Go Back   OC3D Forums > [OC3D] Hardware & Software > Networks & Security
Reply
 
Thread Tools Display Modes
 
  #11  
Old 04-05-05, 04:56 PM
Joe Joe is offline
OC3D Elite
 
Join Date: Mar 2005
Posts: 2,592
nice guide Matt MOD REPPED (wish i could rep ya )


__________________
Quote:
I got 600 TFLOPS out a potato that i put in a Soc 775 mobo , proof? -- here is a picture of a piece of lint , surley that will suffice
OC3D ScreenSavers ::
|Available Here|

Got an Ipod? :: |Check This Out|


Isabelle Loves OC3D :: |THIS MUCH|





Reply With Quote
  #12  
Old 05-05-05, 08:18 AM
PV5150 PV5150 is offline
OC3D Elite
 
Join Date: Mar 2005
Posts: 9,934
Thanks Joe...muchly appreciated
__________________
Quote:
Originally Posted by name='Jim'
"Jonathan 'Fatal1ty' Wendel may be 12-time world gaming champ, but how does he cope inside a 50c hot box sucking on a heavy load?":rocker::rocker:
Reply With Quote
  #13  
Old 05-05-05, 10:42 AM
bloodthirst bloodthirst is offline
OC3D Elite
 
Join Date: Apr 2005
Posts: 2,391
Quote:
Originally Posted by PV5150
Hi Guys

BACKGROUND

Wireless LANs (or WLANS) are based upon the 802.11 series of standards ratified by the IEEE. There are currently 3 common standards for WLAN networking and 1 standard for PAN (Personal Area Networking)

WLANs can be setup in infrastructure mode, or Ad Hoc mode.

In Infrastructure mode, you use an Access Point (think of it like a radio station) and several clients (ie, PCs or laptops with WLAN network cards). The Access Point transmits radio signals and the clients (the PCs or laptops) receive and transmit to the Access Point. It is exactly like a cell-phone network. Your computers are the phones and the Access Point is the cellular network base station.

In Ad Hoc mode, you simply have two or more PCs or laptops talking to each other directly, without an Access Point. Using the same phone analogy, it's like having two walkie-talkies, transmitting to each other, instead of a cellphone that uses a centralized base station to talk to another cellphone. Ad hoc mode is cheaper (because you don't need an Access Point), but slower and only useful for direct PC to PC connectivity.

All WLANs are 'contention based'. This basically means they are like "wireless hubs". When one station is transmitting, no one eles can. They are NOT switched! This means that the actual real-life throughput of WLANS is less than the advertised bandwidth. The most common 802.11b network standard offers 11Mb/s bandwidth , but in reality you will only get around 6Mbs throughput . For the record, this is just like wired Ethernet. You never get the full bandwidth in any advertised network standard.

Finally, all current WLANs also opperate in unlicensed spectrum. This means that no license is required, so anyone can setup a transmitter or receiver. This is exactly what you are doing when you buy an Access Point and a wireless network card! The advantage of this is obvious. No licence, no paper work, no hassle. The disadvantage is that anyone can do it, so someone next door might setup a WLAN too, and there may be some intereference.

WLAN STANDARDS

802.11b (aka WiFi)

Max speed: 11Mb/s

Spectrum: 2.4Ghz

This is by far the most common standard. Most of the WLAN kit you can buy today uses 802.11b. It is cheap and well understood. It opperates in the 2.4Ghz spectrum. Note that this is the same frequency used by older analogue cordless phones and by microwave ovens! Your WLAN will not fry you though, as maximum power is usually around 100mW. Microwave ovens zap things at around 800Watts. It should be noted however, that microwave ovens and older cordless phones can cause interference when they are "on".

802.11b offers 11Mb/s through-put. However, in reality users can expect 6Mb/s maximum bandwidth due to collisions, contention etc.

Within the 2.4Ghz spectrum range used by 802.11b, there are 11 (eleven) channels that can be used. Think of these as "slots" in the 2.4Ghz range. Channel 1 is actually 2.412 GHz, all the way up to Channel 11 which is 2.462 GHz. Note how each channel has a small, but significant change in the actual frequency used (though they are still all in the 2.4Ghz range). Multiple channels are only used when you have multiple Access Points all in or near the same location! They allow you to deploy adjacent cells without causing interference. Most WLANs are setup using channels 1, 6, 11.

Consider four cells side by side. If they used the exact same frequency, you would have lots of interference. But by using seperate, non-overlapping channels, you can place the cells beside each other with no interference. See the following diagram of four radio cells, sitting side by side.

----- ----- ------ -----

{ Ch1 } { Ch6 } { Ch11 } { Ch1 } {etc...}

----- ----- ------ -----

Each cell is adjacent (or even overlapping a bit), but is using different channels. This means they do not interefere with each other.

For reference, the channels are:

1 2.412 GHz

2 2.417 GHz

3 2.422 GHz

4 2.427 GHz

5 2.432 GHz

6 2.437 GHz

7 2.442 GHz

8 2.447 GHz

9 2.452 GHz

10 2.457 GHz

11 2.462 GHz

802.11a (aka WiFi-5)

Max speed: 54Mb/s

Spectrum: 5Ghz

This is a newer standard and it offers much higher bandwidth. The equipment is expensive and it is unlikely you shall see it in "retail" or "home network" devices. It has many advantages for enterprise companies who have lots of money. For example, you can use up to 8 non-overlapping channels. This is great if you are a company trying to install lots of APs (Access Points), as you can pack the cells in tighter, but is of little interest to home networkers.

