Wireless Fidelity In the last few years the world has undergone a tremendous and unprecedented technological change with the attack of the Information Technology revolution. Earlier it was e-mail that changed the way people communicate, and then online shopping became the order of the day, gradually online banking caught up and the list goes on and on. The new trend, Wi-Fi, or Wireless Fidelity, allows you to connect to the Internet from your couch at home, a bed in a hotel room or at school, all without wires. As author Harold Davis nicely puts, "Wi-Fi is a wireless technology just like a mobile phone and Wi-Fi enabled computers send and receive data indoors and out; anywhere within the range of a base station. Wi-Fi certification means that you will be able to connect anywhere there are other Wi-Fi CERTIFIED products - whether you are at home, the office, school and other public areas equipped with a Wi-Fi Access Point device" (35). Customers with the capability to tap into wireless Internet networks at certain universities and Starbucks coffee shops in US will soon be able to browse the Web in a very inexpensive way using the wireless internet technology Wi-Fi WLAN use radio technologies called I 802.11 b or 802.11 a to provide secure, reliable, fast wireless connectivity.

Michael Gallagher notes that, "A Wi-Fi WLAN can be used to connect computers to each other, to the Internet, and to wired networks (which use I 802.3 or Ethernet) " (120). Wi-Fi WLANs operate in the unlicensed 2.4 and 5 GHz radio bands, with an 11 Mbps (802.11 b) or 54 Mbps (802.11 a) data rate or with products that contain both bands (dual band), so they can provide real-world performance similar to the basic 10 Base wired Ethernet networks used in many networked environments. Competition has already driven down the costs of deploying 802.11 b networks which can now be deployed by businesses to give their employees mobility within the business. Home users can buy 802.11 b kit to extend their DSL or cable broadband Internet access wireless ly to the entire house. James La Rocca points out that, "In universities and schools a wireless network can allow computers to be integrated more effectively into teaching as classes no longer need to be held in computer lab" (48).

In September of 1999, the Institute of Electrical and Electronic Engineers (I ) ratified the specification for I 802.11 b, also known as Wi-Fi. I 802.11 b defines the physical layer and media access control (MAC) sub layer for communications across a shared, wireless local area network (WLAN). As Theodore Rappaport states, "At the physical layer, I 802.11 b operates at the radio frequency of 2.45 gigahertz (GHz) with a maximum bit rate of 11 Mbps. It uses the direct sequence spread spectrum (D ) transmission technique. At the MAC sub layer of the Data Link layer, 802.11 b uses the carrier sense multiple access with collision avoidance (CSMA / CA) media access control (MAC) protocol" (35).

A wireless station with a frame to transmit first listens on the wireless medium to determine if another station is currently transmitting (this is the carrier sense portion of CSMA / CA). If the medium is being used, the wireless station calculates a random back off delay. Only after the random back off delay elapses can the wireless station again listen for a transmitting station. By instituting a random back off delay, multiple stations that are waiting to transmit do not end up trying to transmit at the same time (this is the collision avoidance portion of CSMA / CA). Collisions can occur and, unlike with Ethernet, they might not be detected by the transmitting nodes. Therefore, 802.11 b uses a Request to Send (RTS) /Clear to Send (CTS) protocol with an Acknowledgment (ACK) signal to ensure that a frame is successfully transmitted and received.

The 802.11 b frequency can be broken down into a few components. As confirmed by James in Geiger in his book Wireless Networking Handbook, "I 802.11 b wireless networking consists of the following components: Stations, Wireless a cess points, and ports" (127). A station is a network node that is equipped with a wireless network device. A personal computer with a wireless network adapter is known as a wireless client. Wireless clients can communicate directly with each other or through a wireless access point.

Wireless clients are mobile. In his book Deploying Wireless LANS, Gilbert Helt informs that "A wireless access point is a wireless network node that acts as a bridge between station and a wired network. Wireless access points contain at least one interface that connects the wireless access point to an existing wired network (such as an Ethernet backbone) as well as a wireless network device with which it creates wireless connections with stations" (58). A wireless access point is similar to a cellular phone network's base station. Wireless clients communicate with both the wired network and other wireless clients through the wireless access point. However, Wireless access points are not mobile and act as peripheral bridge devices that extend a wired network.

A port is a channel of a device that can support a single point-to-point connection. For I 802.11 b, a port is an association, a logical entity over which a single wireless connection is made. A typical wireless client with a single wireless network adapter has one port and can support only one wireless connection. A typical wireless access point has multiple ports and can simultaneously support multiple wireless connections. The logical connection between a port on the wireless client and the port on a wireless access point is as Brian Cater says " a point-to-point bridged LAN segment-similar to an Ethernet-based network client that is connected to an Ethernet switch" (217). Cyrus Pei kari informs that "The I 802.11 has defined two operating modes: Ad how mode and Infrastructure mode.

