NETS Wireless FAQ

Q: What wireless LAN networking standards are there?

A: The major player is 802.11, also known as WiFi. Another standard known as HomeRF is also available, but does not appear to be as popular.

Q: What's the difference between 802.11 and 802.11 a/b/g?

A: 802.11 is the original IEEE standard for wireless ethernet. It incorporated several different signalling standards and ran at a maxiumum speed of 2Mbps. 802.11b is a revision of 802.11 which allows speeds of 11Mbps. Older 802.11 equipment can use either Frequency Hopping (FHSS) or Direct Sequence (DSSS) Spread Spectrum. The two are incompatable. However, all 802.11b equipment is DSSS and hence compatable.

802.11a is a revision of the 802.11 standard which operates in a higher frequency range than standard 802.11b. It provides speeds up to 54Mbps, but usually has shorter range. It has not acheived the popularity of 802.11b and is not currently provided as part of the UCAR wireles network.

802.11g is a revision of the 802.11b standars which provides for speeds up to 22Mbps while providing backwards compatibility with 802.11b. Although the UCAR network does not include 802.11g access points at this time, 802.11g cards should operate without problems at 802.11b speeds.

Q: Where can I find out more about the 802.11 standard?

A: The best place for detailed information is IEEE itself. The home page of the 802.11 working group is here.

A good starting point for product and vendor information is The Wireless Ethernet Compatability Alliance (also known as WiFi)

Q: What do I need to get started using wireless?

A: To connect to the UCAR wireless network, please refer to our "Getting Online with UCAR Wireless" page. The only mandatory piece is a wireless client adapter card. This is the wireless equivalent of a regular ethernet card. They are available as both PCMCIA and PCI cards. Some newer laptops can be purchased with a built-in client adapter. While two or more client adapters can be configured to talk directly to each other in a mode named "Ad-Hoc", most people will use an Access Point. An Access Point is an additional device which connects wireless client adapters to a standard wired ethernet. This mode of operation is referred to as "Infrastructure". In essence, it allows a client adapter which is within range of an access point to send and receive packets just as though it was directly connected to the regular ethernet the access point is connected to. Multiple access points can be used to provide coverage over a larger area than a single access point can reach.

Q: How fast is 802.11b equipement?

A: The maximum speed is 11Mbps. At larger distances, the speed drops to 5.5Mbps, 2Mbps, and 1Mbps. Even though the theoretical speed is 11Mbps, most TCP transfers won't exceed 6 or 7 Mbps. This is due to the additional overhead needed to make wireless appear as reliable as a wired ethernet. Also, all 802.11 links are half-duplex.

Q: What is the range of 802.11b equipement

A: The range is dependant on a number of factors. The most important are the types of antennas in use and the environment it is installed in. In an average office building, range might vary from 50' to 200'. Outside, with directional antennas, it's possible to run 802.11b up to 25 miles.

Q: How secure is 802.11?

A: 802.11 is as secure as you make it. It can provide any level of security from none to very secure with additional hardware. The various levels of security are summarized below.

No security. By default, most 802.11 devices are configured to not use any security at all. This allows anybody to connect to the wireless network without setting any configuration parameters at all. In addition, anybody can sniff the wireless traffic without knowing any special configuration parameters. This level of security is probably not appropriate unless your wireless LAN is located in a physically remote location which is inaccessible to unknown guests. It is important to remember that a wireless LAN (WLAN) located inside a building is quite likely to be accessible from the street and sidewalks outside.
Use WEP security. Most 802.11 devices include Wired Equivalent Privacy (WEP) security. Although WEP is more secure than no security at all, it is far from perfect. WEP is basically a shared-key encryption system. Every packet is encrypted with one of four keys. The Access Points and clients must both have copies of the keys which are being used. The 802.11 protocol specifies WEP keys of 40 bits, however a number of vendors are offering the option of 104 bit WEP keys (usually mis-named 128-bit WEP). WEP involves a number of tradeoffs that should be considered when deciding if WEP provides an appropriate level of security.
- The WEP keys are shared by all clients which use the network. This means that the keys are a well-known "secret". If lots of people will have legitimate access to the network, it is likely that the keys will not remain secret for long. Also, since the keys are shared, if they are compromised and need to be changed all of the clients will lose use of the network until they have gotten the new keys. It is not possible to revoke the access of a single user or client. While these are severe problems in a large environment, they are more tractable in a small setting. A residential setup might only have one or two clients, making key distribution a non-issue.
- The WEP protocol is poorly designed. A number of papers have been written about the problems with the protocol. The most severe shows WEP to be vulnerable to a dictionary attack with complexity 2^24. In theory, this is much simpler than the 2^40 complexity brute force attack that would otherwise be necessary. More detail can be found in this report.
- Recently, an even more severe set of problems with the design of WEP has been reported. Adi Shamir and Itsik Mantin of the Computer Science Department of the Weizmann Institute (Rehovot, Israel) and Scott Fluhrer of Cisco Systems Inc. (San Jose, Calif.) describe the new attack in a report titled "Weaknesses in the Key Scheduling Algorithm for RC4." They presented the report at the Selected Areas in Cryptography (SAC) conference in Toronto Aug. 16-17, 2001. It can be found on Itsik Mantin's RC4 Web Page.
- While WEP provides some protection against traffic sniffing by attackers without knowledge of the WEP keys, users who have access to the keys can sniff each others traffic without problems. This can be a problem if your security policy relies on a switched infrastructure which prevents sniffing.
Use Layer 3 security. The limitations of WEP security are most effectively overcome by using a IPSec or VPN gateway. An easy way of setting up this type of environment is to turn off all 802.11 security. The wireless subnet is then configured without a normal router. Rather, all users are required to log in to the IPSec or VPN gateway to get access to the rest of the network. This provides all of the additional security features that WEP does not provide.
- Individual accountability and severability. Since each user logs into the gateway with their own username and password, it is possible to trace any malicious activity back to a specific login. In addition, individual logins can be disabled without affecting other users.
- Protection from sniffing. Since each user has their own encrypted session with the gateway, it is not possible for the users to sniff each others traffic.
- No severe protocol holes. Current VPN and IPSec protocols do not suffer from the large design flaws present in WEP.

Q: How expensive is 802.11b equipment?

A: While prices vary, these are some rough ranges. Client PCMCIA cards seem to average between $50 and $150. Commercial quality Access Points usually run in the $500 to $1000 range, while residential quality access points are available for under $100.

Address comments or questions about this Web page to the Network Engineering & Technology Section at nets-www@ncar.ucar.edu. The NETS is part of the Scientific Computing Division of the National Center for Atmospheric Researc h, which is part of the University Corporation for Atmospheric Research.