Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
10/1/12
radio bands is unrestricted, subject to local regulations. This is great for saving on FCC licensing costs, but it comes at the expense of having to share these radio bands with a potential smorgasbord of other devices. The IEEE standard that governs WLANs is called specification 802.11. IEEE standards specify the protocols that define the frequency, bandwidth, maximum data rates, and modulation of wireless signals. We're concerned with the primary four: 802.11a, 802.11b, 802.11g, and 802.11nleaving legacy 802.11 (i.e., 802.11-1997) by the wayside. 802.11b is perhaps the most well-known protocol, and for good reason. It was the first protocol to gain widespread acceptance in the industry; the majority of the subsequent protocols are backwardcompatible with it. Originating in 1999, 802.11b operates at 2.4GHz, with a maximum throughput of 11Mbps. 802.11a also originated in 1999, as a speedier alternative to 802.11b. This was achieved by having 802.11a operate in the 5GHz band with Orthogonal Frequency Division Multiplexing (OFDM) modulation. Compared with the Direct Sequence Spread Spectrum (DSSS) modulation used by 802.11b, this allows 802.11a devices to achieve a maximum throughput of 54Mbps. The primary drawback to 802.11a is the lack of compatibility with 802.11b. 802.11g came on the scene in 2003, combining the best of 802.11b and 802.11a. 802.11g operates in the 2.4GHz band and is backward-compatible with 802.11b devices by supporting both DSSS and OFDM modulation. This allows 802.11g devices to achieve a maximum throughput of 54Mbps, with one caveat: Adding a single 802.11b device to an 802.11g network drops the maximum throughput of the network back to the 11Mbps 802.11b level. 802.11n is the newest and currently favored protocol. Arriving in 2009, 802.11n greatly enhances wireless networking by supporting a maximum throughput of 600Mbps. However, achieving this radical speed isn't a given. 802.11n works in both the 2.4GHz and 5GHz bands, using OFDM modulation. In the 2.4GHz band, 802.11n supports up to four multi-input multi-output (MIMO) streams (radio channels) across 20MHz of bandwidth for a maximum throughput of 260Mbps. In the 5GHz band, 802.11n likewise supports four MIMO streams but combined with a higher maximum bandwidth of 40MHz allows for a maximum 600Mbps throughput. 802.11n includes backward-compatibility for not only 802.11g and 802.11b but also for 802.11a.
www.windowsitpro.com/article/wifistandards/wifipractices140898
2/7
10/1/12
Before we move on to radio channels, a quick discussion of the 2.4GHz radio band versus the 5GHz band is in order. The 2.4GHz band is more crowded because it has to share spectrum with plenty of other unlicensed devices. Microwave ovens, baby monitors, and cordless phones compete in this band for available spectrum. Similarly, the number of usable radio channels in the 2.4GHz band is more limited. The 5GHz band is less crowded and has more usable channels, at the expense of a slightly shorter maximum range.
Channel Surfing
Within the 2.4GHz and 5GHz radio bands, there are numerous channels that a Wi-Fi device can use. Although a complete discussion of radio signal modulation, channel subcarriers, channel separation, and other geeky topics is beyond the scope of this article, there are some basic ideas about Wi-Fi radio channels you should be familiar with. In the United States, at 2.4GHz, there are 11 channels to choose from. However, the exact frequencies of these channels overlap slightly as you increment from 1 through 11. This reduces the number of non-overlapping channels greatly, specific to the 802.11 protocol and channel width in use. Avoiding the overlapping channels allows for greater range and throughput of your wireless networks. For 802.11b, channels 1, 6, and 11 won't overlap. For 802.11g and 802.11n with a 20MHz channel width, channels 1, 5, and 9 won't overlap. For 802.11n with a 40MHz channel width, channels 3 and 11 won't overlap. At 5GHz (again in the United States), things are much easier. For 802.11a and 802.11n with either a 20MHz or 40MHz channel width, channels 36, 40, 44, 48, 149, 153, 157, 161, and 165 are available and won't overlap with each other. Channels 52, 56, 60, 64, 100, 104, 108, 112, 116, 136, and 140 are also available without overlap as long as the Wi-Fi equipment supports Dynamic Frequency Selection (DFS) and Transmit Power Control (TPC) capabilities. This is because of an FCC rule designed to protect other equipment, primarily military and weather-related, that uses those channels. If your Wi-Fi AP doesn't support DFS and TPC, those channels shouldn't even be available to you for selection.
www.windowsitpro.com/article/wifistandards/wifipractices140898
3/7
10/1/12
10/1/12
10/1/12
iStumbler for Mac OS X, is available. 7. Consider skipping SSID hiding. A common suggestion is to set your
network name (SSID) to be hidden, so that a potential attacker can't see it. This also then requires that anyone who wants to connect to the network will need to know both the password and the exact SSID. Although it's true that attackers won't be able to see the name of your network, they will be able to see that a network is thereand a sophisticated attacker will be able to determine the SSID anyway. 8. Consider using MAC filtering. If you have a small number of Wi-Fi clients
and don't typically add and remove devices, consider setting up a MAC filter list on your AP(s). Although this approach requires you to obtain the MAC address from each device and manually enter it in your AP's management software, it adds one more layer of complexity that an attacker has to go through before being able to connect to your WLAN because he must then spoof a valid MAC address. However, consider the added management overhead before you do this, especially if your WLAN contains a large number of changing devices. 9. Always think before connecting to a WLAN that's not your own. When you connect to a WLAN at a coffee shop, hotel, or a friend's house, always take a few seconds to think about what you intend to do on that network and balance that against the security in place. Remember that WEP encryption is basically no encryption, and much of what we do on the Internet is over unencrypted HTTP. However, if you only need to connect to a WEP-secured WLAN to go online with your 2048-bit encrypted VPN, you might feel perfectly comfortable doing so because the payload you will be passing wirelessly has a good level of encryption. As always, none of this is a substitute for keeping your systems up-to-date and installing suitable anti-malware software and hardware or software firewalls.
www.windowsitpro.com/article/wifistandards/wifipractices140898
6/7
10/1/12
Learning Path
Windows IT Pro Resources "Wi-Fi Alliance: Please Set Wireless Networks to WPA2" "Enabling 802.11i Wireless Security with Windows Servers" "Easy 802.11g Security" "Secure Your Wireless Network" "A Secure Wireless Network Is Possible" "Planning for Wi-Fi" Microsoft Resources "802.1x Authenticated Wireless Deployment Guide" "Wireless Networking Security" "Secure Wireless Access Point Configuration" "5-Minute Security Advisor - Strengthening Wireless Authentication" "Wi-Fi: 8 tips for working securely from wireless hot spots"
1. http://www.windowsitpro.com/author/5063643/MichaelDragone
www.windowsitpro.com/article/wifistandards/wifipractices140898
7/7