In ad how mode, also known as peer-to-peer mode, wireless clients communicate directly with each other (without the use of a wireless access point) " (123). Two or more wireless clients who communicate using ad how mode form an Independent Basic Service Set (I BSS). Ad how mode is used to connect wireless clients when a wireless access point is not present. In infrastructure mode, there is at least one wireless access point and one wireless client. The wireless client uses the wireless access point to access the resources of a wired network. When a wireless adapter is turned on, it begins to scan across the wireless frequencies for wireless access points and other wireless clients in ad how mode.

Assuming that the wireless client is configured to operate in infrastructure mode, the wireless adapter chooses a wireless access point with which to connect. Since the adapter automatically detects access points, it makes it easy for anyone with a "Wi-Fi ready" machine to connect. This allows ease of use but at the same time makes the technology extremely vulnerable. After searching, the wireless adapter switches to the assigned channel of the selected wireless access point and finds a port. This concept is known as establishing an association. If the signal strength of the wireless access points is too low, the error rate too high, or if instructed by the operating system (in the case of Windows XP), the wireless adapter scans for other wireless access points to determine whether a different wireless access point can provide a stronger signal or lower error rate.

If such a wireless access point is located, the wireless adapter switches to the channel of that wireless access point and finds a port. This concept is known as re association. Re association with a different wireless access points can occur for several reasons. The signal can weaken as one moves the wireless adapter away from the wireless access point or the wireless access point becomes congested with too much traffic or interference. By switching to another wireless access point, the wireless adapter can distribute the load to other wireless access points, increasing the performance for other wireless clients.

You can achieve contiguous coverage over large areas by placing your wireless access points so that their signal areas overlap only slightly. As a wireless client roams across different signal areas, it can associate and re associate from one wireless access point to another, maintaining a continuous logical connection to the wired network. Security is an important concern on any network, but it's especially so for a wireless one where information travels back and forth through the air and is open to eavesdrop and intercept by anyone within range. As a result issues surrounding security come up in almost any discussion of implementing a WLAN. New security techniques and standards are constantly under development, and a comprehensive discussion of security is beyond the scope of this tutorial, but we " ll outline some of the security features you can take advantage of to help safeguard your data and protect against unauthorized access to your network.

The method by which WLANs protect wireless data streams today is called Wireless Equivalent Privacy, or WEP. Despite the implication of its name, WEP doesn't really provide privacy equivalent to that of a wired network. As mentioned earlier, a wireless network is inherently less secure than a wired one because it eliminates many of the physical barriers to network access. K auch Pahlavan notes that "The way WEP attempts to overcome this is by encrypting the data transferred between two wireless devices" (55). This could be for example a computer and an access point, two access points, or two computers. A data stream encrypted with WEP can still be intercepted or eavesdropped upon, but the encryption makes the data unintelligible to the interloper, at least in theory.

The principle behind WEP is similar to that used by SSL (Secure Sockets Layer) which encrypts data sent between a computer and a Web server, say, when you order something from an online store. There are different levels of WEP available, depending on the type of hardware you are using. The strength of WEP is measured by the length of the key used to encrypt the data. The longer the key, the harder it is to crack (in terms of the time and computing power required). The earliest 802.11 b implementations provided 40-bit WEP, which was generally regarded as too weak to afford any real protection. Later 802.11 b products (like the ones on the market today) strengthened WEP to use 64-bit (which is actually the same as 40-bit) or 128-bit keys.

802.11 a products offer those same WEP levels but add a yet higher level -- 152-bit, while the some of the latest 802.11 b+ products often feature 256-bit WEP. To maximize your security, you should always utilize the highest level of WEP that your hardware supports. Sometimes, if you use hardware from several different vendors, you may find that they support varying levels of WEP. In these cases, you should use the highest level common to both devices. Although generally WLAN products from different vendors communicate with each other just fine, enabling WEP is often a way to expose interoperability problems. If security is your paramount concern, consider getting all of your hardware from a single vendor.

Although the calculations required to encrypt data with WEP can impact the performance of your wireless network, it's generally seen only when running benchmarks, and not large enough to be noticeable in the course of normal network usage. The performance penalty on enabling WEP will generally be a little higher when using a router that incorporates a built-in WLAN access point, because of the added load of WEP encryption on a CPU that is already handing routing and switching functions for Internet sharing. When using a stand-alone access point, the performance penalty is usually imperceptible. Enabling WEP on your WLAN equipment is not very difficult. Any WEP-enabled router, access point, or NIC will have a WEP configuration section that lets you specify the type of key you want to use as well as the key itself. Most devices let you specify your key using either ASCII (alphanumeric characters) or hex numerals (0-9 and A-F).

