WeekEnd Feature: Why WiFi?

by Ian Thompson, CCSP Staff Editor
February 14, 2004

We’ve probably all seen the adverts – bloke sat on a balcony, lots of trendy glass and chrome-work around, busy using his laptop. Or the person sat in the café, on a table in the middle of the room, without the waiter tripping over wires trailing off to wall sockets. This, we are promised, is the true freedom offered by wireless networking.

Or perhaps they’re just examples of extreme surfing? “Where’s the most precarious place I can sit with this £1,000 computer?” Knowing my luck, it would fall to the ground (however far away that may be) as I concentrate more on stopping the cheap vending-machine coffee from slipping than the hi-tech bookend.

Anyway, Centrino is ‘it’, for now, and all we other users of more traditional (meaning ‘old’) equipment where a wireless network card is plugged into the PC-Card slot are welcome to the classic (meaning ‘old’) experience of forgetting to remove it before shutting the carry-case, to the sound of the short externally protruding aerial section snapping off…


Setting the standards.

The IEEE (Institute of Electrical and Electronics Engineers, Inc., or Eye-triple-E) controls the standards for all network connections, under the overall banner of Standard 802, and you can view PDF documentation on this at http://standards.ieee.org/. It’s a very easy site to use. However, unless you’ve got a flare for wading through hundreds of pages of technical stuff, let me summarise things:-

.There’s wired networking; and there’s wireless networking.

There you go – easy. Okay, there are a few sub-divisions. For Wireless, there are various flavours of 802.11, which the IEEE describes as “wireless standards that specify an over-the-air interface between a wireless client and a base station or access point, as well as among wireless clients. The 802.11 standards can be compared to the IEEE 802.3™ standard for Ethernet for wired LANs.”

Are you following all of this? Good. Because then there’s Bluetooth (bluetooth.org) , for which the IEEE has developed another 802 standard called 802.15. And if this is too slow, or hasn’t got the range you want, then there’s 802.16 – “IEEE 802.16 specifications support the development of fixed broadband wireless access systems to enable rapid worldwide deployment of innovative, cost-effective and interoperable multi-vendor broadband wireless access products.” Actually, looking at the 802.15 specs, there are variants with 20Mb/s and 110Mb/s, so it looks like the range is the issue – that’s why it’s called a PAN (personal area network). But, if your Porsche or Aston-Martin tyre pressure sensors are feeling left out of the short-range wireless game with all this Bluetooth stuff going on, there’s IEEE 1451™, specifically for wireless transducers, to give them a warm, cosy, ‘wanted’ feeling all of their very own.


That’s not 802 series – get back on track!

Right you are, then. There are a few different systems within the 802.11 WiFi spec. For most people, there is 802.11b, which runs in the 2.4GHz band, one normally kept open for public systems. 11b has speeds of up to 11Mb/s, around the same theoretical maximum as an older-style wired network connection. Then there’s a sort of ‘Super-b’ than doubles the stated maximum to 22Mb/s.
These days, the shift is towards 11g, in the same frequency band, but with up to 54Mb/s (or 108Mb/s with some manufacturer’s trick kit).

Of course, there’s also the ‘Pro’ version, 11a, which runs in the 5GHz band at 54MB/s, and uses a different encoding method to reduce interference between signals in the same area. This allows more users per access point, for example. Oh, you want the acronyms? Look up OFDM, FHSS and DSSS.


This is a security site, right?

Oh, you’ve noticed? I’m not going to repeat a load of stuff that’s already been discussed – (unlike the previous 500 words, LOL!), so have a look at this site:- http://www.drizzle.com/~aboba/IEEE/
.
(Time passes) [Wink to Infocom, there – HHGTTG – ;) ]
.
Ah, you’re back. Did that lot open your eyes to a ‘few’ of the security issues?

Anyone who says that WiFi is easy to implement hasn’t thought the problems out very well. Sure, it’s easy to plug in a WiFi card and create an ‘ad-hoc’ link between individual users, in a peer-to-peer way. It’s a little bit more secure to use an access point, providing the users’ PCs are set to ignore ad-hoc stuff. However, these are still ‘open access’ to anyone within range.


