box”, so for many
users it has simply been a matter of install and go. However, this deceptive ease
of use hides a number of pitfalls to do with differing standards, physical
limitations with wireless signals, and security issues. These pitfalls can make
setting up or extending a wireless network a nightmare if the issues are not
considered before the components are purchased.




1
    Megabits per second – a measure of data transfer speed.
2
 These are maximum rated speeds – actual speeds achieved may be as little as 30 to 40%
of the rated speed.
                  3. Wireless Network standards
Whilst this is not intended to be a technical document, it is important to
understand that a number of different wireless network standards are available.
These standards were established by the IEEE (Institution of Electrical and
Electronic Engineers) and are commonly called the 802.11x standards, as there
are presently three different ones in use: 802.11a, 802.11b, 802.11g.3 The
differences are categorized by how fast data can be transmitted between devices,
how far they can be apart, what radio frequency they use and whether they will
work with the other standards. The table below shows the basic differences
between the standards.


Standards Compared

                                                                       Compatible
    Standard      Speeds up to      Frequency     Typical Range
                                                                       Standards

               11Mbps     54Mbps                 Outdoors/Indoors

    802.11a       ✓         ✓          5 GHz        23 m / 8 m         802.11a only


    802.11b       ✓                   2.4 GHz       50 m / 20 m        802.11b only


    802.11g       ✓         ✓         2.4 GHz       50 m / 20 m     802.11g and 802.11b




Looking at the above table, you might ask why anyone would want to use the
802.11a, as 802.11g would appear to be superior in both range and compatibility.
The answer is that the frequency used by 802.11a makes it less susceptible to RF
interference (electrical noise from motors or other electrical devices) than the
other standards. So, it would work better – for example - in a manufacturing
environment such as a factory. Also, the way that 802.11a wireless devices
encode the signal is better for multimedia voice, video and large-image
applications in densely populated user environments. The future of 802.11b is
less certain as it offers less than the a or g standard, so it is likely to be retained
for ‘backwards compatibility’ in networks where existing b standard components
are in use.

There is also a standard called WI-FI. This is not an electrical standard like the
IEEE 802.11x standards described above; it is a standard agreed by a number of
manufacturers to ensure compliance between their wireless systems. To obtain
WI-FI Certification, manufacturers must submit a sample product for testing to
see if it will work correctly with other WI-FI compliant devices. If the sample
product passes the test, then the product can be certified for use with other WI-FI
devices and can be sold with this accreditation. Note that the testing will be
against other devices using the same 802.11 standard so although it is possible
to obtain a WI-FI compliant 802.11a device, this will not work with a WI-FI
compliant 802.11b or 802.11g device. However, it is expected that WI-FI certified




3
 There are a number of new standards in development, such as 802.11n and WIMAX, but
as these are not yet fully ratified, they are not covered in this guide.
devices that use the same standard (802.11a, b or g) should work together
successfully.


How far can the network go?
Unlike a wired network, whose characteristics are easy to predict, the physical
environment around them noticeably affects wireless networks. As the signal
travels away from the aerial on a wireless device, the power is dispersed so that
after a certain distance there is too little power to be detected by the receiving
device. Outdoors, in a space where there are no trees, buildings or other large
objects, the signal will deteriorate evenly in all directions above ground (including
upwards). The only factor that can reduce the distance is the weather; during rain
or fog the maximum distance at which the network functions may be reduced, as
the moisture in the air absorbs the radiated energy. A heavy rainstorm may be
enough to temporarily disable the network in some situations.

Indoors there are a large number of obstructions such as furniture, walls, floors
and ceilings. The wireless signal is absorbed by some materials and reflected by
others. This often gives dead spots in the area covered by the access point where
no wireless reception is possible. Sometimes there are ‘freak’ areas where
reception is possible beyond the normal range of the access point. Some wireless
devices are also affected by interference from other high frequency devices like
microwave cookers, which may give rise to errors or a complete loss of the
network for a period of time. Unfortunately, wireless networking is not an exact
science and the positioning of wireless devices may require some fine-tuning to
get them working reliably.

There is a basic trade-off between the speed of the wireless network and the
distance that the signal travels – the higher the speed the less distance the signal
will travel. The table below shows a comparison of speeds and distances. The
speeds indicated are typical of those available in wireless networks. By default,
wireless devices are set to run at their highest available speed.



                      SPEED           OUTDOOR            INDOOR


                      54 Mbps         50m (165ft)       20m (65ft)


                      18 Mbps        150m (490ft)      60m (195ft)


                      11 Mbps        180m (590ft)      75m (245ft)


                      1 Mbps         570m (1870ft)     125m (410ft)




The distances are indicative only in clear air and will vary for different
manufacturers and situations. If you are using these as a basis for planning a
wireless network, then take the figures above as a best case and try to keep
distances between devices less than those shown in the table.

If the distances between the wireless devices are large, close to the maximum
tabled above, the network speed can be manually reduced to a lower speed than
the maximum. This results in better reliability at a distance, but at a loss of speed
across the whole of the network.
However, if you run a mixed network with 802.11g (54 Mbps) and 802.11b (11
Mbps), then the network will work at the lowest speed everywhere, in this case
11 Mbps.


How many computers can share the network?
Whether wired or wireless, all networks have a maximum rate at which data can
move through the network. If the network has only one pair of computers
connected to it, one computer can send data to the other using the maximum
data rate of the network. If a second pair of computers are connected and
exchange data at the same time as the first pair, then they share the maximum
data rate with those computers. As more computers are added to the network,
then they too get a share of the maximum data rate. From the computer user’s
perspective, data exchange will get slower as more computers are added.

