Wi-Fi/Printable version


Wi-Fi

The current, editable version of this book is available in Wikibooks, the open-content textbooks collection, at
https://en.wikibooks.org/wiki/Wi-Fi

Permission is granted to copy, distribute, and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 3.0 License.

Introduction

A wireless network (Also wireless LAN or WLAN) is a computer network operating by certain frequencies of radio waves. When installed correctly, no difference from a normal wired network should be obvious (Other than the obvious lack of cables).

These are generally used in a home environment for two main reasons: To share printers between them and to share an Internet connection. Normally, networks are created by hooking computers together with network cables and a router (or hub/switch). Wireless networks use various frequency radio waves to do this.

Common reasons for using a wireless network (in preference to a wired one)

edit
  • The most obvious and commonly advertised difference in a wireless network is the lack of network cabling.
    • This is especially useful if the network is a new one being planned and/or where the lengths of cabling would be ridiculously long.
  • If the devices on the network are movable or move frequently, the lack of a network cable may be useful.

Downsides

edit
  • Current standards of wireless networks have lower bandwidths (Speeds) than wired networks. This may be improved in future standards. Note, however, that common home network usage (Viewing webpages, Emailing, printing, etc) will rarely use the maximum bandwidth of any network. Unless you do a lot of intensive file sharing (such as video sharing), this won't be a problem.
  • If improperly or poorly set up, anyone within receiving range can do anything on your network without you knowing.
  • Since radio waves are an electromagnetic emission, they decrease in strength over distance. If you have a widely scattered network, those on at the very edge of the signal's range may experience very poor speed and reliability. This can be remedied.


Building an antenna

Wi-Fi is a fantastic new gadget, but out of the box its reach is only about 50 to 100 meters. Fortunately it is possible to build your own antenna cheaply (less than 10 US dollars or euros) in an hour or two.

There are several approaches to building your own antenna:


Further reading

edit


Wardriving

War Driving (wôr dri'vin) v. Driving around looking for wireless networks. -term coined by Pete Shipley

The term wardriving generally covers the practice of discovering and mapping (with the help of GPS) the wireless networks available in a particular area. Useful statistics are gathered from this activity, including statistics on the encryption used in discovered networks. Wardriving does not include the unethical activity of unauthorised connection to wifi networks (encrypted or unencrypted).

WARNING: THE TECHNIQUES DESCRIBED ON THIS PAGE MAY BE ILLEGAL IN YOUR JURISDICTION. THIS PAGE IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. PLEASE CHECK WITH YOUR LAWYER FOR MORE INFORMATION

Equipment

edit

To 'wardrive', you need the following equipment:

  • A computer (preferably a laptop or PocketPC, as they are far more portable)
  • A wifi card.
  • Transportation.
  • Software (Such as Netstumbler for Windows, Kismet for Linux, and KisMAC for Mac OS X)
  • A GPS receiver (optional but necessary to create a map)
  • External omnidirectional antenna, such as a Cantenna (optional)
  • External unidirectional antenna (optional)

How to Wardrive

edit

After you have installed and started your sniffing software and have activated your wireless card, you should configure your GPS adapter. After that, drive to the area that you wish to investigate and pick up signals of the active wifi networks.

edit


Setting up a hotspot

This page provides general information about configuring a wireless hotspot.

Components

edit

Wireless networks require hardware, and to a lesser degree, software.

Hardware

edit

At a minimum, the following are needed:

  • A router — This typically connects to a high-speed internet connection and manages the network's communication with the Internet. If you're dealing with a network not connected to the Internet (Rare), a switch or hub may be used. If you're only connecting two computers to each other (An "Ad Hoc" network), only adapters are needed.
  • Adapters for each machine on the network — These will be expansion cards for desktop computer and PCMCIA cards for laptops.

If you have a large area to cover, separate antennas and/or access points may be needed.

Software

edit

All computers on the network need to have an operating system version (Windows, Mac OS, Linux, etc) that can deal with wireless networking.

  • All Windows from 98 on have some degree of ability in this field. 98, ME and 2000 require additional software and drivers. XP with the latest updates from Microsoft will work automatically with many network cards, Vista will work natively.
  • Mac OS 9 has some wireless networking ability, 10 will work natively.
  • Most recent Linux kernels have built-in wireless networking capability.

Notes

edit

Most wireless routers also have 4 Ethernet (Hardwired, conventional networking) ports on them. If you have a machine that you don't or can't put on the new network, consider locating it and the router close together so it can get on the network by a cable.

Both adapters, routers and other ancillary parts can range in price from 20 USD up to several hundred. A good advice is to go with a well known brand, the currently dominant three are D-link, Linksys and Netgear.

