Professional Documents
Culture Documents
Guide To Wireless Networking
Guide To Wireless Networking
a Wireless Network
DirectSupport Programme
ruralnet|uk
Web: www.ruralnetuk.org
ruralnet|uk is a registered rural regeneration charity (1089238)
RNUK Ltd is a wholly owned trading subsidiary of ruralnet|uk working in urban and rural regeneration
(Company Number 4275701)
Contents
1. Purpose of this Guide ................................................................................2
The guide is for learning practitioners, and their support staff, who are
considering the installation of a new wireless network or want to understand the
implications in extending an existing network by using wireless components. It
offers information to tutors and community development practioners, who may
work in outreach venues, in learning access centres, or in small organisations.
Those who may not have a technical team on call, and require simple DIY
guidance on how to set up a small network of computers to share files, printers
and connect to an existing Internet connection, will find this guide helpful.
It sets out to explain the basic principles behind wireless networking, the different
standards available and the components needed to set up the network. It also
discusses how to add a wireless segment to an existing network constructed
using cables or wires – a wired network. It covers configuring the network,
setting up network security and basic troubleshooting. The guide assumes a basic
understanding of computer networking, but is not intended as a comprehensive
guide to network design, management or support
Wireless networking is a technology that enables the cabling that connects each
computer to the network to be replaced by a specially coded wireless signal.
When fitted with a wireless network card, a computer can exchange data with
other similarly equipped computers nearby without the need to be plugged into a
network point, forming a wireless network. Since the wireless network uses the
same protocols and addressing schemes as a wired network, the two types of
network can be freely mixed.
Like a wired network, a wireless network is neutral to the operating systems used
by the computers on the network. Whether you are a PC user, a Mac user or a
Linux user you will be able to wireless network if you install the appropriate
wireless card in your computer or laptop.
In the last two or three years, low cost wireless components have produced a
number of ways of connecting computers together wirelessly. These networks are
growing in popularity with many organisations because they offer low purchase
costs, almost no installation costs and they allow wireless equipped computers to
be freely moved around the room, the building or even outside.
1
Megabits per second – a measure of data transfer speed.
2
These are maximum rated speeds – actual speeds achieved may be as little as 30 to 40%
of the rated speed.
3. Wireless Network standards
Whilst this is not intended to be a technical document, it is important to
understand that a number of different wireless network standards are available.
These standards were established by the IEEE (Institution of Electrical and
Electronic Engineers) and are commonly called the 802.11x standards, as there
are presently three different ones in use: 802.11a, 802.11b, 802.11g.3 The
differences are categorized by how fast data can be transmitted between devices,
how far they can be apart, what radio frequency they use and whether they will
work with the other standards. The table below shows the basic differences
between the standards.
Standards Compared
Compatible
Standard Speeds up to Frequency Typical Range
Standards
Looking at the above table, you might ask why anyone would want to use the
802.11a, as 802.11g would appear to be superior in both range and compatibility.
The answer is that the frequency used by 802.11a makes it less susceptible to RF
interference (electrical noise from motors or other electrical devices) than the
other standards. So, it would work better – for example - in a manufacturing
environment such as a factory. Also, the way that 802.11a wireless devices
encode the signal is better for multimedia voice, video and large-image
applications in densely populated user environments. The future of 802.11b is
less certain as it offers less than the a or g standard, so it is likely to be retained
for ‘backwards compatibility’ in networks where existing b standard components
are in use.
There is also a standard called WI-FI. This is not an electrical standard like the
IEEE 802.11x standards described above; it is a standard agreed by a number of
manufacturers to ensure compliance between their wireless systems. To obtain
WI-FI Certification, manufacturers must submit a sample product for testing to
see if it will work correctly with other WI-FI compliant devices. If the sample
product passes the test, then the product can be certified for use with other WI-FI
devices and can be sold with this accreditation. Note that the testing will be
against other devices using the same 802.11 standard so although it is possible
to obtain a WI-FI compliant 802.11a device, this will not work with a WI-FI
compliant 802.11b or 802.11g device. However, it is expected that WI-FI certified
3
There are a number of new standards in development, such as 802.11n and WIMAX, but
as these are not yet fully ratified, they are not covered in this guide.
devices that use the same standard (802.11a, b or g) should work together
successfully.