In practice, most computer users are surfing the internet, collecting e-mail,
saving a file to the server, or sending prints to a network printer, all of which are
much more variable in the way they make demands on the network. So, quite
often, users will not be aware of the presence of the other computers.

So how many computers can run on the network? A good rule of thumb is to
assume that each computer – running the above sorts of things – will use about 2
mbps of the available bandwidth of the network. For example, the bandwidth of
an 802.11b network is nominally 11Mbps maximum, so dividing this by 2 will
suggest you could connect 5 computers and expect a reasonable performance.
Using the same rule of thumb, an 802.11g or 802.11a network, nominally 54
Mbps maximum, would probably support up to 25 computers. It must be
emphasized that these are only rough figures, and assume that the maximum
data rate can be achieved in each type of network. As mentioned previously, as
distance increases, the maximum available bandwidth falls, and this should be
taken into consideration when applying the above rule of thumb.

So, if an 802.11b network was running at extended distances and was manually
configured to run at 5.5 Mbps to increase reliability, our rule of thumb would
suggest that this network would support only two to three computers, rather than
the 5 that it would support at maximum speed.
                         4. A Typical Network
The diagram below illustrates a typical network which might be found in an office
or learning environment.




                           Diagram of a typical network


In a typical small office environment, there will be a mixture of desktop and
laptop computers – these are illustrated on the left of the diagram. Each
computer needs a network card installed in it; depending on the type of card, this
could be a wireless or a wired connection.

Through this card, the computers connect to a hub, a device that manages the
flow of data between the computers in the network. All the network data between
computers, the Internet and any other devices on this network will flow though
this hub.

A shared network printer and a file server may also be connected to the hub, to
provide shared services for the network. Servers are usually connected to the hub
by wire, not wirelessly, as the wired connection can provide greater throughput
between the server and the rest of the network than any current wireless
connection can.

A DHCP server may also be included in the network. This server can automatically
provide a unique address to any device connected to the network; this address is
necessary for successful networking.

To provide a connection to the Internet, a number of devices are required.

       1. A firewall – a device that can block ‘bad’ or ‘unwanted’ data that has
          originated from the Internet. It can control which computers may use
          the Internet and also which Internet services can be accessed – for
          example the firewall could block e-mail going to or coming from a
          particular computer on the Local Area Network (LAN), prevent users
           connecting to a specific website, or block access from the Internet for
           all services except e-mail and web browsing. Whilst it is possible to
           make an Internet connection without the use of a firewall, this is
           definitely not recommended.

       2. A router – this is a device which joins the LAN and the Internet
          networks together. It looks at data on one network to see if it is
          intended for the other network and will pass it onto the other network
          if it is destined for that network.

       3. A modem - this is the device that encodes and decodes data onto the
          telephone line (if using ADSL) or onto the cable (if using cable). It also
          provides a means of initiating and maintaining the connection and also
          identifying the user of the connection to the ISP (Internet Services
          Provider)

Note that the file server is NOT part of this Internet Connection, and it is not a
pre-requisite. A file server on the LAN can provide local security or extended local
services such as file, print and a local mail host, but does not have to be the
route through which Internet services are provided to the users’ computers,
whether connected by wireless or otherwise.

The above diagram shows the devices needed to provide a basic secure small
network and to connect it to the Internet. These do not need to be discrete units
though; for small networks with relatively low traffic demands, it is quite feasible
to provide a single box which integrates the functions of the router, firewall,
DHCP server and even the hub into a single unit. These single units, although not
flexible enough to manage large numbers of computers on the local area network,
provide a satisfactory solution for small implementations of say 5 to 20 computer
users.

Within the local area network, wired and wireless solutions are now common, and
manufacturers offer both wired and wireless versions of all of the main
networking components needed. These and less sophisticated devices are
described in the next section.
                5. Wireless Network Components
Wired and wireless networks use the same basic types of components to build the
network.


Wireless Network Cards
Each computer that needs to be connected to the network requires a network
card to be installed in it.

In a desktop computer, the card is usually installed inside the computer, most
commonly in one of the PCI expansion slots that are common in tower or desktop
PC configurations. On a wireless card, a short aerial, about 10cm (4 inches)
protrudes outside the computer and can be swiveled about to receive the best
signal.




    Wireless card for a PCI Expansion Slot              Wireless card for a PCMCIA Slot



In a laptop computer, the card would most likely be installed in one of the
PCMCIA slots in the side of the laptop. On a wireless card, about 2cm (3/4 inch)
of the card protrudes beyond the slot to act as the aerial. On Apple Macintosh
computers, the Airport card is installed inside the computer and is not obvious
from the outside.




                             A wireless card which connects to
                                         a USB port

A third possibility is to connect the card via a USB cable to the computer. In this
case, the aerial will be on the card, which can be placed anywhere that the USB
cable will allow it, which could be up to 5 metres (16 feet 4 inches) from the
computer. The card is powered though the USB cable, so no additional power
supply will be required.