Hardware setup

edit

Assuming a basic router-and-clients setup, the following hardware will be needed:

  1. At least one router
  2. A wireless adapter for each machine that doesn't already have one (Some laptops have built in antennas)
  3. A cable and adapter for each machine that will be wired into the network
  4. Depending on the layout of your house and devices, you may need some repeaters. The following section will explain this.

Location of equipment

edit

Most likely your router will have to connect to your modem (If you don't have an Internet connection, you can disregard this). If this is in a central location for your planned uses, then you will likely not need anything beyond the router and adapters. If you're installing the modem and are planning to have wireless networking, consider installing it in a central location.

If not, you can run more wiring in your house to get it to the router, or accept a weaker signal in the parts of the house farther from the router. If this is an issue, you may want to invest in a repeater that can bring your wireless signal to the far corners of your house.

As discussed previously, wireless signal strength is of significant importance. Some points of information about signals and permeability:

  • Wireless signals can pass through drywall relatively easily, but if it must pass through a significant number of walls the signal will degrade rapidly.
  • Wireless signals do not travel well through cinder block walls.
  • Wireless signals can be disrupted by ducts of a climate control system.
  • Water can greatly distort wireless signals. Take into account aquariums, sinks, and water pipes. Remember, the human body is 66% water, so locations with a high density of people can distort wireless signals. This also includes rain or humidity, so consider bath/shower rooms or other regularly wet areas.

If you want coverage outdoors (which can be very nice during good weather with a laptop!), consider locating the router or a repeater near a window facing the direction you want to cover. An upper floor can be an excellent place for a router or signal propagator for coverage around the outside of the building, and possibly inside as well.

Wiring up the router

edit

Most residential routers are fairly simple to set up and have standardized markings. The usual setup is this:

  1. Plug the Ethernet (data) cable from your cable or DSL modem into the "WAN" port (If your modem has USB and Ethernet ports, use the Ethernet port and don't connect anything to the USB port).
  2. Plug any computers you wish to hard-wire to your router to one of the "LAN" ports. If every computer is to connect wirelessly, skip this step.
  3. If possible, disconnect the antenna, or shield it from transmission.
  4. Shut off/unplug your modem for about 15 seconds
  5. Restore power to your modem
  6. Plug in your router

The above steps may or may not cause the router to obtain an internet connection from the modem. These are VERY generic steps, which will sometimes work if the user's Internet Service Provider uses DHCP. If not, the router must be manually configured, and only the physical connections listed here will be of use to the user.

After a few seconds (At most), the router should start up with the default settings. Leave the antenna disconnected/blocked until you've had a chance to change the wireless security settings, as router defaults are notoriously insecure.

Router configuration

edit

The vast majority of residential routers are configured by a "web-based interface" (A webpage which you can view with Firefox or IE or whatever you use to surf the web).

To access this webpage, a special address (called an IP address) is used. This is normally detailed in the users manual or "quick start guide". The username and password to be used are also listed. If a "quick start wizard" comes up, you can follow it through or dismiss it. The rest of this guide assumes that it didn't appear or was dismissed.

Once logged in to the router, the first steps should be to strengthen the security. See below...

Expansion cards should be installed with the computer turned off. PCMCIA cards for laptops can be inserted at any time. If the operating system doesn't automatically detect and set up the new networking hardware, try using the disc that came with it.

Default access point names

edit
Access Point Default SSID Default IP Default Password
Netgear WGR614 netgear 192.168.0.1
Belkin F5D763* belkin54g 192.168.2.1
D-Link DSL-G604* G604_WIRELESS 192.168.1.1
Most Linksys Models linksys 192.168.1.1 admin
Linksys WCG200 linksys 192.168.0.1 admin


Security

This page details some brief strategies for securing a wireless network

SSID Broadcast

edit

By default, most access points will automatically broadcast their SSID so that the network can be more easily detected and configured. For example the default SSID for many Linksys products is linksys.

  • One of the first things that you should do when setting up your wireless network is to change the default SSID from whatever the manufacturer set to something that is easy to understand and easy to identify as yours (e.g., your street address).
  • Disabling SSID broadcast (as recommended in some articles) won't stop an experienced wardriver, and is not a significant contribution to security. Worse, it can make it harder to manage the network. Instead, focus on WPA.

MAC Address Filtering

edit

Another security feature commonly included with modern routers is the idea of MAC Address filtering. The basic concept being that the administrator explicitly lists all of MAC addresses allowed to connect to the wireless LAN. A great idea in theory: because all MAC addresses are, by standard, supposed to be globally unique. One would have to go through a bit of trouble finding all of these addresses, but once in place, it is a system that needs very little attention. Unfortunately, there are a number of problems with a network that is only MAC filtered.