Indoors there are a large number of obstructions such as furniture, walls, floors
and ceilings. The wireless signal is absorbed by some materials and reflected by
others. This often gives dead spots in the area covered by the access point where
no wireless reception is possible. Sometimes there are ‘freak’ areas where
reception is possible beyond the normal range of the access point. Some wireless
devices are also affected by interference from other high frequency devices like
microwave cookers, which may give rise to errors or a complete loss of the
network for a period of time. Unfortunately, wireless networking is not an exact
science and the positioning of wireless devices may require some fine-tuning to
get them working reliably.
There is a basic trade-off between the speed of the wireless network and the
distance that the signal travels – the higher the speed the less distance the signal
will travel. The table below shows a comparison of speeds and distances. The
speeds indicated are typical of those available in wireless networks. By default,
wireless devices are set to run at their highest available speed.
The distances are indicative only in clear air and will vary for different
manufacturers and situations. If you are using these as a basis for planning a
wireless network, then take the figures above as a best case and try to keep
distances between devices less than those shown in the table.
If the distances between the wireless devices are large, close to the maximum
tabled above, the network speed can be manually reduced to a lower speed than
the maximum. This results in better reliability at a distance, but at a loss of speed
across the whole of the network.
However, if you run a mixed network with 802.11g (54 Mbps) and 802.11b (11
Mbps), then the network will work at the lowest speed everywhere, in this case
11 Mbps.
In practice, most computer users are surfing the internet, collecting e-mail,
saving a file to the server, or sending prints to a network printer, all of which are
much more variable in the way they make demands on the network. So, quite
often, users will not be aware of the presence of the other computers.
So how many computers can run on the network? A good rule of thumb is to
assume that each computer – running the above sorts of things – will use about 2
mbps of the available bandwidth of the network. For example, the bandwidth of
an 802.11b network is nominally 11Mbps maximum, so dividing this by 2 will
suggest you could connect 5 computers and expect a reasonable performance.
Using the same rule of thumb, an 802.11g or 802.11a network, nominally 54
Mbps maximum, would probably support up to 25 computers. It must be
emphasized that these are only rough figures, and assume that the maximum
data rate can be achieved in each type of network. As mentioned previously, as
distance increases, the maximum available bandwidth falls, and this should be
taken into consideration when applying the above rule of thumb.
So, if an 802.11b network was running at extended distances and was manually
configured to run at 5.5 Mbps to increase reliability, our rule of thumb would
suggest that this network would support only two to three computers, rather than
the 5 that it would support at maximum speed.
4. A Typical Network
The diagram below illustrates a typical network which might be found in an office
or learning environment.
Through this card, the computers connect to a hub, a device that manages the
flow of data between the computers in the network. All the network data between
computers, the Internet and any other devices on this network will flow though
this hub.
A shared network printer and a file server may also be connected to the hub, to
provide shared services for the network. Servers are usually connected to the hub
by wire, not wirelessly, as the wired connection can provide greater throughput
between the server and the rest of the network than any current wireless
connection can.
A DHCP server may also be included in the network. This server can automatically
provide a unique address to any device connected to the network; this address is
necessary for successful networking.
1. A firewall – a device that can block ‘bad’ or ‘unwanted’ data that has
originated from the Internet. It can control which computers may use
the Internet and also which Internet services can be accessed – for
example the firewall could block e-mail going to or coming from a
particular computer on the Local Area Network (LAN), prevent users
connecting to a specific website, or block access from the Internet for
all services except e-mail and web browsing. Whilst it is possible to
make an Internet connection without the use of a firewall, this is
definitely not recommended.
2. A router – this is a device which joins the LAN and the Internet
networks together. It looks at data on one network to see if it is
intended for the other network and will pass it onto the other network
if it is destined for that network.
3. A modem - this is the device that encodes and decodes data onto the
telephone line (if using ADSL) or onto the cable (if using cable). It also
provides a means of initiating and maintaining the connection and also
identifying the user of the connection to the ISP (Internet Services
Provider)
Note that the file server is NOT part of this Internet Connection, and it is not a
pre-requisite. A file server on the LAN can provide local security or extended local
services such as file, print and a local mail host, but does not have to be the
route through which Internet services are provided to the users’ computers,
whether connected by wireless or otherwise.