The wireless card will come with installation software; as well as providing a
means of controlling the card and establishing the network, the software usually
provides some sort of visual indication of signal strength, so that aerial or card
position can be adjusted to obtain the best signal.
Wireless Access Point
Most existing computer networks are based on the use of network cables (wires)
that plug into sockets on the wall. The wires behind these sockets are routed
back to a central location where they are plugged into a hub, either directly or via
a patch panel. (Patch panels are used to provide greater flexibility when
configuring or reconfiguring the physical connections in the network). The hub is
a box with (commonly) 4, 8, 16 or 32 sockets on it; in order to communicate on
the network each computer’s network card will have to be connected to one of
the sockets on the hub. When all the sockets on the hub are used, no more
computers can be attached. To overcome this limitation, most wired hubs can be
‘cascaded’ together so when all the sockets on one hub have been used, a second
hub can be connected to make more sockets available. Of course, these extra
sockets would require cabling between them and the computers; installing these
is a costly and often disruptive operation.

The wireless alternative to the hub is a wireless access point (WAP). When the
WAP is powered on, it will be the point of communication for the wireless cards in
each of the computers that are configured to connect to it. Any wireless enabled
computer that works with the same or a compatible wireless standard can then
be configured to link up with this wireless access point. If the access point is
linked to an existing hub which offers shared services such as file, print and
Internet connections, then these can be made immediately available to the
wireless computer. All that is required is software configuration - no manipulation
or installation of wires.




                                A wireless access point

It is not necessary to connect the wireless access point to a wired network for the
wireless part of the network to function, although this may require manual
configuration of IP addresses on each wireless card. When a wireless network
uses a wireless access point, it is configured in infrastructure mode.


Wireless Broadband Routers




                             A Wireless Broadband Router
For many community access or learning situations, a requirement is that the
network is connected to the Internet. As discussed earlier, a connection to the
Internet can be established with a router, firewall and an ADSL modem. A
number of manufacturers provide these in a single unit, and also include a small
wired hub with – for example – four ports, so that both wired and wireless
devices can join a local network.

In addition, such broadband routers can be set up to offer DHCP services to the
local network and include a basic firewall, so a complete local network with a
shared Internet connection can be established with this single unit.

When choosing a broadband wireless router, do look carefully at the specification
of the unit to determine what it contains, as different manufacturers offer
different configurations. Many broadband routers do NOT include the ADSL
modem, so if your ISP does not provide this, you will have to provide it as a
separate device. If you are using an ISP which provides Internet via cable, do
ensure that any router with a built-in modem can support a cable connection.


Wireless Bridges




                                   A Wireless Bridge

A wireless bridge is a way of joining two remote LANs together wirelessly. A
typical application might be where you have two LANs in separate buildings and
you would like to join these together without the need to run a cable between the
buildings.

A wireless bridge is required on each LAN, and the two bridges need to be within
wireless range of each other. The range of a wireless bridge is usually slightly
greater than a wireless access point, typically 350m for an 802.11g device, due to
the design of the aerial. Wireless bridges are usually designed so that a large
aerial, which can be mounted outdoors for maximizing range, can replace the rod
aerial normally fitted. It is also possible to replace the omni-directional rod aerial
with a directional dish aerial, and this can increase the bridging distance to
distances of several miles when the antennae are correctly installed and
configured.

Wireless bridges are not normally required in a small installation, but are
mentioned here because they may be relevant to some installations.
            6. Networks, the Internet and TCP/IP
In order to be recognized on the Internet, a computing device must have a
unique address, so that exchanges between devices on the Internet can be
properly managed. Each device is therefore provided with an Internet Protocol
(IP) address that is unique to the device and also determines which other devices
it can communicate with.


IP Addresses
Every computer connected to a network (wired or wireless) needs a unique
address to enable data to be sent to it. To enable networks to be connected
together (such as through the worldwide web) an internationally recognised
Internet Protocol (IP) address format has been defined. Rather like a postcode or
telephone number, the IP address pinpoints the precise location of the computing
device in the network. IP addresses are made up of four groups of 3-digit
numbers separated by dots: for example 192.168.123.115. The number in each
group can take a value between 0 and 255. In theory, this method of addressing
would allow up to more than 4 thousand million individual addresses. To make
this easier to manage, these individual addresses are subdivided into different
classes or address spaces, but how and where these are used is beyond the scope
of this guide and for most purposes is irrelevant when setting up a small network.
All that normally matters is to understand that the first three groups are fixed for
your local network and that only the last group will vary. This means that you can
have up to 256 devices on your network, wired or wireless, although it is not
recommended that you have this many in a practical network situation.

If you have two networks with different IP addresses – in other words one or
more of the first three groups are different, then you need a router to pass data
between these two networks. This means that if more than one computer is to
share your Internet connection, a router is needed between the Internet and your
two computers to enable this to happen. The router may be a real box with wires
coming out of it, or could be software running on a computer. In this guide, we
will only discuss routers as the former – boxes with wires coming out of them;
other ways of doing this task are beyond the scope of this guide.

As noted earlier, every computer on the Internet must have a unique address, so
the usage of these addresses is carefully controlled by an organisation called the
InterNIC. InterNIC records who has been authorised to use specific addresses and
which addresses have not yet been allocated. Most Internet users will directly or
indirectly get their Internet connection though an Internet Service Provider (ISP).
The ISP will have paid to obtain a block of Internet addresses, that can be offered
to their customers for ongoing connection to the Internet. Obtaining these
addresses and retaining them on an annual basis is an expensive option for an
ISP, so ISPs will normally try on make optimum use of their IP addresses.