Whichever level of WEP you decide to use, it's crucial to use identical settings -- the key length, and the key itself, obviously - on all devices. Only devices with common WEP settings will be able to communicate. Similarly, if one device has WEP enabled and another doesn't, they won't be able to talk to each other. When considering security on a WLAN, WEP is not the whole story. WEP may obscure the true nature of your data to eavesdroppers, but it doesn't prevent unauthorized computers from getting on your network via your access point.

(In fact, WEP encrypts only the data portion of a TCP / IP packet, not the headers, which means that source and destination address of every packet is clearly identifiable.) The job of a WLAN access point is to always broadcast its presence. By default, it grants access to any computer that requests it. The feature that deals with the issue of unauthorized access is MAC filtering. Every piece of network hardware ever made has a MAC (Media Access Control) address. MAC addresses have the benefit of being both unique (no two network devices have the same MAC address) and permanent (they " re 'burned' into the hardware, and cannot be changed). A MAC address is an attribute of the NIC, not the computer it's in.

Therefore, an access point will grant access to any computer that is using a NIC whose MAC address is on its 'allow' list. The only time a MAC address can be absolutely tied to a computer is when, say, a notebook has a built-in WLAN adapter, as some do nowadays. Wi-Fi routers and access points that support MAC filtering let you specify a list of MAC addresses that may connect to the access point, and thus dictate what devices are authorized to access the wireless network. When a device is using MAC filtering, any address not explicitly defined will be denied access. Some products take MAC filtering a step further and let you grant or deny access to either the LAN or the WAN (or both). This added flexibility comes in handy if you " re trying to control internal computers - for example, to allow a particular computer access to your internal network but not to the Internet, such as your kid's computer.

Unfortunately, not all WLAN routers and access points provide MAC filtering capabilities, so be sure to check before buying. Some devices let you filter access by IP address, but because IP addresses are not always unique, can be changed, and are easily spoofed, they " re not a good basis to control network access. Like the WLAN standards themselves, the security features within them are new and far from foolproof. That doesn't mean, however, that they " re worthless and should not be implemented. Think of it in the following terms - do you typically leave your car unlocked with the keys in the ignition? Probably not; more likely, you take the keys, lock the doors, and maybe even use a supplemental security feature like an alarm or steering wheel lock.

This doesn't guarantee that your car won't be stolen, but it does greatly reduce the chances that it will. You should approach security on your WLAN the same way. The security features currently available will probably not stop a determined hacker who wants to access your network, but they likely will thwart just about everyone else. Theodore Rappaport notes that "The worst thing you can do is set up your wireless network, leave all the default settings in place, and leave security features turned off" (47). Even in business environments where the wireless networks were set up by supposedly knowledgeable IT people, you'd be surprised how often people do exactly that.

Don't be one of them. Although it is far, far better than nothing, WEP has been roundly criticized for providing both insufficient and incomplete security. For example, the encryption key used by WEP, regardless of its length, is static and never changes unless it is periodically and manually changed by the administrator on all devices a daunting task one even a small network, to say the least. This means that an intruder eavesdropping on wireless transmissions could theoretically monitor network traffic over time and possibly gather enough information to decipher the key and decrypt the data. The heavier the network traffic and the more computing power the intruder had at his or her disposal, the less time it would take. The second major weakness of WEP is that it does nothing to authenticate users on the network, which is why schemes like MAC address filtering were developed.

Remember though, that the MAC address is a property of a network device, not a user or even a computer. Therefore, if an intruder stole a wireless NIC whose MAC address was in the allow list of an access by an access point they would be granted network access. In response to these criticisms, the Wi-Fi Alliance recently announced a new wireless security protocol that will be available in early 2003. It's called Wi-Fi Protected Access (WPA), and is designed to take the place of WEP and address many of its shortcomings.

For starters, WPA requires the user to provide a master key, but this does not become a static encryption key. Instead, the master key is simply a password used as a starting point through which WPA derives the key it will use to encrypt network traffic. Moreover, the key is regularly and automatically changed (and never reused), reducing the likelihood that it will be compromised. The master key also serves as a password by which users can be authenticated and granted network access.

WPA was designed to be a software upgrade to WEP, so most existing wireless devices should be upgradeable to WPA via a firmware (define) update. In order to take advantage of WPA, all network devices like access points and clients must be upgraded. The first WPA-enabled products are expected in the early Spring of 2003, and upgrades for existing products should be available at around the same time or shortly thereafter. For Wi-Fi to really take off in homes, its needs to capture the public imagination and make the initial equipment costs seem even more trivial - similar to when TV sets were drastically reduced in price. 'Wi-Fi is a key step for home networking, but it still doesn't solve issues of developing home entertainment,' agrees Roland Berger's Kuntz. That's probably true.

But coming up with an attention grabber doesn't seem so impossible with Intel and Microsoft already pouring millions of dollars into Wi-Fi technologies and major carriers such as VoiceStream and AT&T figuring out how to make the technology work for them..