The above diagram shows the devices needed to provide a basic secure small
network and to connect it to the Internet. These do not need to be discrete units
though; for small networks with relatively low traffic demands, it is quite feasible
to provide a single box which integrates the functions of the router, firewall,
DHCP server and even the hub into a single unit. These single units, although not
flexible enough to manage large numbers of computers on the local area network,
provide a satisfactory solution for small implementations of say 5 to 20 computer
users.
Within the local area network, wired and wireless solutions are now common, and
manufacturers offer both wired and wireless versions of all of the main
networking components needed. These and less sophisticated devices are
described in the next section.
5. Wireless Network Components
Wired and wireless networks use the same basic types of components to build the
network.
In a desktop computer, the card is usually installed inside the computer, most
commonly in one of the PCI expansion slots that are common in tower or desktop
PC configurations. On a wireless card, a short aerial, about 10cm (4 inches)
protrudes outside the computer and can be swiveled about to receive the best
signal.
Wireless card for a PCI Expansion Slot Wireless card for a PCMCIA Slot
In a laptop computer, the card would most likely be installed in one of the
PCMCIA slots in the side of the laptop. On a wireless card, about 2cm (3/4 inch)
of the card protrudes beyond the slot to act as the aerial. On Apple Macintosh
computers, the Airport card is installed inside the computer and is not obvious
from the outside.
A third possibility is to connect the card via a USB cable to the computer. In this
case, the aerial will be on the card, which can be placed anywhere that the USB
cable will allow it, which could be up to 5 metres (16 feet 4 inches) from the
computer. The card is powered though the USB cable, so no additional power
supply will be required.
The wireless card will come with installation software; as well as providing a
means of controlling the card and establishing the network, the software usually
provides some sort of visual indication of signal strength, so that aerial or card
position can be adjusted to obtain the best signal.
Wireless Access Point
Most existing computer networks are based on the use of network cables (wires)
that plug into sockets on the wall. The wires behind these sockets are routed
back to a central location where they are plugged into a hub, either directly or via
a patch panel. (Patch panels are used to provide greater flexibility when
configuring or reconfiguring the physical connections in the network). The hub is
a box with (commonly) 4, 8, 16 or 32 sockets on it; in order to communicate on
the network each computer’s network card will have to be connected to one of
the sockets on the hub. When all the sockets on the hub are used, no more
computers can be attached. To overcome this limitation, most wired hubs can be
‘cascaded’ together so when all the sockets on one hub have been used, a second
hub can be connected to make more sockets available. Of course, these extra
sockets would require cabling between them and the computers; installing these
is a costly and often disruptive operation.
The wireless alternative to the hub is a wireless access point (WAP). When the
WAP is powered on, it will be the point of communication for the wireless cards in
each of the computers that are configured to connect to it. Any wireless enabled
computer that works with the same or a compatible wireless standard can then
be configured to link up with this wireless access point. If the access point is
linked to an existing hub which offers shared services such as file, print and
Internet connections, then these can be made immediately available to the
wireless computer. All that is required is software configuration - no manipulation
or installation of wires.
It is not necessary to connect the wireless access point to a wired network for the
wireless part of the network to function, although this may require manual
configuration of IP addresses on each wireless card. When a wireless network
uses a wireless access point, it is configured in infrastructure mode.
In addition, such broadband routers can be set up to offer DHCP services to the
local network and include a basic firewall, so a complete local network with a
shared Internet connection can be established with this single unit.
Wireless Bridges
A Wireless Bridge
A wireless bridge is required on each LAN, and the two bridges need to be within
wireless range of each other. The range of a wireless bridge is usually slightly
greater than a wireless access point, typically 350m for an 802.11g device, due to
the design of the aerial. Wireless bridges are usually designed so that a large
aerial, which can be mounted outdoors for maximizing range, can replace the rod
aerial normally fitted. It is also possible to replace the omni-directional rod aerial
with a directional dish aerial, and this can increase the bridging distance to
distances of several miles when the antennae are correctly installed and
configured.
Wireless bridges are not normally required in a small installation, but are
mentioned here because they may be relevant to some installations.
6. Networks, the Internet and TCP/IP
In order to be recognized on the Internet, a computing device must have a
unique address, so that exchanges between devices on the Internet can be
properly managed. Each device is therefore provided with an Internet Protocol
(IP) address that is unique to the device and also determines which other devices
it can communicate with.