If the computer has to be connected to the Internet at all times (e.g. a mail or
web server) then it is usually provided with a STATIC IP address by the ISP – this
means that the ISP does not allow anyone else to use that address. Computers
that do not need to be connected at all times (e.g. for web browsing, collecting
mail) are usually provided with a DYNAMIC IP address from a pool of available
addresses that the ISP provides. If there are, for example, 50 addresses in the
pool, then as each user connects he will be allocated the next available address
from the pool. When he disconnects, the address he was using becomes available
again for use by another user. The ISP usually offers these addresses on a
contention basis: for example, if he has 1000 subscribers and 50 addresses in the
pool, he is offering a 20 to 1 contention ratio. If he puts 200 addresses in the
pool, he is offering a 5 to 1 contention ratio, so a user will be much more likely to
obtain a connection.


Automatically providing IP addresses – DHCP
Before a node (e.g. a computer, WAP or file server) can connect to a network it
needs to be allocated its own unique IP address. In a small network of static PCs
this can be done manually since the IP addresses rarely need to be changed.
However, in a larger network or one in which laptops or other portable devices
are used, changes need to be made frequently: new equipment needs to be
configured, IP addresses for obsolete equipment need to be re-allocated, and
temporary IP addresses need to be provided for “visiting” laptops. DHCP
(Dynamic Host Configuration Protocol) provides an automatic mechanism for
allocating IP addresses and configuring individual nodes.


NAT
With the widespread introduction of broadband, it is unlikely that a single
computer will actually use the maximum throughput of the Internet connection.
Allowing a number of computers to share a single broadband connection is both
cost-effective and also allows a number of computers to share a single IP address
on the Internet. A common method of address sharing is called Network Address
Translation (NAT), which allows several networked PCs to share an Internet
account using a single IP address.
The router or gateway computer that manages the Internet connection usually
performs Network Address Translation. NAT provides a way of tagging a request
to the Internet from a user’s computer so it can then replace the address of the
user’s computer with the single address assigned by the ISP for the Internet
connection. So from the Internet viewpoint, all requests for information appear to
come from one single address and all responses are sent back to that single
address, and all the computers on the LAN then share that single connection. The
NAT system manages these requests and uses the tagging so that the data
returning from the Internet is sent back to the computer that requested it.

This scheme offers the additional benefit of firewall-like protection because the
addresses of computers on the LAN are not visible to the Internet through the
translated connection, so a hacker on the Internet cannot find the individual
computers on the LAN to attack them.
The NAT system will normally come with a preset range of IP addresses that are
available for use by the computers on the LAN. Typically these addresses will be
in a range such as
       192.168.0.0 - 192.168.255.255
This address can normally be changed to a different address range if required;
however unless there is a good reason to alter this default address range, there
should be no need to alter it.
                     7. Planning Your Network

The Layout
A wireless network is much more versatile than a wired network. As long as
computers are within range of the wireless hub, they can join onto the network.
There are many possible configurations that you may wish to set up in your own
situation. Some basic structures – with their pros and cons – are illustrated
below.


Simple Ad-Hoc Network



                                                           192 168.1.2

           192.168.1.1




                                                         192.168.1.3




This is possibly the simplest way to network two or more computers together. Each
computer is set up with a wireless card, which is configured to work in ad-hoc mode.

In this mode the computers can communicate directly with each other to share files
or printers and other resources – such as an Internet connection – which are
connected to individual computers. The main advantage of this type of network is
that you only require an inexpensive wireless card in each computer to get this
working.

The disadvantage is that you will have to set up all the wireless cards in each
computer manually; the cards do not automatically configure themselves into ad hoc
mode. It will also be necessary to provide a valid and unique IP address for each
card; for example, 192.168.1.2 and 192.168.1.3. In addition, this kind of network
cannot easily be extended to include wired devices such as network printers or file
servers. If file sharing or printer sharing is required, then this will have to be
provided though one or more of the computers on the ad hoc network, which will –
of course – make these computers run more slowly.
Adding to a wired Network




This is perhaps the most common way of establishing a wireless network. A wireless
access point (WAP) is connected to the existing wired network, and then offers a
wireless network segment to suitably equipped computers. The wireless equipped
computers can then access the file server in the same way as the wired computer
can.

The disadvantage of adding a wireless segment to the network is that all traffic to
and from the wireless segment has to travel down the single wired connection. If
many wireless computers are connected into the wireless segment of the network
and they require constant service from the file server in the wired segment, the
network may slow noticeably for the wireless users.

To configure this network, you would need to do the following, after turning on the
Wireless Access Point:

Configure each wireless card to work in Infrastructure mode.

Configure each wireless card to log onto the Wireless Access Point by default.

Configure the IP address of the wireless card to suit the IP address range of the
network or – if DHCP is available from the existing wired network - configure for
DHCP addressing.
Wireless Only Network
In this configuration all the user computers are connected wirelessly via a wireless
router.

The router provides support for wireless access, but also provides an internal router
and an ADSL or cable modem so it can be directly connected to the telephone or
cable. Most routers of this sort will also provide a firewall, DHCP services and NAT for
the LAN, which can be used if these services are not available from one of the
servers in the local network. Some routers also provide a small number of wired
ports so that servers, network printers and similar devices that require a permanent
and fast connection can be attached to the network.

In a situation where there is no existing hub or router, we recommend using just a
wireless router as this will provide all the necessary facilities. (The alternative is to
build the necessary facilities using a hub, a firewall, a simple router, and ADSL or
cable modem).

To configure this network, you would need to carry out the following:

Configure each wireless card to work in Infrastructure mode.

Configure each wireless card to log onto the Wireless Router by default.

Configure the IP address of the wireless card to suit the IP address range of the
network or – if DHCP is available from the existing wired network - configure for
DHCP addressing. The IP addresses of the server and printer should be provided
manually to complement the DHCP configuration.

