Computer Science and Technology: September 2010

Wednesday, September 22, 2010

Convert Wireless Routers into Access Points

Don't throw out your old 802.11g gear just yet. Though 802.11n provides faster speeds and longer range, your aged legacy equipment can still serve a purpose.

As we'll discuss in this tutorial, old wireless routers can be turned into access points (APs); they can help increase the Wi-Fi footprint even more. Plus they might even help increase the performance of the 802.11n connections on your network.

Wireless Routers and APs Aren't the Same

Before going further, it's important to understand the difference between a wireless router and an AP. First off, wireless routers contain an AP. In addition to the AP functionality, a wireless router provides the routing between clients and the Internet. This makes it possible for multiple computers to access one big network, the Internet. Secondly, routers have a DHCP server. This server gives each client an IP address, which is required for network connectivity. Without the routing and DHCP features, a wireless router would simply be an AP; if a wireless router didn't have an AP, it would just be a wired router.

On most networks, only one router is needed. Then to extend the wireless coverage, APs can be plugged into the router or switches. These APs aren't as "smart." They only provide Wi-Fi access; the router still does most of the network management.

Get Additional Coverage And/or Separate the 802.11G Clients

After we do the magic, we'll plug the old wireless router into the new one, to serve as another AP. Then if the old router is properly placed (by running an Ethernet cable), it can nearly double the coverage area provided by the new router. Of course, 802.11n clients that connect to the 802.11g router won't run at 11n rates of speed and performance, but the old router is earning its keep by providing "free coverage."

There's a small catch the other way though; it's better that the 802.11g clients only connect to the 802.11g router. When they connect to 11n routers, the performance of the n clients is negatively effected. However, again, the additional coverage is better than nothing, even just for the old clients.

You can still benefit from keeping your old gear if you don't have a long Ethernet cable or you don't want to run it through the building. Even if the old router is placed close to the new one and it doesn't provide additional coverage, it can still serve as the AP for the 802.11g clients. This way the new router can be set to only allow 802.11n connections, so the old clients won't connect and degrade the performance.

Performing the Conversion

In addition to changing general settings, turning a wireless router into an access point consists of disabling its DHCP server and hooking it up to the new router correctly. Start by configuring the general settings. Plug in the old router (but don't connect it to the new router yet) and log into the Web-based configuration utility by typing its IP address into a Web browser. Then at least configure the following settings:

IP Address: Change the IP address to be within the subnet of the new router. For example, if the new router's IP is 192.168.0.1, the old router could be set to 192.168.0.2.
Channel: Change the channel to one of the three non-overlapping channels, 1, 6, or 11, while making sure any coexisting or overlapping routers or APs aren't set to the same channel.
SSID: Typically, all the APs of a network should have the same SSID, so roaming works when clients move around and change APs. However, if roaming isn't crucial, think about setting the old 802.11g router to a different network name. This can help the users distinguish between the g and n access; especially useful if performance is important.
Security: Remember to set up encryption, preferably WPA or WPA2, on all the wireless routers and APs.

To turn off the DHCP server, find the DHCP settings, usually on the main or network tab. There should be a check box or something similar to toggle the server on and off; disable it. Then make sure to save the changes.

When the configuration is done, put the old router in place. Then connect an Ethernet cable between them, plugging into the regular Ethernet ports of each. Do not connect it to the old router's Internet/WAN port.

Conversion Complete

We did it; now we should have greater coverage area and/or performance. We disabled the routing features of the old wireless router, turning it into a basic AP. If there are more old routers lying around, consider other projects, too. The DD-WRT replacement firmware, for example, has a repeater feature and CoovaAP includes hotspot features.

Tuesday, September 14, 2010

Top 10 basic wireless security practices

Wireless security is a hot topic these days, and different advice abounds. Here's a short checklist to make sure you have the basics covered:

Use vendor-supplied security -- Since the capabilities of each wireless router/access point/bridge differ from brand to brand, it's best to get the vendor's recommendation on the best security options for their devices

Change the default admin password of your wireless router/access point/bridge -- Once a potential attacker detects a wireless network, this is one of the easiest ways to further compromise it.

Turn down the power -- Some vendor's wireless router/access point/bridge's offer the option of changing the power settings so that your wireless network is not broadcasting its signal farther than you really need it to.

Use Media Access Control (MAC) address filtering and Wired Equivalent Privacy (WEP) -- MAC address filtering will help restrict access to your home wireless network to only those users you authorize. If WEP is the only security option available on your wireless router/access point/bridge, use a key that is hard to guess and change it periodically.

Consult the vendor about antenna positioning -- Different antennas radiate signal in different patterns. Check your vendor's documentation to verify optimal antenna positioning for your wireless network.

And Protection Firewall or Viruses

Change SSID and, if possible, disable SSID broadcast -- Your wireless router/access point/bridge may come with a default SSID already configured. Change it as soon as you set up your wireless network. Also, some vendor's may offer the option of not broadcasting this network identifier.

Keep your wireless router/access point/bridge firmware up to date -- New firmware can help resolve compatibility problems, plug security holes and provide other important fixes. Check the vendor's Web site for these updates.

Use a VPN for working at home -- For enterprise users working at home, always check with your enterprise IT department or help desk for best practices regarding accessing the company network over your wireless home network. Often, virtual private network (VPN) software is required for this purpose.

Keep your antivirus software up to date -- Viruses, worms and Trojans are a continuous threat. Make sure your wireless network is not a haven for these problems.

Use a firewall -- Either a hardware or software firewall can help protect your computer and the rest of your network from attack.

Monday, September 13, 2010

Create a Wireless Home File Sharing Network

Introduction

A DHCP capable wireless router can be used as a wireless media 'server'. Each PC can see each other's sharable folders. Music, video and pictures can be streamed from the main PC via the router to any authorized PC/laptop etc in the house.

Steps

For a full-blown file sharing network with easy access straight from boot up, the following five steps are required:

Workgroups
Sharing Folders
Configuring Firewalls
Mapping Network Drives
Customized O/S's

1. Workgroups

Configure all PC's to belong to the same workgroup. This streamlines access issues.

Under {Control Panel / System / Computer Name / Change} set the workgroup to a useful name like HOME_NETWORK.

2. Share Folders

To share folders you need to access the folder properties and do two things.

Under the Sharing tab click {SHARE THIS FOLDER}
Under the Sharing tab also click {PERMISSIONS} and choose the permissions level. This is only necessary if you want remote admin privileges.

You do not need to edit the properties of sub-folders, the root-folder is sufficient. For security, only share a limited number of folders and definitely no system ones.

3. Configure Firewalls

Each respective firewall must allow the other PC access to the shared folders. There are two ways:

Ensure that the Router DHCP setting is {AUTO}. Configure each firewall {TRUSTED NETWORKS}, or equivalent, to the private range issue eg 192.168.1.2 - 192.168.1.254
Ensure that the Router DHCP setting is {MANUAL}. AT each PC, under properties for {Wireless Network Connections}, click the properties for {INTERNET PROTOCOL TCP/IP}. Enter a unique IP eg 192.168.1.X where X= 2 to 254

Configure each firewall {TRUSTED NETWORKS}, or equivalent, to allow access inbound/outbound to the other PC unique IP address. This is slightly more secure from casual poking especially if X is midrange.

Important: For security reasons, ensure that you are using maximum WPA encryption on your router.

4. Mapping Network Drives

It is always handy to map a drive letter to the shared folder on another PC.