The primary problem is that network traffic remains completely unencrypted. Any passwords, e-mails, or other sensitive information is sent completely in the clear, thus leaving it highly vulnerable to the most cursory of snoops. Also, it is very easy to modify the MAC address of a network adaptor through simple system registry changes (At least, in Windows XP.)

The real kicker is, any packet on the network that isn't a broadcast from the router contains the MAC address of a computer that can communicate to it! Again, with a very cursory sniffing, it is easily possible for an attacker to build a list of MAC addresses that can communicate to the router, then simply change his adapter's address to match one not currently in use.

MAC address filtering is not a significant contribution to security. Instead, focus on WPA.

Encryption

edit

There are two main standards for encryption of wifi networks: WEP and WPA.

WEP stands for Wired Equivalent Privacy.

WEP is the most commonly used encryption standard. It supports key lengths of 40 bits and 104 bits.

WEP has some major security flaws:

  • It uses the RC4 cipher
  • A WIFI network that uses WEP can be passively cracked

WEP should be avoided unless it is the only available option. It provides insufficient protection against crackers, and provides only a false sense of security.

When using WEP, the network key should be changed on a regular basis.

WPA was created by The Wi-Fi Alliance, an industry trade group, to address the serious weaknesses of WEP.

WPA-Enterprise

edit

WPA-Enterprise uses an authentication server to distribute keys to each wireless user. It can be expensive to implement and may not be necessary for homes or small offices.

WPA-Personal (WPA-PSK)

edit

WPA-PSK stands for Wi-Fi Protected Access - Preshared Key. It is a simplified version of the more complicated and expensive WPA-Enterprise protocol.

WPA-PSK allows for a passphrase of up to 63 characters to be specified, that a user must provide before connecting to a network. The passphrase should be a minimum of 14 random characters, or more than 20 non-random characters. It provides several major improvements over WEP.

It uses a system called Temporal Key Integrity Protocol (TKIP) to distribute keys based on the passphrase to each user, and these keys are automatically updated at a specific interval.

WPA2

edit

An improved and more robust version of WPA. This form of encryption is based on the AES(Advanced Encryption Standard) form of encryption. It is even harder to break than the original WPA encryption method. Again it is available in Enterprise and PreShared Key versions

Selecting a Good Password

edit

WPA and WPA2 depend on a "passphrase" (also known as a Pre Shared Key or PSK). Like any other, its strength depends almost solely on its complexity. Good WPA passphrases should be long compared to other passwords, and extremely confusing. The more nonsensical your passphrase, the better. Actual words are not recommended, unless in a very long sentence. For examples,

f7S9^jeiF9ratt4-esttM8,25.4nZ8s

is more secure than the passphrase

fff4526----354

which is better than

4352354frewch

which is better than

sdfnvuihgwkjsgdf

which is better than

toaster

etc.

Finally, remember you will probably only need to enter this once (When you first set up your network and computers), so you can make it really strong and write it down rather than try and remember it. Just make sure you don't lose the paper, but keep it safe somewhere.


Cantenna

About Cantennas

edit

A cantenna is a directional waveguide antenna for long-range WiFi (cf. Hi-fi) which can be used to increase the range (or snoop) on a wireless network. Originally employing a Pringle's® Potato Chip can, a cantenna can be constructed quickly, easily, and inexpensively out of readily obtained materials. It requires four nuts, a short length of medium gauge wire, a tin can roughly 9 cm (3.66 inches) in diameter, the longer the better, and an N-Female chassis mount collector, which can be purchased at any electronic supply store. The original design employed a Pringle's can, but an optimal design will use a longer tin can. Instructions for constructing and connecting a cantenna can be found at Turnpoint.net.

While cantennas are useful for extending a local-area network (LAN), the tiny design makes them ideal for mobile applications, such as wardriving. Its design is so simple and ubiquitous that it is often the first antenna that WiFi experimenters learn to build. Even the Secret Service has taken an interest in the can antenna.

How to make a Cantenna

edit

You'll need

  • An N-male chassis mount connector
One side is N-female for connecting the cable from your wireless equipment, and the other side has a small brass stub for soldering on wire. These can be found at electronics stores internet suppliers (see the list below under "Connect your antenna..." If you shop around, you should be able to find these for $3-$5.
  • Four small nuts and bolts
  • A bit of thick wire
  • A can
The diameter of the can should be around 8.3 cm. The cappuccino cans available at Lidl supermarkets are very close to the ideal diameter..
Reading this guide the better size of the can it's about 92.796mm

See Also

edit
edit