Configure the router to connect to the Internet, according to the requirements of
your Internet Service Provider. This may involve configuring the router and
associated modem with appropriate settings for the ADSL service; these details will
be available from your ISP.
Extended wireless network




This configuration is appropriate where the physical area in which the computers are
located is large, such that some computers might be out of range of a single Wireless
Access Point. In this case, a second wireless access point is placed within range of
the wireless router, and is configured to relay the signals from that router to the
remote computers, thus extending the physical range of the network. It is often a
way of improving the quality of a wireless network where local conditions such as
internal walls, fixed metal equipment and so on have conspired to produce weak
signals or dead spots in areas that might otherwise have been expected to work.
Placing the second access point where it can relay the signals from the first access
point will boost the overall signal in the areas where signal reception was poor.

The ability to extend the range of a wireless network is not a ‘standard’ feature of
the 802.11 wireless specifications; it is something that has been introduced by a
number of manufacturers as a feature of their product. It is therefore recommended
that, if you plan to implement this sort of network, products that are specified to
work in this fashion be obtained from the same manufacturer. Configuring the
network will be done according to the manufacturer’s instructions.

Some manufacturers support ‘roaming’ in wireless networks with multiple access
points. This is best understood by examining the diagram below:
In this configuration, two wireless access points are connected to a single hub
through wired connections. A file server and a network printer might also be
available, and the network could connect to the Internet if required. The wireless
access points are located some way apart, and their signal coverage may or may not
overlap.

A user with a laptop computer is working at a location that is covered by wireless
access point 1, on the left of the diagram. He then moves his laptop to a location
covered by wireless access point 2. With the two wireless access points configured
for ‘roaming’, the user will be able to continue to work at the second location without
having to change the settings on his wireless card – the ‘roaming’ feature
automatically handles this for him. If the signals from the two wireless access points
actually overlap, it might even be possible for him to work whilst moving from one
location to the other, as long as he did not stray out of range of the signal from
either access point; the switch from access point 1 to 2 would take place without his
intervention.
             8. Setting up your Wireless Network
To make setting up your wireless network as simple as possible, we recommend
that you set up the wireless access point or router first, and then set up the
wireless cards in the computers that are to attach to the network.


Setting up the Wireless Access Point
Should you be setting up a broadband router that includes a wireless access
point, the following information is also relevant.

The Wireless Access Point (WAP) should be located indoors, and away from any
large metal structures such as filing cabinets, metal shelves or reinforced glass
that contains wire mesh. It should not be located close to reinforced concrete
pillars or beams, or other metal structural items such as water tanks. Such items
can cause reflection or obstruction of the wireless signal, reducing the
effectiveness of the network.

The WAP can be plugged into an ordinary domestic power socket and can be
switched off when not required. It will take a few seconds to power up and
provide the wireless network facility. Don’t switch on any of the computers with
wireless cards until you have set up the WAP.

The WAP should be now be configured to your requirements. You should consult
the instructions to see exactly how this should be done. Most WAPs and routers
can be set up by connecting a PC to them. Usually, you can connect a PC to the
WAP using a standard patch cable: the sort of cable normally used to connect a
PC to a network wall socket. It may be convenient to locate the WAP temporarily
alongside the PC while you are doing this. Once you have carried out the basic
configuration, you can relocate the WAP to its final location as discussed earlier.

We recommend that you change the default name of the network to something
different from that set by the manufacturer. We recommend that the name you
choose should consist of letters and numbers (no punctuation) and should be
eight or more characters long. Note this name down for use when configuring the
wireless cards in your computers.

You should also change the administrative password to something other than that
set by the manufacturer. Please note the new password down. If the new
password is lost, it will require a full reset to the WAP, which loses all settings.

You should also set up network security as discussed in the next section.

Once the wireless router has been set up, you can set up the wireless cards.


Setting up Wireless Cards
If your computer came preconfigured with a wireless card, you should be able to
skip to the next step. However, we do recommend that you read any information
provided with the wireless card before starting to configure it.

Before installing any wireless cards, whether internal or using a USB or similar
connection, you must consult the instruction manual provided with the card and
follow the appropriate installation sequence. Please observe any instructions
about anti-static procedures for handling the card when you install it, and also on
taking your computer apart and re-assembling it.
In some cases, it is necessary to install software on the computer before the card
is installed or attached. Other cards may have to be installed first, or may require
some reconfiguration on the computer before installation. It is recommended that
you check your operating system and version before starting, and check the
manufacturer’s instructions.

If the installation procedure fails, then ensure that you are following the process
as described for your computer’s operating system exactly. If you haven’t
followed it correctly, we recommend that you remove the wireless card from the
computer, and also remove the software from the computer, using the usual
Windows uninstall processes.


Configuring your Wireless Cards
Once the card has been installed, and the WAP is running, you can now configure
the network card. Follow the manufacturer’s instructions on how to do this as it
may ask you to use the manufacturer’s software rather than the standard
Windows software provided for the purpose. Using these, you should be able to
set up a standard network connection in your operating system. This should show
in the networks panel as a wireless card – although there may be other
connections present too.

Use the network name and security settings that you have decided on for your
wireless network and configured earlier. Once you have applied these settings,
the wireless card should be able to ‘see’ the WAP. Most software has some sort of
indicator for the signal strength, and as long as this is showing 60% of maximum
or greater, your wireless card should be able to attach itself to the WAP. If signal
strength is lower than 50%, then you may have problems. Altering the position of
the aerial on the wireless card, moving the computer or even removing any
metallic object locally can help. Computer workstations that are made of metal
are not the friendliest supporters of wireless networks!