IP Addresses
Every computer connected to a network (wired or wireless) needs a unique
address to enable data to be sent to it. To enable networks to be connected
together (such as through the worldwide web) an internationally recognised
Internet Protocol (IP) address format has been defined. Rather like a postcode or
telephone number, the IP address pinpoints the precise location of the computing
device in the network. IP addresses are made up of four groups of 3-digit
numbers separated by dots: for example 192.168.123.115. The number in each
group can take a value between 0 and 255. In theory, this method of addressing
would allow up to more than 4 thousand million individual addresses. To make
this easier to manage, these individual addresses are subdivided into different
classes or address spaces, but how and where these are used is beyond the scope
of this guide and for most purposes is irrelevant when setting up a small network.
All that normally matters is to understand that the first three groups are fixed for
your local network and that only the last group will vary. This means that you can
have up to 256 devices on your network, wired or wireless, although it is not
recommended that you have this many in a practical network situation.
If you have two networks with different IP addresses – in other words one or
more of the first three groups are different, then you need a router to pass data
between these two networks. This means that if more than one computer is to
share your Internet connection, a router is needed between the Internet and your
two computers to enable this to happen. The router may be a real box with wires
coming out of it, or could be software running on a computer. In this guide, we
will only discuss routers as the former – boxes with wires coming out of them;
other ways of doing this task are beyond the scope of this guide.
As noted earlier, every computer on the Internet must have a unique address, so
the usage of these addresses is carefully controlled by an organisation called the
InterNIC. InterNIC records who has been authorised to use specific addresses and
which addresses have not yet been allocated. Most Internet users will directly or
indirectly get their Internet connection though an Internet Service Provider (ISP).
The ISP will have paid to obtain a block of Internet addresses, that can be offered
to their customers for ongoing connection to the Internet. Obtaining these
addresses and retaining them on an annual basis is an expensive option for an
ISP, so ISPs will normally try on make optimum use of their IP addresses.
If the computer has to be connected to the Internet at all times (e.g. a mail or
web server) then it is usually provided with a STATIC IP address by the ISP – this
means that the ISP does not allow anyone else to use that address. Computers
that do not need to be connected at all times (e.g. for web browsing, collecting
mail) are usually provided with a DYNAMIC IP address from a pool of available
addresses that the ISP provides. If there are, for example, 50 addresses in the
pool, then as each user connects he will be allocated the next available address
from the pool. When he disconnects, the address he was using becomes available
again for use by another user. The ISP usually offers these addresses on a
contention basis: for example, if he has 1000 subscribers and 50 addresses in the
pool, he is offering a 20 to 1 contention ratio. If he puts 200 addresses in the
pool, he is offering a 5 to 1 contention ratio, so a user will be much more likely to
obtain a connection.
NAT
With the widespread introduction of broadband, it is unlikely that a single
computer will actually use the maximum throughput of the Internet connection.
Allowing a number of computers to share a single broadband connection is both
cost-effective and also allows a number of computers to share a single IP address
on the Internet. A common method of address sharing is called Network Address
Translation (NAT), which allows several networked PCs to share an Internet
account using a single IP address.
The router or gateway computer that manages the Internet connection usually
performs Network Address Translation. NAT provides a way of tagging a request
to the Internet from a user’s computer so it can then replace the address of the
user’s computer with the single address assigned by the ISP for the Internet
connection. So from the Internet viewpoint, all requests for information appear to
come from one single address and all responses are sent back to that single
address, and all the computers on the LAN then share that single connection. The
NAT system manages these requests and uses the tagging so that the data
returning from the Internet is sent back to the computer that requested it.
This scheme offers the additional benefit of firewall-like protection because the
addresses of computers on the LAN are not visible to the Internet through the
translated connection, so a hacker on the Internet cannot find the individual
computers on the LAN to attack them.
The NAT system will normally come with a preset range of IP addresses that are
available for use by the computers on the LAN. Typically these addresses will be
in a range such as
192.168.0.0 - 192.168.255.255
This address can normally be changed to a different address range if required;
however unless there is a good reason to alter this default address range, there
should be no need to alter it.
7. Planning Your Network
The Layout
A wireless network is much more versatile than a wired network. As long as
computers are within range of the wireless hub, they can join onto the network.