Open Windows Explorer
Under {MY NETWORK PLACES / ENTIRE NETWORK / MICROSOFT WINDOWS NETWORK} click the workgroup eg HOME_NETWORK and select the PC of interest and click the shared folder required.
Map that folder to a drive letter via TOOLS / MAP NETWORK DRIVE
If you wish you may tick the choice for {Reconnect on Logon}

5. Customized O/S's

If you have {FILE & PRINTER SERVICES} and {CLIENT FOR MICROSOFT NETWORKS} installed, then ignore the following:

Rarely, the advanced user may have deliberately installed a custom streamlined version of windows, without some services that would have merely bloated the OS.

Under {MY NETWORK PLACES} click the properties for {Wireless Network Connections}.
Select {FILE AND PRINTER SHARING FOR MICROSOFT NETWORKS} and click {INSTALL}.
Under {MY NETWORK PLACES} click the properties for {Wireless Network Connections}.
Tick the box for {FILE AND PRINTER SHARING FOR MICROSOFT NETWORKS} and click {INSTALL}.

Do similarly with {CLIENT FOR MICROSOFT NETWORKS}

When Qos are usefull

QoS is useless if you don't have programs that use it. 99.9% of the usual software doesn't use it. Practically - if you don't know you have to install it you don't need it.

Cisco Ipsec VPN

I have seen some discussion regarding IPSEC VPN's on Cisco devices. Below is a quick tutorial on Cisco IPSEC VPN's. This tutorial is written for 12.4 versions of the IOS.

When creating these connections, you must consider:

Crypto settings
ACL's
Outside interfaces

You can have many SA (security associations) for a crypto map, and inside of a specific SA you can have multiple peers in the list. The VPN engine will process the peers in the order they are listed. This is useful when you are using tracking objects for failover and therefore may have the remote peer coming from multiple IP addresses.

ACL's will be used to control which traffic will be forwarded through the IPSec connection. This will read as "allow all traffic on my local side to send to any local ip address at the remote side". This can be adjusted as you see fit. Assume that I am connection two class C networks via an IPSec VPN. My access list may read as:

10 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255

I am sure there is a way to connect when both subnets are the same using NAT; however I feel that this is bad form. In those cases where I have found that both ranges are the same, I will change one of the ranges. This can be a pain in the ass, but in the long run is a best practice.

As you can see from the sample configurations, this is a peer relationship. Regardless of speed or hardware, there is not Master or Secondary. Cisco calls these configurations Mirrors. The configurations are the same with certain variables reversed.

I cannot recommend enough; DO NOT use the SDM for this. Unless you enjoy 400 line ACL's, you will have a much more pleasurable experience creating these manually. The process is simple and very quick once you get used to it.

I hope this helps you. Please let me know if you spot any typos or mistakes that I made during the creation of this.

LEGEND

our_key = a key which will be used on both sides. This can be any string of characters.
Side_A_IP = the public IP address of Side A. This will be the ip address for the interface which has the crypto map attached to it.
Side_B_IP = the public IP address of Side B. This will be the ip address for the interface which has the crypto map attached to it.
Crypto_map_name = this is the name of the crypto map. It can be any string of characters.
Crypto_integer = this is an integer which attaches an ipsec connection to the crypto map.
ACL_To_Site_B = this is an ACL which will exist at site A to connect to site B.
ACL_Tp_Site_A = this is an ACL which will exist at site B to connect to site A.
Public_Interface = this is the public interface which the VPN will be connecting through.
Site_A_Internal_IP_Range = this is the internal ip range at site A. In the config i am assuming a class C.
Site_B_Internal_IP_Range = this is the internal ip range at site B. In the config i am assuming a class C.

EXAMPLE Side A 
Crypto isakmp policy 1   encr 3des   authentication pre-share 
group 2 Crypto isakmp key our_key address Side_B_IP no-xauth 
crypto ipsec transform-set trans esp-3des esp-sha-hmac 
Crypto map crypto_map_name crypto_integer ipsec-isakmp 
set peer Side_B_IP 
set transform set trans   match address ACL_To_Site_B 
Interface Public_Interface 
crypto map crypto_map_name  
ip access-list extended ACL_To_Site_B 
10 permit ip Site_A_Internal_
IP_Range 0.0.0.255 Site_B_Internal_IP_Range 0.0.0.255 
EXAMPLE Side B   Crypto isakmp policy 1   encr 3des 
authentication pre-share   group 2
Crypto isakmp key our_key address Side_A_IP no-xauth 
crypto ipsec transform-set trans esp-3des esp-sha-hmac 
Crypto map crypto_map_name crypto_integer ipsec-isakmp 
set peer Side_A_IP   set transform set trans  
match address ACL_To_Site_A 
Interface Public_Interface   crypto map crypto_map_name 
ip access-list extended ACL_To_Site_A 
10 permit ip Site_B_Internal_IP_Range 0.0.0.255
Site_A_Internal_IP_Range 0.0.0.255

Internet Root Nameserver

An Internet Root Nameserver (also known as a Root Name Server) is a domain name service server which redirects requests for Top Level Domains to that specific domain, be it .com, .org, .net, .co, .tv or any other domain.

In a typical domain service request, where a computer wants to resolve a domain name to an IP address, it works from right to left. Let's suppose we want to resolve the domain in www.somewhere.com. First, there is an implied dot just to the right of the "last" word, .com. This implied dot is never needed, because the domain name service automatically fills this in for the address. So, our address is really www.somewhere.com.[blank space]. The blank space is the root domain and contained in the root domain (although a private company may have their own private root servers) are the well-known top level domain names, like: .com, .org, or .net. Other top level domain names have been added in recent years, but these three are the most common.

So, we are resolving a domain, www.somewhere.com.[blank space]. We are already in the root ([blank space]) because we are on the Internet. Working from right to left, the next thing we come to is the .com. The Internet knows how to direct to the .com servers from the information it has stored. The .com servers contain information about the "somewhere" domain and lastly, the "somewhere" servers answer queries for the subordinate addresses such as "www" translating the information into an IP Address.

There are thirteen Internet Root Nameservers, six of which are located in the USA and others which are physically anywhere in the globe. Seven of these are distributed using Anycast software. DNS lookups to the root nameservers are relatively rare, since the information is all cached. The Internet Root Nameservers have names with just one letter, from "a" to "m" and all have an IPV4 address. Nine of these servers have an IPV6 address too.

Design Structured Cabling Systems and IT wireless Network Infrastructures

Introduction

Designing a Structured Cabling System - a ten step HOWTO guide

Steps

Below we have provided a ten step introductory guide for the Design of Structured Cabling Systems and IT Network Infrastructures. (see structured cabling schematic)

Step 1: Which group of standards will you conform to?

European Union CENELEC EN standards America ANSI/TIA/EIA standards Canada CSA standards Australia/New Zealand AS/NZ standards Rest of the World ISO/IEC standards

The three principle design standards give the details of how to design and specify a structured cabling standard, they are;

ISO 11801
EN 50173
TIA/EIA 568-A or 568-B

BICSI

These standards in turn however refer to hundreds of other standards relating to component specifications, fire performance, testing methods, containment systems etc.

Step 2: Horizontal cabling - Basic rules

Four-pair cables are run from user positions to a patch panel. At the patch panel, patchcords link into the active LAN equipment or into backbone cabling. The user position has a wall outlet or floor outlet, and this links into the PC on your desk via another patchcord. The outlet is a called a TO (Telecommunications Outlet) and contains an eight way plug meeting IEC 60603-7, more commonly referred to as an RJ-45.