If there is a DHCP server in your network, then you should be able to set up your
wireless card to get itself an address automatically – see appendix 1. If you have
to set the card with a manual address, you need to use an address that fits in
with your IP addressing scheme. If you don’t know what this should be, see your
network administrator.

Once you have completed the configuration process, check it works by seeing if
you can access the Internet through your browser. Try bringing up your favourite
website – if this works, then you have successfully configured your wireless card!
                    9. Wireless Network Security

Implementing Security
In a wired network, physical access to the network is required to gain access to it
– in other words you have to plug a computer into a network socket before you
can use it. In a wireless network, no such barrier exists; you merely have to be
within range of a wireless access point with a suitable wireless card to be able to
connect. Thus it is quite possible that an unauthorized person standing outside a
building, with a wireless enabled laptop computer, could establish a connection to
your wireless access point without your knowledge.

Fortunately, wireless networks have security features built into them, so it is
possible to reconfigure a wireless network to make it much more secure.
Unfortunately, wireless network equipment usually ships with all security features
turned OFF, so these MUST be turned ON to gain any degree of security.

There are three main security mechanisms available on a wireless network.


Configure ‘Closed Mode’
Wireless access points will ship in ‘Open Mode’ with a preset name for the
network that it is supporting. This means that as soon as the access point is
turned on, it starts broadcasting ‘beacon’ packets which tell any other wireless
device in the area that it is available for connection and this is its Service
Identifier Name (SSID) – for example ‘tsunami’. A Windows XP computer which
has a wireless card installed will automatically go into detect mode if it is turned
on; if it receives a beacon packet, it will use the SSID information to attempt to
set up a connection to that access point. Although this makes it very easy to set
up a wireless network, it also means that anyone with a wireless card could
connect to the access point.

If the system is reconfigured into ‘Closed Mode’, then the access point no longer
broadcasts beacon packets. In this mode, the SSID information has to be entered
into the configuration of the wireless card so it can send the necessary connection
request to the wireless access point and establish a connection. However, it is
also advisable to change the name of the network to something other than the
preset name. This preset name is publicly available in the user manuals that
come with the access point, so the hackers know it too.

Unfortunately, the SSID information can be discovered by a determined hacker
with the right software on a wireless-equipped computer, so activating closed
mode does not make things completely secure.


Set up MAC Filtering
Whether for wired or wireless use, every network card has a MAC address, a
unique address that is allocated to each card during manufacture. It provides a
way of identifying that network card independently of any other identity it may
have. The MAC address of a network card will look something like this: 00-0E-3A-
5C-69-35. This information is transmitted with every packet sent between a
computer and the wireless access point.

Wireless access points can be configured so they check the MAC address in each
transmitted packet against a table of ‘allowed’ addresses – this is termed ‘MAC
filtering’. If the MAC address isn’t in this table then the packet is ignored and the
sending computer will receive no response; therefore it cannot access the
wireless network. To allow a computer to access a network where MAC filtering is
active, it is necessary to determine the MAC address of the computer’s wireless
card and manually add it to the list of allowed addresses stored in the wireless
access point.

To find the MAC address of a computer, see appendix 1.


Does MAC filtering make the network secure?
Unfortunately, the packets of data sent to the wireless access point contain the
MAC address of the originating computer. A determined hacker using specialized
software could ‘catch’ the packets going across the network on his own computer,
record them and examine them to reveal this address. He could then use
software to falsify the MAC address of his own wireless card so that it appeared to
contain a valid MAC address that is listed in the Mac Filtering table. The wireless
access point sees it as a valid address and then the hacker can connect to the
network. So, by itself, MAC filtering is not sufficient to protect your network from
a determined hacker.


Enabling WEP
WEP, Wireless Encryption Protocol, adds encryption to the wireless network. This
means that data sent across the wireless network is no longer in a readable
format whilst in transit, but is decoded back into a readable form by the receiving
device. Thus, if a data packet is ‘caught’ whilst in transit, the data in the packet is
encoded and thus unreadable. A hacker can no longer replace the MAC address
unless he knows how to decode the original address correctly.

WEP provides a significant improvement in security, but it is by no means perfect.
In the UK, a 48-digit key is used to encrypt the data. Whilst the thought of
working out the correct 48 digits might seem highly unlikely, this is not difficult
with a fast computer, so the encryption is considered ‘crackable’ if one is
determined enough. The way that the data is encrypted is public knowledge, and
modern computers are consider fast enough to ‘crack’ the encoding simply by
going through every possible combination until the answer is found – a 48 digit
key could be ‘cracked’ in a few hours.

Enabling WEP does have one disadvantage: since the network packets are now
encrypted, they take time to encode and decode so the network will run slower
than if WEP is disabled.


Some security is a must
For a small network environment, enabling all these three features (closed mode.
MAC filtering and WEP) should give adequate security. Not enabling any of these
features leaves your network open to abuse and misuse and is not recommended.

Changing the security settings is usually achieved through a web browser on a
computer connected wirelessly (or sometimes directly) to the wireless access
point.

Instructions on how to do this will be in the manual that comes with the wireless
access point. The manual will tell you the factory-set IP address of the wireless
access point (for example 192.168.1.1), and you should enter this into the
address field of your browser. Usually you will be then prompted for a user name
and a password (the manual will give you the factory settings for these) and you
should then see something like the display below.