There are many possible configurations that you may wish to set up in your own
situation. Some basic structures – with their pros and cons – are illustrated
below.
192 168.1.2
192.168.1.1
192.168.1.3
This is possibly the simplest way to network two or more computers together. Each
computer is set up with a wireless card, which is configured to work in ad-hoc mode.
In this mode the computers can communicate directly with each other to share files
or printers and other resources – such as an Internet connection – which are
connected to individual computers. The main advantage of this type of network is
that you only require an inexpensive wireless card in each computer to get this
working.
The disadvantage is that you will have to set up all the wireless cards in each
computer manually; the cards do not automatically configure themselves into ad hoc
mode. It will also be necessary to provide a valid and unique IP address for each
card; for example, 192.168.1.2 and 192.168.1.3. In addition, this kind of network
cannot easily be extended to include wired devices such as network printers or file
servers. If file sharing or printer sharing is required, then this will have to be
provided though one or more of the computers on the ad hoc network, which will –
of course – make these computers run more slowly.
Adding to a wired Network
This is perhaps the most common way of establishing a wireless network. A wireless
access point (WAP) is connected to the existing wired network, and then offers a
wireless network segment to suitably equipped computers. The wireless equipped
computers can then access the file server in the same way as the wired computer
can.
The disadvantage of adding a wireless segment to the network is that all traffic to
and from the wireless segment has to travel down the single wired connection. If
many wireless computers are connected into the wireless segment of the network
and they require constant service from the file server in the wired segment, the
network may slow noticeably for the wireless users.
To configure this network, you would need to do the following, after turning on the
Wireless Access Point:
Configure each wireless card to log onto the Wireless Access Point by default.
Configure the IP address of the wireless card to suit the IP address range of the
network or – if DHCP is available from the existing wired network - configure for
DHCP addressing.
Wireless Only Network
In this configuration all the user computers are connected wirelessly via a wireless
router.
The router provides support for wireless access, but also provides an internal router
and an ADSL or cable modem so it can be directly connected to the telephone or
cable. Most routers of this sort will also provide a firewall, DHCP services and NAT for
the LAN, which can be used if these services are not available from one of the
servers in the local network. Some routers also provide a small number of wired
ports so that servers, network printers and similar devices that require a permanent
and fast connection can be attached to the network.
To configure this network, you would need to carry out the following:
Configure each wireless card to log onto the Wireless Router by default.
Configure the IP address of the wireless card to suit the IP address range of the
network or – if DHCP is available from the existing wired network - configure for
DHCP addressing. The IP addresses of the server and printer should be provided
manually to complement the DHCP configuration.
This configuration is appropriate where the physical area in which the computers are
located is large, such that some computers might be out of range of a single Wireless
Access Point. In this case, a second wireless access point is placed within range of
the wireless router, and is configured to relay the signals from that router to the
remote computers, thus extending the physical range of the network. It is often a
way of improving the quality of a wireless network where local conditions such as
internal walls, fixed metal equipment and so on have conspired to produce weak
signals or dead spots in areas that might otherwise have been expected to work.
Placing the second access point where it can relay the signals from the first access
point will boost the overall signal in the areas where signal reception was poor.
The ability to extend the range of a wireless network is not a ‘standard’ feature of
the 802.11 wireless specifications; it is something that has been introduced by a
number of manufacturers as a feature of their product. It is therefore recommended
that, if you plan to implement this sort of network, products that are specified to
work in this fashion be obtained from the same manufacturer. Configuring the
network will be done according to the manufacturer’s instructions.
The Wireless Access Point (WAP) should be located indoors, and away from any
large metal structures such as filing cabinets, metal shelves or reinforced glass
that contains wire mesh. It should not be located close to reinforced concrete
pillars or beams, or other metal structural items such as water tanks. Such items
can cause reflection or obstruction of the wireless signal, reducing the
effectiveness of the network.
The WAP can be plugged into an ordinary domestic power socket and can be
switched off when not required. It will take a few seconds to power up and
provide the wireless network facility. Don’t switch on any of the computers with
wireless cards until you have set up the WAP.
The WAP should be now be configured to your requirements. You should consult
the instructions to see exactly how this should be done. Most WAPs and routers
can be set up by connecting a PC to them. Usually, you can connect a PC to the
WAP using a standard patch cable: the sort of cable normally used to connect a
PC to a network wall socket. It may be convenient to locate the WAP temporarily
alongside the PC while you are doing this. Once you have carried out the basic
configuration, you can relocate the WAP to its final location as discussed earlier.