Two outlets per work area
Two outlets per 10 square metres of useable floor space
Outlets to be within 3 metres of the user station
Both outlets to be RJ 45
Max cable run to be 90 m
Max total length of patchcords at both ends of the link to be 10 m
Cable and RJ45 to be Cat5e grade

Options

Cat 3 or optical fibre can be used

If optical fibre, select 50/125 or 62.5/125 multimode

If using fibre select SC or ST connectors

Cat 6/Class E can be specified

Cat 5e Cable can be unscreened, UTP, Foil screened, FTP, or Foil and Braid screened S-FTP.

Cable fire performance can be:

IEC 332-1
IEC 332-1, IEC 754, IEC 1034
IEC 332-3-c. IEC 754, IEC 1034
UL 910 plenum

Each grade, in ascending order, has a better performance in fire situations but at a correspondingly higher price.

The exact density of cables, number of outlets and their position is up to the end user, or else at the proposal of the installer/designer

Step 3: Backbone Cabling

All of the horizontal cables are star-wired back to Telecommunications Closets or Floor Distributors where they are terminated in patch panels. These patch panels are connected together via the building backbone cabling which can be up to 500 metres long. It can be copper cable but is more likely to be optical fibre, either multimode or singlemode. The kind of cables and the number of cores needs to be decided.If fibre is chosen, a loss budget should help you make your decision

Step 4: Campus Cabling

The campus cabling links different buildings together. It can be up to 1500 m long. It can be copper cable but is more likely to be optical fibre, either multimode or singlemode. The kind of cables and the number of cores needs to be decided.

Step 5: Positioning and design of Telecommunications Closets to link horizontal and backbone cabling.

Positioning and design of the equipment room as a central focus for the main computing, LAN and PABX equipment.

Positioning and design of the Service Entrance facility whereby outdoor cables are terminated and the point of demarcation between customer owned equipment and the PTT cables is defined.

Step 6: Cable containment system

How will the cables be protected? Within buildings the choices are:

Cable trays
wire basket/raceway
cable ladders
J hooks
conduit
dado rails
PVC trunking
built-in underfloor duct
raised floors
suspended ceilings

The following must be taken into account:

the density and volume of cables to be organised
the aesthetic appearance of the cabling within offices and other visible areas
economics of different schemes
proximity to power cables and other potential sources of interference
firestopping

Useful standards are:

TIA/EIA 569 Commercial building standard for telecommunications pathways and spaces
EN 50174 Information technology – cabling installation

For external applications the choices are:

underground cable ducts
direct buried cable trench
concrete cable trough
self supporting aerial cable
supported aerial cable, i.e. catenary or messenger wire
fixed to building exteriors

In all cases the designer must ensure that all civils work has been carried out, rights of way established and availability of cable ducts and manholes established. Aerial cable routes must keep a minimum distance away from power cables and all external cables must be selected for the environment and temperature ranges in which they are expected to survive. External copper cables usually need to be protected by overvoltage and fault current devices where they enter a building.

Step 7: Cable Administration system

The cabling and its containment system need to be clearly identified and their locations, routes and capabilities recorded in a cable administration system. This usually involves a logical numbering scheme that can be applied to all cables, outlets, patch panels and even containment systems. Various colour schemes are also available.

These schemes can be paper based but for the larger installations then a computer based system is advisable. There are several proprietary solutions on the market which offer various database and graphical methods for keeping track of cabling assets. Some systems are also active in that they can detect moves and changes and automatically update the database.

Useful standards are:

TIA/EIA-606 Administration standard for the telecommunications infrastructure of commercial buildings
EN 50174 Information technology – cabling installation

Step 8: Earthing Scheme

All exposed metallic elements of the cable system and cable containment system need to be earthed (grounded) for safety and also electromagnetic compatibility requirements. If screened cables are used then special attention must be given to effective bonding of the screening elements. Poorly earthed screened cabling may behave worse than unscreened cabling.

An electrically ‘clean’ earth must be available at all points where the cabling is terminated, but especially within telecommunication closets, equipment rooms and service entrances. A clean earth is usually defined as a conductive element with not more than 1 volt rms potential difference between it and the real earth down below. Copper cabling linking two different buildings can suffer from earth loops if the ground potential is different. Non-metallic optical cabling is usually picked for problem areas such as these.

Some useful standards are:

PrEN50303 Application of equipotential bonding and earthing at premises with information technology equipment
PrEN50174-2 Information Technology, Cabling installation, part 2, Installation, planning and practices inside buildings
TIA/EIA-607 Commercial Building Grounding and Bonding Requirements for Telecommunications

Step 9: Testing regime

All cables must be tested to demonstrate compliance with the standards and specification to which they were bought. Testing can be split into copper cable testing and optical fibre testing. Ideally all cables should be 100% tested.

Copper cables.

There are five manufacturers of hand held copper cable testers that will automatically test the installed cable plant for all the expected parameters. By the use of a remote injector, the cabling is tested from both ends, which is a condition of the standards. The cabling has to pass all of the suite of tests to be awarded and overall pass. Points to remember are;

What is being tested? the channel (i.e. end-to-end including all the patchcords) or the basic link (i.e. the permanently installed cable from outlet to patchpanel). The test figures are different for each setting. It is usually more practical to test the basic link (also referred to as the permanent link).

What level is being tested? The tester should normally be set to Cat5e link or Class E link if Category 6 cable is being used.

The results are stored electronically and must be in a format recognisable by the cable management software that comes with the tester. There are now numerous test standards and draft standards. The most influential is likely to be;

IEC 61935 Generic specification for the testing of balanced generic cabling in accordance with ISO/IEC 11801

The tests required are; IEC 61935 Wire Map X Attenuation X; NEXT pair to pair X; NEXT Powersum X; ELFEXT air to pair X; ELFEXT Powersum X; Return Loss X; Propagation Delay X; Delay Skew X;DC Loop Resistance X. Cable length and ACR are also useful additions to this set of tests.

Optical cables

All that needs to be tested with short distance multimode optical cables is attenuation. This can be achieved by a device called a light source and power meter. This device will simply measure the absolute loss across the optical link. This then has to be compared with the design value of attenuation. If the tested value is less than the design value then the link can be seen to be acceptable.

Optical Time Domain Reflectometers can give a great deal of information about optical fibres, but for short haul multimode fibre they are an expensive overkill that gives results that need expert interpretation. An OTDR remains an essential tool for fault finding.

Step 10: Final thoughts

Is the design of the cabling system in-step with the LAN aspirations of the end user? For example, Cat5e is the minimum performance grade suitable for gigabit Ethernet. Standard Cat5 cable may not have sufficient delay skew performance for RGB video systems however. Cat 6 cabling will give a longer service life due to its higher performance, but at an initial higher cost.

Some optical fibre LANs, e.g. gigabit Ethernet cannot transmit over the full distance allowed in standards based optical structured cabling. These LAN limitations have to be taken into account. The next generation of 10 gigabit Ethernet will need a new generation of optical fibre to make it work.

The best way to ensure success in a structured cabling installation is to use properly trained people to design, implement and test the system. The RCDD qualification from BICSI is the only qualification which covers all aspects of structured cabling design and implementation.

The above information is offered as a summary of ISO 11801 and related standards. It is not a definitive design guide and does not replace study and implementation of the Standards themselves. The publisher accepts no responsibility for inaccuracies or omissions. To purchase the full Standards go to your national standards body, e.g. British Standards Institution, Nederlands Normalisatie Instituut etc. or ISO.

Wireless Network Management

Wireless Network Management refers to use of software tools designed to enhance performance, reliability and security of wireless networks particularly by diagnosing, detecting and reducing sources of radio frequency interference. Unlike in case of wired networks, where the redundancy of the equipment can be applied to mitigate the impact of performance problems and network failures to some extent, the wireless networking have a very limited options owing to availability of very limited wireless spectrum and the effects of wireless interference.