                                                                 SSID Name of this
                                                                Wireless access point



                                                                    Disable the
                                                               transmission of beacon
                                                                      packets




                                                                Use WEP encryption




Depending on the manufacturer of your router, your browser display may be
different from this.

The highlighted area shows the security features discussed previously. The SSID
name of this access point is scr1b3s. Beacon packets are disabled (SSID
broadcast is set to Disable) and WEP is turned on (Mandatory).

It is often necessary to restart the router once these values have been applied;
the manufacturer’s instructions will say what is necessary.


Firewalls and Virus protection
The importance of having a firewall to protect your LAN from bad or unwanted
data has been discussed previously. Most wireless or wired broadband routers
designed for use in small networks will implement NAT, which as explained
previously does provide a degree of protection to computers on the LAN, as it
‘hides’ them from the Internet.

Once a connection is made to the Internet, a large number of ports or channels of
connection become available for communication between computers; these are
normally closed if they are not in use. Ports are fundamental to the working of
the Internet, and specific services are established through these ports or
channels. For example, web browsing opens port 80. E-mail is often sent through
port 23 and received through port 110. These ports are opened by software such
as Internet Explorer or Outlook running on the user’s computer, and closed when
these programs are closed. Normally, the user would not know which ports have
been opened when, as there is no normal way of displaying such information on
screen.

A hacker can make use of an open port to compromise the user’s computer. One
way this can be done is by creating a program that opens an unused port, then
uses a virus to install this onto a user’s computer. He then uses another program
on his computer to communicate with the opened port and gain control of certain
elements of the user’s computer This is known as a ‘back door’ program and was
the technique used with the virus ‘W32/MyDoom-E’, which allowed outsiders to
connect to TCP port 3127 and control the infected computer. In the case of
MyDoom, it searched for e-mail addresses contained in files on the computer’s
hard disc and then sent rubbish e-mails – containing a copy of itself – to the
addresses it had found.

A good firewall can reduce the risk of such an attack by preventing information
going to or from unused or lesser-known ports. It does this by closing all ports on
the connection to the Internet except for those that use well-known ports such as
those used for web and e-mail. If a user’s computer does become infected, then
the virus will not be able to communicate with the hacker’s computer on the
Internet, as the firewall has closed the port for transmission. Most firewalls are
now set up so that, when they are taken out of the box, only a few of the well-
know ports are open. The rest are closed, thus minimizing the chance of
interference. However, you would be advised to check the firewall settings to see
if they are set up to maximize your security.

Installing virus management software on each computer will in most cases
prevent infection from virussed e-mails or web sites, although it may not protect
a computer if it is a very new virus that is not recognized by the virus protection
software. Even so, it is strongly recommended that such software be installed on
every computer on the LAN to minimize the risk of virus attack.

The most reliable kind of virus software is one that automatically checks for new
virus information over the Internet, rather than leaving this task for the user to
remember to carry out on a regular basis. If there is a file server on the network,
this should have virus software installed too.

The need for adequate virus protection and correct setting of the firewall is vitally
important to the health of your network, whether it is wired or wireless.
 Appendix 1 Setting up your computer to use DHCP

Setting up your computer to use DHCP (Windows XP)
To obtain IP addresses automatically via DHCP, open Network Connections from
within Control Panel and right-click on the Wireless Network Connection to reveal
the menu.
  Selecting Properties opens the Wireless
  Network Connection Properties.

  Highlight the Internet Protocol (TCP/IP)
  item and click on Properties, to open the
  TCP/IP Properties box.




  Clicking on the option to “Obtain an
  IP address automatically” will turn
  on DHCP.




Setting up your computer to use DHCP (Windows 2000)
To obtain IP addresses automatically via DHCP, open Network and Dial-up
Connections from within Control Panel and right-click on the Wireless Connection
to reveal the menu.
Selecting Properties opens the
Wireless Properties.




  Highlight the Internet
  Protocol (TCP/IP) item
  and click on Properties,
  to open the TCP/IP
  Properties box.
   Clicking on the option to
   “Obtain an IP address
   automatically” will turn
   on DHCP




When you click the OK button, your computer should prompt you to restart. It is
advisable to do this immediately to check that you have set this up correctly.
Setting up your computer to use DHCP (Mac OSX)




From the Apple Menu, select System Preferences and choose the TCP/IP control
panel. Make sure that the ‘Connect via’ pop-up is set to Airport, the internal
wireless card of the Macintosh.

On the ‘Configure’ pop-up, select Using DHCP Server.

In the DHCP Client ID field, enter the IP address of your DHCP server. If you are
using the DHCP services in your broadband router, use the LAN address of the
broadband router. Unless you have altered this in the router set-up, it will be the
factory preset address.
Setting up your computer to use DHCP (Mac OS9)




From the Apple Menu, select Control Panels and choose the TCP/IP control panel.
Make sure that the ‘Connect via’ pop-up is set to Airport, the internal wireless
card of the Macintosh.

On the ‘Configure’ pop-up, select Using DHCP Server.

In the DHCP Client ID field, enter the IP address of your DHCP server. If you are
using the DHCP services in your broadband router, use the LAN address of the
broadband router. Unless you have altered this in the router set-up, it will be the
factory preset address.
     Appendix 2 How to find the MAC address of a
                 personal computer

Finding the MAC address of a PC
On a PC, the MAC address of the card can be determined as follows: go to the
MS-DOS prompt or command line and enter the command IPCONFIG /ALL. The
information returned will be similar to the text below.