We recommend that you change the default name of the network to something
different from that set by the manufacturer. We recommend that the name you
choose should consist of letters and numbers (no punctuation) and should be
eight or more characters long. Note this name down for use when configuring the
wireless cards in your computers.
You should also change the administrative password to something other than that
set by the manufacturer. Please note the new password down. If the new
password is lost, it will require a full reset to the WAP, which loses all settings.
You should also set up network security as discussed in the next section.
Once the wireless router has been set up, you can set up the wireless cards.
Before installing any wireless cards, whether internal or using a USB or similar
connection, you must consult the instruction manual provided with the card and
follow the appropriate installation sequence. Please observe any instructions
about anti-static procedures for handling the card when you install it, and also on
taking your computer apart and re-assembling it.
In some cases, it is necessary to install software on the computer before the card
is installed or attached. Other cards may have to be installed first, or may require
some reconfiguration on the computer before installation. It is recommended that
you check your operating system and version before starting, and check the
manufacturer’s instructions.
If the installation procedure fails, then ensure that you are following the process
as described for your computer’s operating system exactly. If you haven’t
followed it correctly, we recommend that you remove the wireless card from the
computer, and also remove the software from the computer, using the usual
Windows uninstall processes.
Use the network name and security settings that you have decided on for your
wireless network and configured earlier. Once you have applied these settings,
the wireless card should be able to ‘see’ the WAP. Most software has some sort of
indicator for the signal strength, and as long as this is showing 60% of maximum
or greater, your wireless card should be able to attach itself to the WAP. If signal
strength is lower than 50%, then you may have problems. Altering the position of
the aerial on the wireless card, moving the computer or even removing any
metallic object locally can help. Computer workstations that are made of metal
are not the friendliest supporters of wireless networks!
If there is a DHCP server in your network, then you should be able to set up your
wireless card to get itself an address automatically – see appendix 1. If you have
to set the card with a manual address, you need to use an address that fits in
with your IP addressing scheme. If you don’t know what this should be, see your
network administrator.
Once you have completed the configuration process, check it works by seeing if
you can access the Internet through your browser. Try bringing up your favourite
website – if this works, then you have successfully configured your wireless card!
9. Wireless Network Security
Implementing Security
In a wired network, physical access to the network is required to gain access to it
– in other words you have to plug a computer into a network socket before you
can use it. In a wireless network, no such barrier exists; you merely have to be
within range of a wireless access point with a suitable wireless card to be able to
connect. Thus it is quite possible that an unauthorized person standing outside a
building, with a wireless enabled laptop computer, could establish a connection to
your wireless access point without your knowledge.
If the system is reconfigured into ‘Closed Mode’, then the access point no longer
broadcasts beacon packets. In this mode, the SSID information has to be entered
into the configuration of the wireless card so it can send the necessary connection
request to the wireless access point and establish a connection. However, it is
also advisable to change the name of the network to something other than the
preset name. This preset name is publicly available in the user manuals that
come with the access point, so the hackers know it too.
Wireless access points can be configured so they check the MAC address in each
transmitted packet against a table of ‘allowed’ addresses – this is termed ‘MAC
filtering’. If the MAC address isn’t in this table then the packet is ignored and the
sending computer will receive no response; therefore it cannot access the
wireless network. To allow a computer to access a network where MAC filtering is
active, it is necessary to determine the MAC address of the computer’s wireless
card and manually add it to the list of allowed addresses stored in the wireless
access point.
Enabling WEP
WEP, Wireless Encryption Protocol, adds encryption to the wireless network. This
means that data sent across the wireless network is no longer in a readable
format whilst in transit, but is decoded back into a readable form by the receiving
device. Thus, if a data packet is ‘caught’ whilst in transit, the data in the packet is
encoded and thus unreadable. A hacker can no longer replace the MAC address
unless he knows how to decode the original address correctly.
Enabling WEP does have one disadvantage: since the network packets are now
encrypted, they take time to encode and decode so the network will run slower
than if WEP is disabled.