The factors that can have impact on the wireless network performance include traffic flows, working of the network topologies and network protocols, hardware, software and also, the environmental conditions. Therefore, often the Wireless users can be subjected to problems such as lack of coverage, intermittent discontinuity and difficult to monitor security aspects.

Wireless Network Management systems help to ensure network availability, as well as to provide other maintenance tasks, such as performance monitoring, testing, and fault management.

Some of the tools for Wireless Network management are Colubris MultiService Access Points (Maps), Airwave Management Platform (AMP) and Wireless Management Suite, wireless network management spectrum analysis software from Cognio Inc., Radio IP MTG, Cisco’s suite of Wireless Network management products etc.

Friday, September 10, 2010

Wireless Network and Router Security Tips

Reminded by the latest Cisco security alert, many network managers do not realize that their routers can be the jump point to attack. Router operating systems are just as vulnerable to hacker mischief as network operating systems. Most medium to small sized companies do not employ router engineers, or outsource this function on a need to do basic. And because of this, network administrators, and managers, either do not know enough to secure the router or do not have time. Listed below are the 10 basic router security tips.

1. Update your router's OS. Just like network operating systems, router operating systems need to be updated to correct programming oversights, flaws, and buffer overflow issues. Always check with your router manufacture for current updates and OS versions.

2. Change the default password. As much as 80 % of security incidents are caused by weak or default passwords, (This is according to CERT at Carnegie Mellon University) Avoid using common passwords and use mixed case letters as a stronger password policy .

3. Disable HTTP configuration and SNMP. The HTTP configuration part of your router may be easier to configure for a busy network admin, but it is also a security problem for routers. If your router has a command line configuration, disable the HTTP config mode and use it. If you are not using SNMP on your router, then there is no need to have it enabled. Cisco has a SNMP vulnerability with GRE tunnel attacks.

4. Block ICMP ping requests. Ping and other ICMP functions are useful tools for both the network admin and the hacker. ICMP enabled on your router can be used by hacker to identify information to target your network for attack.

5. Disable Telnet use from the Internet. In most cases you do not need an active telnet session from an Internet interface. Access to your router's configuration is more secure if accessed internally.

6. Disable IP directed broadcast. IP directed broadcast can allow Denial of Service (DOS) attacks on your equipment. A router's memory and CPU can be maxed out from too many requests, which can result in a buffer overflow entry.

7. Disable IP source routing and IP redirects. Redirects allow packets to come in from one interface and leave by another. You don't want engineered packets to redirect to a private internal network.

8. Packet filtering. Packet filtering routes only the types of packet you want to enter your network. Many companies only allow 80 (http) and 110/25 (email). Additionally you can block and allow IP Addresses and Ranges.

9. Review Security Logs. By simply taking the time to review your log files you will see obvious patterns of attack, and or even vulnerabilities. You will be surprised to how much activity your router is subject to.

10. Unnecessary Services. Unnecessary services should always be disable, whether they are on a router, server, or workstation. By default, Cisco devices up through IOS version 11.3 offer the "small services": echo, chargen, and discard. These services, especially their UDP versions, are infrequently used for legitimate purposes, but can be used to launch denial of service and other attacks that would otherwise be prevented by packet filtering.

Troubleshooting Wireless Network Connections

In this article we will look at how to tackle some common wireless network problems that people come across. This document will outline the steps you should take if you encounter one of the mentioned issues.

Check the wires and wireless network adapter

Checking that all your wires are plugged in at the router and from the plug is one of the first things you should do – provided of course that you have access to them. Verify that the power cord is connected and that all the lights of the router and cable/DSL modem are on. This may seem like a ridiculous suggestion but you should never disregard the obvious. You’d be surprised at how your configuration can be perfect, and after a while of playing around with settings you realize that the network cable leading from the router to the cable modem has come undone slightly.

You will also want to check that your wireless network adapter is switched on. Some laptops come with a small blue or red button on the side while others require you to enable it from the operating system. In Windows, go to device manager and check that your wireless network adapter is enabled. If you have a PCMCIA or USB wireless adapter try removing it and then re-inserting it while Windows is running so it will re-detect it. The lights on the adapter give an indication of whether there is a problem. On mine, I have two lights; one is orange to signify that the PCMCIA card has power and the other is green to show if a connection has been established. A blinking green light means that I am not in range of a wireless access point or there is a problem with connectivity, whereas a stable light means a connection has been established successfully. Take a look at your device documentation as these sorts of details will vary with each product.

Driver Compatibility

It is important to make sure that you have installed the correct device driver for your wireless network adapter. This can cause all sorts of problems or your adapter not to function at all. A friend of mine recently set up his own wireless network at home but complained to me that his wireless network connection was going “crazy”. Upon inspection I realized that he had configured his router properly but installed the 5v instead of the 3v driver on his laptop PCMCIA network card. Once the correct driver was installed, everything began to run smoothly. It just goes to show how even the smallest detail can make all the difference so make sure you have the correct driver installed!

Low Signal Strength

There are a number of factors that can cause the signal of your access point to deteriorate and the performance of your network to fall under par. Practically any appliance that operates on the same frequency level (2.4 GHz) as 802.11b or 802.11g can cause interference with your wireless network. Be sure to keep cordless phones, microwaves and other electrical equipment at least 1m away from the access point. Try changing channels on the access point and test it out on one of the clients. To change the radio channel on the access point login to the configuration (usually a web based interface) and go to the Wireless Settings (will vary depending on vendor) section, select a different channel and save settings. On the client, go to Device Manager, right click your wireless network adapter and go to Properties. In the advanced tab select the Channel Property and change the Value to the same number as the one you chose on the Access Point. Disable and then re-enable the wireless connection.

Access Point Location

You may also want to try changing the position of your access point antenna to improve performance. Play around with its position and see if you notice a difference. I find that if I point the antenna sideways or downwards I have better reception on the floor below. The following images demonstrate what I mean.

Antenna pointing upwards (default)

Antenna pointing sideways

The location of your access point is vital. Try and place it in a central location, as much as possible avoiding physical obstructions and reflective surfaces. Remember that wireless signals bounce of windows and mirrors, thus decreasing the range. Experiment with different locations until you find one that is practical and promising. Most people, including myself, like placing it near the ceiling since most obstructions are nearer to the floor.

It’s always a good idea to monitor the performance of your signal by using a diagnostic utility. This will help you to identify how strong your signal is in different locations and whether other electrical equipment is interfering. Run the utility when the microwave or cordless phone is in use and see if you notice a difference. Usually your access point will come with its own monitoring utility.

Installing a repeater for a performance boost

If you’re looking for a boost you can always choose to install a repeater. The job of a repeater is to receive the signal, regenerate it and rebroadcast it therefore extending the range of your wireless network. This would sit somewhere between your Access Point and your wireless client. Some repeaters, like the Range Expander series from LinkSys, don’t require it to be directly connected to the network via a cable. However, if security is an issue for you then be careful as some of these ignore certain security methods such as MAC address filtering. Also, some repeaters will only repeat wireless signals coming from its own product family, i.e.: if you have a D-Link Wireless Router you will have to get a D-Link repeater. The image below demonstrates the job of a repeater.

The Access Point transmits the signal. As it travels it decreases, until it hits the repeater and gets boosted. The newly transmitted signal is then received by an in-range wireless client.