WEP – oh dear…

If ever there was a ‘secure’ system that gave me the most concern, it’s this. People tout WEP as the answer to securing wireless networks, but there’s one fatal flaw (no, there are more, but this is the main one) – a confirmation message is passed one way encoded and is returned as plain text. This is poor security. All I have to do is set up a laptop with a few bits of software on it, plus a tri-mode (a/b/g) WiFi card installed, and I can find out the networks around me, log the packets for an hour or so, then go home and start crunching the numbers.

Since each file is split into smaller packets, and each packet has to be confirmed as valid, copies of the confirmation message are passed around a lot – more on busy networks. The more packets captured, the more certain I am that I’ve got plenty of encrypted and plain-text bits. Pretty soon, I’d have enough to start to apply the sort of number crunching that most home PCs are capable of doing.

It’s the sort of thing that the world’s first programmable computer was doing in World War Two – of course, the British kept a pretty good secret and it wasn’t revealed until the mid-seventies, but it beat the rest by a few years and was used for breaking the German Enigma code. PCs have come a long way since then – crucially, they now take up a bit less space than a full 25m-long room and they are a bit quicker.


What you gonna do?

So, a typical WEP-enabled WiFi system can be broken fairly easily. It will deter the casual wanderer, but someone intent on ‘wardriving’ the city centre will stick at it. Applying longer-length keys (say 128, 156 or 256-bit) just means I’ve got to grab more traffic – having the encrypted and plain-text versions of parts of the transmission means I can work out the key used to encrypt it. Check out warchalking.org for an explanation of those curious symbols sprouting up in city centres where someone has already done this for you…

Here are a few tips:

. Always set the WEP key – something’s better than nothing and there’s no point having the wireless equivalent of a network socket on the outside of the building.

. Always change the SSID (service set identifier) of the wireless network. There are too many ‘toys’ out there (like iStumbler) that have all the default ones included, making it easy to connect to, er, ‘public’ WiFi systems. Don’t use the same one on 11a as 11b/g, if you use multi-mode kit.

. Stop the AP’s broadcasting the SSID – but note that hiding it isn’t technically possible on 11a since the spec doesn’t permit this, unlike 11b/g. What this does is makes the WiFi network more or less invisible to tools like NetStumbler.

. Set the WEP key as long as possible – the hacker ‘carparking’ your network needs to grab more traffic.

. If possible, use key-rotation software. This isn’t supported on all hardware, but swaps the WEP key for another one on a regular basis. The hacker may grab enough traffic to break one, but on returning the system has cycled to another and the ‘grab/crack’ cycle needs to be done again.

. Not one for the home user, but employ further technologies, like IPSec, VPN, WPA or 802.1x. Of all of these, the last is apparently the best, but you’ll probably need extra kit, like proper servers and a RADIUS system, to provide authentication. Not impossible – after all, Windows Server 2003 has a lot of this included – but definitely outside the remit of a home user.


So, what’s best?

Oh, without doubt, the most secure thing would be a wired socket – anyone trying to break in first has to gain physical access to the building (or at least it’s incoming services).
It boils down to this trade-off:

Wireless-------------------------------------Wired

Convenient and flexible ------------ Secure and fast

There you go. I’ll do something else later about the oddities of setting up a large WiFi network. For now, remember that laptops are fragile and not very waterproof. I just mention this in case you suddenly get all clumsy whilst carrying your low-fat, hi-whip, decaf latte past someone using a wireless laptop in Starbucks.

But, if you’re the kind of person who goes for the ‘gutless wonder’, be careful and check first that the user isn’t a popped-up, high-strung caffeine addict, fresh from a pint of double-strength espresso (aka ‘proper coffee’) before giving the PC a bath… like the computer, you might not make it out in one piece.



by Ian Thompson ComputerCops Staff Editor



Ian Thompson is a Network Manager of a 500-PC, 9-server, 1700-user school network and is an ICT teacher at a UK high school near the city of Leeds. He has written articles for the Hutchinson Encyclopedia, plus many resources in support of teaching ICT in the UK schools' National Curriculum.


Copyright © Ian Thompson All Rights Reserved 2004.