Instructions on how to do this will be in the manual that comes with the wireless
access point. The manual will tell you the factory-set IP address of the wireless
access point (for example 192.168.1.1), and you should enter this into the
address field of your browser. Usually you will be then prompted for a user name
and a password (the manual will give you the factory settings for these) and you
should then see something like the display below.
Disable the
transmission of beacon
packets
The highlighted area shows the security features discussed previously. The SSID
name of this access point is scr1b3s. Beacon packets are disabled (SSID
broadcast is set to Disable) and WEP is turned on (Mandatory).
It is often necessary to restart the router once these values have been applied;
the manufacturer’s instructions will say what is necessary.
A hacker can make use of an open port to compromise the user’s computer. One
way this can be done is by creating a program that opens an unused port, then
uses a virus to install this onto a user’s computer. He then uses another program
on his computer to communicate with the opened port and gain control of certain
elements of the user’s computer This is known as a ‘back door’ program and was
the technique used with the virus ‘W32/MyDoom-E’, which allowed outsiders to
connect to TCP port 3127 and control the infected computer. In the case of
MyDoom, it searched for e-mail addresses contained in files on the computer’s
hard disc and then sent rubbish e-mails – containing a copy of itself – to the
addresses it had found.
A good firewall can reduce the risk of such an attack by preventing information
going to or from unused or lesser-known ports. It does this by closing all ports on
the connection to the Internet except for those that use well-known ports such as
those used for web and e-mail. If a user’s computer does become infected, then
the virus will not be able to communicate with the hacker’s computer on the
Internet, as the firewall has closed the port for transmission. Most firewalls are
now set up so that, when they are taken out of the box, only a few of the well-
know ports are open. The rest are closed, thus minimizing the chance of
interference. However, you would be advised to check the firewall settings to see
if they are set up to maximize your security.
The most reliable kind of virus software is one that automatically checks for new
virus information over the Internet, rather than leaving this task for the user to
remember to carry out on a regular basis. If there is a file server on the network,
this should have virus software installed too.
The need for adequate virus protection and correct setting of the firewall is vitally
important to the health of your network, whether it is wired or wireless.
Appendix 1 Setting up your computer to use DHCP
When you click the OK button, your computer should prompt you to restart. It is
advisable to do this immediately to check that you have set this up correctly.
Setting up your computer to use DHCP (Mac OSX)
From the Apple Menu, select System Preferences and choose the TCP/IP control
panel. Make sure that the ‘Connect via’ pop-up is set to Airport, the internal
wireless card of the Macintosh.
In the DHCP Client ID field, enter the IP address of your DHCP server. If you are
using the DHCP services in your broadband router, use the LAN address of the
broadband router. Unless you have altered this in the router set-up, it will be the
factory preset address.
Setting up your computer to use DHCP (Mac OS9)
From the Apple Menu, select Control Panels and choose the TCP/IP control panel.
Make sure that the ‘Connect via’ pop-up is set to Airport, the internal wireless
card of the Macintosh.
In the DHCP Client ID field, enter the IP address of your DHCP server. If you are
using the DHCP services in your broadband router, use the LAN address of the
broadband router. Unless you have altered this in the router set-up, it will be the
factory preset address.
Appendix 2 How to find the MAC address of a
personal computer
Many computers have a wired Ethernet port installed as well as a wireless card,
so there may be two entries, as you can see in the above results. The MAC
address of the wireless card is in the first block of information – this is apparent
from the description
Once this address information is added to the MAC filter table, and filtering is
enabled, only devices whose addresses are recorded in this table can access the
system.
Finding the MAC address of a Macintosh
If you have Apple Macintosh computers in your network, they will almost certainly
have an Apple Airport card installed. The MAC address of the airport card will be
available in the System Profiler if your Macintosh runs the OS9 operating system,
or in About This Mac (more info) if you are running OSX.
If you have Apple Macintosh computers in your network, the MAC address of the
airport card will be available in the Airport application (OS9). The airport pane is
shown below – the arrow indicates where to find the MAC address of the airport
card.
For a Macintosh running OSX, you need to go to About This Mac and then click on
the more info button. The MAC address is then found by selecting the Network
item in the navigator pane on the left of the window. The arrow indicates the MAC
address of the airport card.
Glossary of Terms and Acronyms
IEEE 802.11 One set of electrical standards that define and establish the
standards methods where wireless devices can communicate with
each other.