Changing the Antenna

Changing the antenna of your access point can increase signal range and overall performance. Typical access points come with a 2dB or 4dB gain antenna but there are one’s available with 8, 14 and even 24dB. Antenna gain is measured in dBi (decibels-isotropic) which basically means how powerful the antenna is and how far it can provide a signal. Directional antennas are suitable for environments where you have a direct line of site from one access point to another and from access point to client; the signal travels in a straight line. Omni-Directional antennas distribute their signal in a circular 360 degrees motion over a horizontal pane, which is ideal for square areas.

Install Windows XP SP2

If you are using Windows XP on your wireless client - as I’m sure most of you are – installing Service Pack 2 would be a good idea. Check the Microsoft Website for download details. Windows XP Service Pack 2 comes with enhanced wireless support such as a new network setup wizard, built in support for WPA (Wi-Fi Protected Access), an updated Wireless Network Connection dialog box and amongst others, a rather nifty repair feature.

To utilize the repair feature all you have to do is right click the connection and select Repair or click the button on the support tab of the status dialog box. This will disable and then re-enable the connection (which clears many of the error conditions on wireless network adapters), clear the NetBT cache and flush the DNS cache. I often find that if my connection signal becomes low after a long period of activity, pressing the Repair button will boost it up to “Good” or “Very Good” depending on my location.

Network Settings

DHCP Addresses

DHCP configuration errors may also cause problems when connecting to a wireless network. Some of the newer access points on the market come with their own DHCP server which usually assigns addresses in the 192.168.0.x range. If your wired network uses a different range then you will probably find that wireless network clients are able to obtain an IP address and ping the access point but communication with other clients will not work. Your access point configuration interface should allow you to set which address scope to use. Set this to be the same as that of your other clients. You can also just disable the DHCP server on the access point and allow clients to obtain an address from the normal DHCP Server on your network.

Encryption Keys

Double check and re-enter your WEP/WPA encryption keys. Wireless Encryption will vary depending on which type of network you are connecting to. In Windows XP, on the Association tab of your wireless network properties dialog box, verify that your network key has been entered correctly and is valid for the network you are attempting to connect to.

MAC Address Filters

A great form of security to allow restricted access to your network. As I had explained in An Introduction to Wireless Networking Part 1, MAC Address Filters are a list of MAC addresses belonging to the clients that are allowed access to the network. This will only permit clients with the specified MAC Addresses to communicate with the network. Having said this, it may be the reason to your problem. Verify that the problematic client’s MAC is in the address list. If the network card had to be changed or a new device purchased recently, be sure to add it to the list.

Conclusion

After having read this article you should be familiar with common wireless network connections problems and what you can do to fix them. I hope that you will now be able to follow these steps when a wireless problem occurs and take the necessary action in solving such issues. Look out for Part 3 of my Introduction to wireless networking series in which I will take a closer look at security, give you some wireless network tips and tricks and also update you on the latest wireless networking news.

Top 10 things to know about network administration

If you're just getting started in the networking field, you've got a lot to learn, and with the rate of changes in networking technology, you can expect to always have a lot to learn, but here are ten essential topics that you should concentrate on (and if you are not just getting started, here are some things to review):

The OSI model: Memorize it. It's almost a cliché, but understanding it is critical.
TCP/IP concepts: Learn to think in binary and get a firm grasp on bitmasks, subnetting, gateways (like the "default gateway") and how addresses are constructed (the network portion, the host portion, etc).
Stacks: Read about how the network stack is implemented on hosts. Get a good feel for what each component (the NIC, firmware, device drivers, the OS, etc) is responsible for. Once you understand this, troubleshooting is easy.
Layer 2: Learn how switches operate and how they're different from hubs and routers. Understand bridging, and get a general idea of what Spanning Tree Protocol does. Learn the difference between a collision domain and a broadcast domain, and then study VLANs.
Routing: Learn a routing protocol. Start with RIP, because it's easy. You don't need to be a guru, just get a general idea about how routers can exchange information about the network.
Services: Understand the role of DNS and DHCP and WINS and know their alternatives, like the host and lmhost files and static addressing.
Find yourself some good networking reference material. Whatis.com is a great for deciphering arcane acronyms.
Security: Read a little about how firewalls operate and other security technologies like VPNs. Understand the difference between authentication, authorization and accounting.
Output: Learn how to get status and information out of your networking devices. A good place to start is with the "show" commands (which will be featured in next week's tip).
Finally, do a walkthrough: follow data as it goes from one application to another. How does it get from the application, to being segmented, packetized, framed, and routed? How does your computer know what IP address to send the packet to? (DNS) How does it know what MAC address to send it to? (ARP) How does it know how big to make the frame? (MTU) How does a switch know which port to forward your packet out on? (FDB) How does a router know which interface to use? (routing table) If you can answer these questions, you're well on your way to being competent and productive.

wireless application service provider

A wireless application service provider (WASP) is part of a growing industry sector resulting from the convergence of two trends: wireless communications and the outsourcing of services. A WASP performs the same service for wireless clients as a regular application service provider (ASP) does for wired clients: it provides Web-based access to applications and services that would otherwise have to be stored locally. The main difference with WASP is that it enables customers to access the service from a variety of wireless devices, such as a smartphone or personal digital assistant (PDA).

Although the business world is increasingly mobile, many corporations are resisting the idea of wireless communication, because of concerns about set-up and maintenance costs and the need for in-house expertise. WASPs offer businesses the advantages of wireless service with less expense and fewer risks. Because mobile applications are subscribed to, rather than purchased, up-front costs are lower; because the WASP provides support, staffing and training costs are lower.

WASP services may include:

Constant system monitoring
Diagnostics and resolution
User support
Text formatting for various devices
Problem detection and reporting

There are still issues to be resolved. Coverage areas remain limited, for example, and data synchronization among devices can be problematic. Nevertheless, WASPs provide an easier, safer, and cheaper way for organizations to add mobile components, and a number of major companies are opting for them. UPS, Sprint, and eBay are among the early subscribers to WASP services. Interestingly, some ASPs have begun to offer WASP services, while others are purchasing them.

Wireless Security Filtering

Filtering

Managing access to a WLAN through WEP keys or authentication is one viable security measure. You can also configure access to be restricted according to device; to do this, you use the Media Access Control (MAC) address or Internet Protocol (IP) address. For example, you can employ filtering on your APs to keep out clients who do not have an authorized client adapter. Without an explicitly approved MAC address on the network adapter, it doesn't matter if the correct username and password are presented because the AP does not allow access.

Simply put, filtering checks a wireless client's MAC or IP address against a list of authorized MAC or IP addresses maintained on the AP. When a client tries to connect to the AP, it must be on the list. If it is not, the client cannot connect.

Filtering should not be the only security measure, however. Both MAC and IP addresses can be spoofed, thus circumventing this layer of security.

MAC Filtering

You can set up a MAC filter two ways:

To pass traffic to and from all MAC addresses except those you specify.
To block traffic to and from all MAC addresses except those you specify.

Furthermore, you can apply these filters to either or both the Ethernet and radio ports and to incoming or outgoing traffic.

Note

Be careful when setting MAC filters. If you incorrectly apply the setting, you can easily lock yourself out of the AP. If this does occur, use the command-line interface (CLI) to disable filters, and then go in and correct your mistake.

MAC filters are managed on the MAC Address Filters page ; simply follow these steps:

Step 1. On the AP's web page, click Services on the menu to the left of the page.

Step 2. Click Filters in the list of services.

Step 3. Click the Mac Address Filters tab on the Apply Filters page.

After you reach the Apply Filters page, you can enable MAC address filters.

Note

Be aware that software often changes. The version of the AP firmware you use might differ from what is shown here, but the steps are similar.

Setting MAC Filters

To configure a MAC filter, follow these steps:

Step 1. To create a new MAC address filter, click Create > Edit Filter Index > . To edit a filter, select the filter number from the menu.