Windows 2000 IP Configuration

    Host Name . . . . .    .       .    .       .   .    .   .    :   helpfulsystems
    Primary DNS Suffix     .       .    .       .   .    .   .    :
    Node Type . . . . .    .       .    .       .   .    .   .    :   Hybrid
    IP Routing Enabled.    .       .    .       .   .    .   .    :   No
    WINS Proxy Enabled.    .       .    .       .   .    .   .    :   No

Ethernet adapter Local Area Connection 5:

   Connection-specific DNS Suffix                           . :
   Description . . . . . . . . . .                          . : Realtek RTL8180 Wireless LAN (Mini-
)PCI NIC #2
   Physical Address. . . . . . . .                          .    :    00-50-FC-83-BC-22
   DHCP Enabled. . . . . . . . . .                          .    :    Yes
   Autoconfiguration Enabled . . .                          .    :    Yes
   Autoconfiguration IP Address. .                          .    :    169.254.36.188
   Subnet Mask . . . . . . . . . .                          .    :    255.255.0.0
   Default Gateway . . . . . . . .                          .    :
   DNS Servers . . . . . . . . . .                          .    :

Ethernet adapter Local Area Connection:

   Connection-specific    DNS Suffix . :
   Description . . . .    . . . . . . . : Intel 8255x-based PCI Ethernet
Adapter (10/100)
   Physical Address. .    .    .    .       .    .
                                       00-00-39-38-E7-09.   .    :
   DHCP Enabled. . . .    .    .    .  No   .    .      .   .    :
   IP Address. . . . .    .    .    .       .    .
                                       192.168.1.212    .   .    :
   Subnet Mask . . . .    .    .    .       .    .
                                       255.255.255.0    .   .    :
   Default Gateway . .    .    .    .       .    .
                                       192.168.1.1      .   .    :
   DNS Servers . . . .    .    .    .       .    .
                                       195.40.1.36      .   .    :
                                       212.135.1.36
   Primary WINS Server . . . . . . . : 10.0.0.1
   Secondary WINS Server . . . . . . : 10.0.31.135


Many computers have a wired Ethernet port installed as well as a wireless card,
so there may be two entries, as you can see in the above results. The MAC
address of the wireless card is in the first block of information – this is apparent
from the description

Description: Realtek RTL8180 Wireless LAN (Mini-)PCI NIC.

The MAC address is on the line below the description

Physical Address: 00-00-39-38-E7-09

Once this address information is added to the MAC filter table, and filtering is
enabled, only devices whose addresses are recorded in this table can access the
system.
Finding the MAC address of a Macintosh
If you have Apple Macintosh computers in your network, they will almost certainly
have an Apple Airport card installed. The MAC address of the airport card will be
available in the System Profiler if your Macintosh runs the OS9 operating system,
or in About This Mac (more info) if you are running OSX.

If you have Apple Macintosh computers in your network, the MAC address of the
airport card will be available in the Airport application (OS9). The airport pane is
shown below – the arrow indicates where to find the MAC address of the airport
card.




For a Macintosh running OSX, you need to go to About This Mac and then click on
the more info button. The MAC address is then found by selecting the Network
item in the navigator pane on the left of the window. The arrow indicates the MAC
address of the airport card.
              Glossary of Terms and Acronyms

ADSL                 Asymmetrical Digital Subscriber Line



ADSL Modem           A broadband modem for connection to a telephone line that
                     is enabled for ADSL services.


Asymmetrical         A method of providing a broadband connection to the
Digital Subscriber   Internet over a normal telephone line, allowing concurrent
Line                 use of the telephone line for voice and data at the same
                     time.

                     (The speed of the connection is normally defined as the
                     outgoing speed from the exchange (i.e. Internet) to the
                     user, which is normally several times faster than for
                     information sent from the user to the exchange; hence the
                     use of the term ‘Asymmetrical’.)

Broadband            Normally refers to a high-speed connection to the Internet.
Connection           (Some ISPs offer a broadband connection speed as low as
                     128 kbps. For a connection shared by a number of
                     computers, we would recommend a broadband connection
                     with a minimum of 512 kbps.)

Cable Modem          A broadband modem for connection to a cable broadband
                     service


DHCP                 Dynamic Host Configuration Protocol



Dynamic Host         A service that can be provided from a file server or
Configuration        broadband router that allows computers and other network
Protocol             devices to automatically obtain a temporary IP address
                     when they connect to the network.

Firewall             A software or hardware device that prevents unwanted
                     traffic moving between two networks. Normally used to
                     reduce the risk of hackers intruding into a local network or
                     individual computer. Requires considered configuration for
                     maximum security.

IEEE 802.11          One set of electrical standards that define and establish the
standards            methods where wireless devices can communicate with
                     each other.

NAT                  Network Address Translation
Network Address    A mechanism for sharing a single Internet address amongst
Translation        a number of computing devices on a LAN. It also provides a
                   means of ‘hiding’ local addresses on the LAN from the
                   Internet, so adds to LAN security.

Router             A software or hardware device that connects two networks
                   together and controls how information is exchanged
                   between the networks

WAP                Wireless Access Point.



WIFI               A set of standards defined by a group of wireless network
                   equipment manufacturers to ensure compatibility between
                   systems. Compliance to the standard is ensured through
                   practical testing

Wired Network      A network of computing devices connected together using
                   cable


Wireless Access    A device which connects a number of wireless equipped
Point.             computers to a wired network


Wireless network   A network of computing devices connected together without
                   the need for cable

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:53
posted:8/12/2010
language:English
pages:38