Step 2. In the Filter Index field, identify the filter with a number between 700 and 799. This number is used to assign an access control list (ACL) for the filter.

Step 3. Enter a MAC address in the Add MAC Address field. The address is entered as three groups of four characters, separated by periods (for example, 0125.4275.7879).

Step 4. Use of the Mask entry field enables the filter to check against certain bits, but not others. For example, if you have several clients whose MAC addresses all end in the same four bits, you can use the mask to allow any clients whose MAC address matches those four bits. If you want to force an exact match of the MAC address, in the Mask entry field, enter FFFF.FFFF.FFFF. If you just want to check the last four bits, enter FFFF.FFFF.0000.

Step 5. Choose Action > Forward or choose Action > Block.

Step 6. Click Add. The MAC address you entered has been added to the Filters Classes field. You can remove this address by selecting it and clicking Delete Class.

Step 7. Choose Default Action > Forward All or Default Action > Block All. You must establish the default action for this filter, and it must be the opposite of the action for at least one of the MAC addresses in the filter. For example, if you chose Forward for several MAC addresses, you should select Block All as the filter's default action.

Step 8. Click Apply.

Step 9. Click the Apply Filters tab.

Step 10.Select the filter number from one of the MAC drop-down menus. The filter can be applied to either the Ethernet port, the radio ports, or both. You can also apply the filter to incoming traffic, outgoing traffic, or both.

Step 11. Click Apply.

Note

You need to restart the system, so that all clients are appropriately filtered.

IP Filtering

You can also limit access to your AP with IP filters. IP filtering can be applied based on IP address, IP protocol, and IP port. This allows or prevents the use of specific protocols through the AP's Ethernet and radio ports. Like MAC filtering, you can also set up the filter to allow or deny sending or receiving traffic from the AP based on IP address.You can set up IP filters to allow combinations of all three IP filtering components (address, protocol, and port).

IP filters are managed on the IP Filters page.

To reach the IP Filters page, follow these steps:
Step 1. On the AP's web page, click Services on the menu to the left of the page.

Step 2. Click Filters in the list of services.

Step 3. Click the IP Filters tab.

After you reach this page, you can enable IP filters.
Setting IP Filters

To configure an IP address filter, follow these steps:

Step 1. To create a new IP address filter, select Create > Edit Filter Index > . To edit a filter, select the filter number from the menu.

Step 2. In the Filter Name field, identify the filter with a name.

Step 3. Select Default Action > Forward All or Default Action > Block All from the Default Action. You must establish the default action for this filter and it must be the opposite of the action for at least one of the IP filters. For example, if you chose Forward for several IP addresses, you should select Block All as the filter's default action.

Step 4. To filter a specific IP address, enter that address under the IP Address section. The Destination Address field is used to filter traffic going to an address; the Source Address filters filter traffic coming from a given IP address.

Note

If you intend to block traffic to all IP addresses except those specified, make sure you include the IP address of your own computer in the list of specified exceptions; otherwise, your computer is shut out from the AP.

Step 5. The Mask entry field allows the filter to check against certain bits, but not others. Type the subnet mask in this field. The mask is used if you are filtering everything to or from a subnet.

Step 6. Select Action > Forward or select Action > Block.

Step 7. Click Add. The IP address you entered has been added to the Filters Classes field. This address can be removed if you select it and click Delete Class.

Step 8. To filter an IP protocol, select one of the protocols from the IP protocol drop-down menu, or select the Custom radio button and enter the number of an existing ACL in the Custom field. Enter an ACL number from 0 to 255.

Step 9. Select Action > Forward or select Action > Block.

Step 10. Click Add. The protocol appears in the Filters Classes field. This field is at the bottom of the page and is shown in Figure 8-4. This filter can be removed if you click Delete Class.

Step 11. To filter a TCP or UDP port protocol, select one of the common port protocols from the TCP Port or UDP Port drop-down menus, or you can select the Custom radio button and enter the number of an existing protocol in one of the Custom fields. Enter a protocol number from 0 to 65535.

Step 12. Select Action > Forward or select Action > Block.

Step 13. Click Add. The protocol appears in the Filters Classes field. This filter can be removed if you click Delete Class.

Step 14. Click Apply.

Step 15. Click the Apply Filters tab.

Step 16. Select the filter names from one of the IP drop-down menus. The filter can be applied to the Ethernet port, the radio ports, or both. You can also apply the filter to incoming traffic, outgoing traffic, or both.

Step 17. Click Apply.

Who Uses Wireless Technology?

Some of the largest users of wireless technology can be seen in the transportation and shipping industry; Federal Express and United Parcel are good examples. Another area is that of automated vehicle location systems that are supported through a combination of satellite and landline systems coupled with the Internet.

WLAN Modes of Operation

The Anritsu MT8860C is the only WLAN Test Set with Network and Direct modes for testing WLAN devices conforming to IEEE 802.11 standards.

The MT8860C is an integrated one-box test set dedicated to testing 802.11 WLAN devices. It provides a high-speed measurement solution that is suitable for both production testing and design proving.

The MT8860C replaces existing test systems that typically require power meters, spectrum analyzers, and Gold Radios with external attenuators. The result is a test instrument with faster integration into production, offers a universal solution for all WLAN chip sets, and is simpler to maintain and calibrate. The MT8860C also reduces test system costs, increases production throughput, and delivers the most flexible WLAN testing available.

The MT8860C has two modes of operation: Network and Direct. The "Network" mode uses standard WLAN signaling and can be used for testing both the transmitter and receiver of DUTs. In "Direct" mode, the MT8860C tests DUT receivers by generating and transmitting WLAN packets, and tests DUT transmitters with its built-in transmitter analyzer. In Direct mode, the DUT must be controlled by the test mode software utility from the chipset vendor. The user interface is implemented through the supplied LANLook software package. LANLook runs on a standard PC and uses a conventional Windows®, based interface for both instrument configuration and results displays in clear numerical and graphical formats. LANLook communicates with the MT8860C using remote commands that are sent via a GPIB or Ethernet interface.

Features

Integrated test set for validating the RF performance of WLAN devices operating in the 2.4 GHz and 5 GHz frequency bands
'Network' mode – tests devices in a connection using standard WLAN signalling.
'Direct' mode – tests WLAN devices with the support of control software from the chipset vendor
Built-in reference radio for calibrated Packet Error Rate (PER) measurements
Automatic assignment of DUT IP address using built-in DHCP server
Built-in TX Analyzer
Shorter test system design times
High-speed transmitter measurements including power bust, spectral mask and modulation accuracy (EVM)
Dedicated WLAN signal generator for 802.11b/g/a
Supports GPIB and Ethernet remote interfaces
LANLook software for instrument configuration and results display
CombiTest software for automated production test requirements

Advantages and Disadvantages of WLANs ( Wireless / Wifi )

WLANs have advantages and disadvantages when compared with wired LANs. A WLAN will make it simple to add or move workstations and to install access points to provide connectivity in areas where it is difficult to lay cable. Temporary or semipermanent buildings that are in range of an access point can be wirelessly connected to a LAN to give these buildings connectivity. Where computer labs are used in schools, the computers (laptops) could be put on a mobile cart and wheeled from classroom to classroom, provided they are in range of access points. Wired network points would be needed for each of the access points. A WLAN has some specific advantages:

It is easier to add or move workstations.
It is easier to provide connectivity in areas where it is difficult to lay cable.
Installation is fast and easy, and it can eliminate the need to pull cable through walls and ceilings.
Access to the network can be from anywhere within range of an access point.
Portable or semipermanent buildings can be connected using a WLAN.
Although the initial investment required for WLAN hardware can be similar to the cost of wired LAN hardware, installation expenses can be significantly lower.
When a facility is located on more than one site (such as on two sides of a road), a directional antenna can be used to avoid digging trenches under roads to connect the sites.
In historic buildings where traditional cabling would compromise the façade, a WLAN can avoid the need to drill holes in walls.
Long-term cost benefits can be found in dynamic environments requiring frequent moves and changes.

WLANs also have some disadvantages:

As the number of computers using the network increases, the data transfer rate to each computer will decrease accordingly.
As standards change, it may be necessary to replace wireless cards and/or access points.
Lower wireless bandwidth means some applications such as video streaming will be more effective on a wired LAN.
Security is more difficult to guarantee and requires configuration.
Devices will only operate at a limited distance from an access point, with the distance determined by the standard used and buildings and other obstacles between the access point and the user.
A wired LAN is most likely to be required to provide a backbone to the WLAN; a WLAN should be a supplement to a wired LAN and not a complete solution.
Long-term cost benefits are harder to achieve in static environments that require few moves and changes.

What is Wireless Computer Networking?

Wireless networks utilize radio waves and/or microwaves to maintain communication channels between computers. Wireless networking is a more modern alternative to wired networking that relies on copper and/or fiber optic cabling between network devices.

A wireless network offers advantages and disadvantages compared to a wired network. Advantages of wireless include mobility and elimination of unsightly cables. Disadvantages of wireless include the potential for radio interference due to weather, other wireless devices, or obstructions like walls.

Wireless is rapidly gaining in popularity for both home and business networking. Wireless technology continues to improve, and the cost of wireless products continues to decrease. Popular wireless local area networking (WLAN) products conform to the 802.11 "Wi-Fi" standards. The gear a person needs to build wireless networks includes network adapters (NICs), access points (APs), and routers.

Thursday, September 9, 2010

10 Tips for Wireless Home Network Security

Many folks setting up wireless home networks rush through the job to get their Internet connectivity working as quickly as possible. That's totally understandable. It's also quite risky as numerous security problems can result. Today's Wi-Fi networking products don't always help the situation as configuring their security features can be time-consuming and non-intuitive. The recommendations below summarize the steps you should take to improve the security of your home wireless network.

1. Change Default Administrator Passwords (and Usernames)

At the core of most Wi-Fi home networks is an access point or router. To set up these pieces of equipment, manufacturers provide Web pages that allow owners to enter their network address and account information. These Web tools are protected with a login screen (username and password) so that only the rightful owner can do this. However, for any given piece of equipment, the logins provided are simple and very well-known to hackers on the Internet. Change these settings immediately.

2. Turn on (Compatible) WPA / WEP Encryption

All Wi-Fi equipment supports some form of encryption. Encryption technology scrambles messages sent over wireless networks so that they cannot be easily read by humans. Several encryption technologies exist for Wi-Fi today. Naturally you will want to pick the strongest form of encryption that works with your wireless network. However, the way these technologies work, all Wi-Fi devices on your network must share the identical encryption settings. Therefore you may need to find a "lowest common demoninator" setting.

3. Change the Default SSID

Access points and routers all use a network name called the SSID. Manufacturers normally ship their products with the same SSID set. For example, the SSID for Linksys devices is normally "linksys." True, knowing the SSID does not by itself allow your neighbors to break into your network, but it is a start. More importantly, when someone finds a default SSID, they see it is a poorly configured network and are much more likely to attack it. Change the default SSID immediately when configuring wireless security on your network.

4. Enable MAC Address Filtering

Each piece of Wi-Fi gear possesses a unique identifier called the physical address or MAC address. Access points and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the owner an option to key in the MAC addresses of their home equipment, that restricts the network to only allow connections from those devices. Do this, but also know that the feature is not so powerful as it may seem. Hackers and their software programs can fake MAC addresses easily.

5. Disable SSID Broadcast

In Wi-Fi networking, the wireless access point or router typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses and mobile hotspots where Wi-Fi clients may roam in and out of range. In the home, this roaming feature is unnecessary, and it increases the likelihood someone will try to log in to your home network. Fortunately, most Wi-Fi access points allow the SSID broadcast feature to be disabled by the network administrator.

6. Do Not Auto-Connect to Open Wi-Fi Networks

Connecting to an open Wi-Fi network such as a free wireless hotspot or your neighbor's router exposes your computer to security risks. Although not normally enabled, most computers have a setting available allowing these connections to happen automatically without notifying you (the user). This setting should not be enabled except in temporary situations.

7. Assign Static IP Addresses to Devices

Most home networkers gravitate toward using dynamic IP addresses. DHCP technology is indeed easy to set up. Unfortunately, this convenience also works to the advantage of network attackers, who can easily obtain valid IP addresses from your network's DHCP pool. Turn off DHCP on the router or access point, set a fixed IP address range instead, then configure each connected device to match. Use a private IP address range (like 10.0.0.x) to prevent computers from being directly reached from the Internet.

8. Enable Firewalls On Each Computer and the Router

Modern network routers contain built-in firewall capability, but the option also exists to disable them. Ensure that your router's firewall is turned on. For extra protection, consider installing and running personal firewall software on each computer connected to the router.

9. Position the Router or Access Point Safely

Wi-Fi signals normally reach to the exterior of a home. A small amount of signal leakage outdoors is not a problem, but the further this signal reaches, the easier it is for others to detect and exploit. Wi-Fi signals often reach through neighboring homes and into streets, for example. When installing a wireless home network, the position of the access point or router determines its reach. Try to position these devices near the center of the home rather than near windows to minimize leakage.

10. Turn Off the Network During Extended Periods of Non-Use

The ultimate in wireless security measures, shutting down your network will most certainly prevent outside hackers from breaking in! While impractical to turn off and on the devices frequently, at least consider doing so during travel or extended periods offline. Computer disk drives have been known to suffer from power cycle wear-and-tear, but this is a secondary concern for broadband modems and routers.

If you own a wireless router but are only using it wired (Ethernet) connections, you can also sometimes turn off Wi-Fi on a broadband router without powering down the entire network.

Tuesday, September 7, 2010

Multi-tech wireless broadband

Combining cellular network, WiMAX, and Wi-Fi

Balancing cost, performance, and resource utilization drive technological convergence. Inevitably the merger of WWAN (3GPP/3GPP2 cellular network), WMAN (WiMAX), and WLAN (Wi-Fi) will form the future technological backbone of wireless broadband networks. Moreover, Mesh backhaul will encompass various wireless devices within an enormous optical fiber broadband network.

WWAN, WMAN, and WLAN possess idiosyncratic strengths and weaknesses. The access rate of the GPRS is dozens of Kbps, while Wi-Fi can range between dozens and even hundreds of Mbps. The coverage range of GPRS is tens of kilometers, compared with Wi-Fi's modest range of less than 100 meters. At the same access rate, GPRS supports a mobile speed of up to hundreds of kilometers per hour, yet Wi-Fi is notably sluggish. Considerable differences also arise in cost: the cost per bit or service charge of GPRS is remarkably high, while Wi-Fi is almost free.

While WWAN, WMAN, and WLAN have their specific core applications, the three can be mutually supplementary. Cellular networks such as GPRS/EDGE/EVDO/HSPA/LTE offer broad coverage, roaming capability, and high-speed mobility. Wi-Fi and Mobility Ad Hoc are the most suitable for high-rate and large-volume indoor data services after being upgraded to carrier-class. WiMAX can be regarded as an upgraded version of 3G Packet Switching (PS), a quasi-4G version, or an upgraded version of Wi-Fi. Integrating the advantages of both cellular and Wi-Fi networks, WiMAX represents an optimum technology for MAN coverage, with hybrid networking of micro and macro BTSs.

End users are most concerned with the balance of price and quality, and the latter is mostly judged by download rates. A convergence-oriented combination of technologies is urgently required to satisfy subscribers' increasingly stringent demands on fees, performance, coverage, and mobility. Moreover, these demands span multiple networks that are embraced by a range of different standards.

For example, subscribers can expect low cost and high speed Wi-Fi or WiMAX access in the home, while Wi-Fi hotspot coverage or WiMAX is more suitable for airports or other places where broadband access needs to have a wider range and guaranteed throughput. In areas that lack Wi-Fi or WiMAX, cellular networks can maintain basic service availability. Undoubtedly, the resulting QoE will be consistently high and seamless, and the intelligent combination of technologies will be welcomed by subscribers.

wireless broadband networks

In future wireless broadband networks, an open terminal, or Intelligent Internet Device (IID), will act as a portal. It will integrate services and provide customer experiences. IIDs can access networks through different air interfaces and use only one widget or button for a given service application, including voice and data services. Data services in the 3G/4G era will be as popular as SMS in the 2G era. Unlike voice and SMS, data services have spawned from the Internet, and are therefore more diversified, complex, and flexible.

In the future wireless broadband market, we can predict that:

The voice service will lose its dominant position and become a basic service. The technical threshold of SIP-based VoIP will continue to decrease, and most SPs will provide a VoIP "button". Voice services–and especially VoIP–will supplement other services in the same way that voice currently supplements IM in MSN. The traditional telecom operation mode that only provides a voice service will vanish.

Streaming media will play an even more pivotal role in data services. The ARPU (for data and voice) of streaming media will be replaced by other indices such as average bandwidth speed (ABWS) and the average bandwidth consumption per month (ABWC). In addition, a greater range of business models will accommodate ARPU of data services. Listing services top-down in terms of requirements on network transmission quality yields the following order: online games, real-time videos, voice services, streaming media, Web browsing, and non-real-time services (such as FTP, BT, SMTP/POP). These services have different requirements for network indices such as jitter, delay, bandwidth, QoS, QoE, and security. Streaming media most closely bonds the requirements of subscribers and the provisioning capability of networks. As a key broadband data service, it will no doubt increase popularity among subscribers, and consume the major share of bandwidth resources.

Spectrum resources will be the key

The spectrum is inherently a rare resource. Shannon's theory holds that channel capacity is influenced by two factors: spectrum bandwidth and SNR. It is impossible to fully eliminate noise, and increases in signal strength are limited. Hence, spectrum resources are vital to meeting the increasing demand of subscribers for wireless data traffic volumes.

In most countries, high quality spectrum resources have been historically occupied by narrowband voice, radio, and television. This includes most civil spectrum resources and a certain amount of dedicated spectrum resources for the military, civil aviation, railway, security industries, and for radio and television. In future, these high quality spectrum resources will be gradually released for new communication technologies applications, albeit as part of a very slow process. This is the reason why the white-space spectrum is so valuable.

Among existing, advanced wireless broadband technologies, HSPA and WiMAX possess the advantages of precocity. In contrast to other technologies, the two have a developmental window of opportunity spanning 3 to 4 years, and will be allocated frequency resources before other technologies. The application of HSPA can target the personal mobile broadband (MBB) market, while WiMAX can focus on home and enterprise broadband services. In consideration of market competition and investment protection, HSPA and WiMAX will form significant wireless broadband technologies in the coming years.

New technologies and concepts

Cloud computing

For many years, computing resources have been exploited and expanded in the information and communication field to compensate for the dearth and expense of bandwidth resources. Increases in bandwidth availability coupled with a decrease in costs will soon bring the advantages of cloud computing into sharper relief. If the majority of core computing resources gather into a "cloud", only simple processing tasks such as optimizing visual and aural effects are required at the client level to provide high QoE at low cost. The cloud model thus centralizes resources, simplifies their reuse and management, and enhances efficiency.

However, cloud computing visits problems on customization and diversity. Though the model gathers computing and digital media resources into the cloud, meeting individual requirements either via the same cloud or through different clouds is another matter entirely. The solution, however, lies with tailor-made and personalized portals that allow subscribers to use any type of terminal to obtain a personal, mobile homepage, which is application-ready and can be customized.

Accessing information through cloud computing is similar to Paying with Plastic in that the terminal resembles an intelligent credit card, resource clouds mirror virtual banks and Internet stores, and the wireless broadband network forms an ATM or POS. Subscribers store home pages and access these banks and stores through a unique personal network ID (or what we refer to as a "communication fingerprint"). The private ID database, home page database, widget stores of network applications, and resource and settlement platforms all describe new NEs that exist under cloud computing architecture.

While cloud computing may be useful in specific contexts such as computing and for applications in dedicated networks, it has little impact on the architecture of wireless broadband networks.

Mesh and SON

The Mesh and Self-Organizing Network(SON) technologies fall under the same category. The SON technology deploys auto-configuration, auto-discovery, auto-organization, and multi-hop routing to form an SON comprising independent nodes. When network topology changes or links disconnect, the SON technology's self-healing and self-organization capabilities guarantee network connectivity and can optimize network-wide performance.

The wireless Mesh is a multi-hop network that has evolved from an Ad Hoc network. Mesh technology connects independent network nodes to optimize overall performance. The expectation on intelligent Mesh technology is relatively logical as disorganized networks must demonstrate a "clear and logical thinking ability" to manage a host of complex networks, efficiently interconnect independent network nodes, and facilitate their inter-communication.

At present, disorganized networks such as Wi-Fi networks cannot realize a greater "sense of organization" than cellular networks. We hope that the future application of intelligent Mesh technology can arrange these disorganized networks into a complex, SON capable of improving the performance across entire networks.

The future of wireless broadband

Wireless broadband aims to provide universal access (UA) and always broadband connection (ABC) services anytime, at any place, and across any heterogeneous network using any terminal.

Wireless broadband incorporates numerous technologies including multiple types of cellular technology, fixed and nomadic wireless access, wireless LAN, and even Bluetooth. Combined with All-IP technology, wireless broadband networks can provide broadband wireless access for subscribers in both low and high speed mobile environments. Wireless broadband can seamlessly transit between cellular systems, regional wireless networks, and radio/television/satellite communication systems.

Wireless broadband networks must optimally combine various technologies to enhance end user's QoE. In the future, wireless broadband is expected to provide a minimum single-user rate of 2×768 Kbps, or data and protocol rates of 1Mbps/m². It is clear that only a hybrid wireless network is adequate to deliver a mobile, economical broadband service, since single mode networking lacks the capability. The handover between heterogeneous networks (or vertical handover) in hybrid networking will shatter the restrictions on improving applications and performance that occurs in the handover between homogeneous networks (horizontal handover). By using a single terminal based on open wireless architecture (OWA), the end users can drive through network boundaries, realize UA and ABC, and then enjoy broadband services and applications anytime, at any location, and through any network.

Combining technologies invariably present unexpected difficulties, while the breakthrough of these difficulties can deliver surprising benefits. For example, the problems associated with Wi-Fi operation and inter-network roaming will be gradually solved, and this will greatly improve the popularization of Wi-Fi. The real end-to-end (E2E) application of wireless broadband will emerge after holistic technological maturity allows a single terminal to seamlessly roam among multiple networks of different standards. This will indeed represent a milestone feat, and is a colorful vision that motivates industry players.