802.11g

Max speed: 54Mb/s

Spectrum: 2.4Ghz

This new standard has just been ratified by the IEEE. It uses the same frequency as 802.11b but offers speeds of up to 54Mb/s. This is achieved by using different multiplexing (which I won't go into here). One of the major benefits of 802.11g is that it is backwards compatible with 802.11b. What does this mean? Basically, an 802.11g network can support both 802.11b clients and 802.11g clients. Remember, they both use the same frequency of 2.4Ghz. The only disadvantage with this is that the 802.11g Access Point will "drop down" to the slower speed for the entire cell. This means even one 802.11b (11Mbs) client will bring down the speed of the entire 802.11g (54Mbs) cell. Pretty obvious when you think about it.

802.11g cards and Access Points are readily available, and are slightly more expensive than 802.11b ones. It should be noted that only the very newest ones will be compliant with the standard, as it was only ratified in June 2003. The "pre ratification" versions out there already can probably be upgraded via firmware/PROM flashing.

802.15 (aka BlueTooth)

Max speed: 10Mb/s

Spectrum: 2.4Ghz

BlueTooth is known as a PAN or Personal Area Networking. It is not really a WLAN standard and I only include it here for completeness. BlueTooth operates in the same frequency as 802.11b and 802.11g (2.4Ghz) and can cause service degradation . It won't "knock out" your WLAN, but if two transmitting devices are close together (say a WLAN card and a BlueTooth dongle on your PC), you will see a significant impact upon your WLAN performance. Keep BlueTooth devices at least 25cm from 802.11b or 802.11g cards if possible.

SECURITY

Security in 802.11 wireless networks is based upon the WEP encryption protocol. WEP stands for Wired Equivalency Protocol , but don't be fooled. Native WEP on it's own is not as secure as a wired LAN.

Originally WEP was based upon 48bit keys, but almost everyone now uses the much stronger 128bit keys (some manufacturers even offer 256bit versions). This is still hackable, if the hacker captures between 1,000,000 and 4,000,000 packets. It should be noted that, for a normal home network, this would mean HOURS of someone surreptitiously hiding nearby, their laptop in hand and actively "listening" to your network traffic. Afterwards, they then need to run their capture through a cryptographic tool to get your key. A lot of work to hack into someone's home network, but possible none-the-less.

WEP is certainly not sufficient for enterprise networks, and a lot of work has been put into improving WLAN security over the past year. But it is fine for home networks. Don't let anyone else convince you otherwise.

This is especially the case when you consider the new enhancements introduced with WPA.

WPA - WiFi Protected Access

This new standard is a set of security hardenings that greatly increase the security of WLANs. Without going into too much technical detail, WPA introduces two major enhancements.

TKIP Temporal Key Integrity Protocol

This basically rehashes the WEP encryption key every packet.

MIC Message Integrity Protocol

This is conceptually like a CRC value.

It protects against "man in the middle" attacks; ie, someone intercepting and changing a packets contents.

WPA effectively mitigates (ie, reduces) all known security weaknesses in WEP based WLAN standards.

For home deployments, WPA is run in what is called WPA-PSK mode (WPA - Pre Shared Key). Effectively this means you enter a key (think of it as a code) into your Access Point and any clients. The Pre Shared Key is used to generate new WEP keys on a regular basis. Remember WEP keys are what are used to actually encrypt your traffic. The PSK is simply another code (or key) that is used by the AP and clients to generate new WEP keys, without having to transmit them over the air. They both independently calculate the new WEP based upon the PSK and an encryption algorithm. This capability is what is known as "dynamic key management". It should be noted that it is important your PSK (or "shared secret") is as long as possible. I STRONGLY recommend you use at least 20 characters, and don't choose a normal English word (these are easier to guess). Select some random string of characers and numbers.

802.11i

802.11i was recently ratified by the IEEE. The main enhancement is the replacement of WEP with AES (Advanced Encryption Standard). This is the encryption standard that the Pentagon uses. AES is a cipher block encryption standard. As such it is fundamentally more secure than WEP. However, AES is rather processor intensive. Most current wireless cards will not be able to support AES in hardware , and will have to resort to new drivers/software to support it in software . This will have a significant impact upon performance. Most current APs can be flashed to support AES, though with some older models you may be out of luck.

Note that WEP plus WPA offers security that is just as strong (for most users and purposes) as 802.11i.

WPA2

WPA2 is an upcoming "standard" defined by the WiFi Alliance. WPA2 is just a rebranding of 802.11i.

EAP

EAP, or Extensible Authentication Protocol is a framework for introducing improved higher level authentication mechanisms to WLANs. It is based upon 802.1x, an ethernet port authentication protocol. EAP does not work alone, but relies upon 3rd parties (ie, Microsoft, Cisco etc) developing "plug ins" (for want of a better term) that provides the specific authentication mechanisms. The most common are LEAP (developed by Cisco), EAP-TLS (primarily Microsoft), PEAP (Cisco, Microsoft) and EAP-TTLS (Funk etc)

EAP is used to manage authentication . This is different from encryption . Authentication is a big issue for large companies that want to ensure only the right people can log onto their networks. This is a seperate problem from worrying about encrypting the actual data that is being transmitted wirelessly. Home users do NOT have to worry about authentication. I include reference to EAP and 802.1x here for completeness only.

802.1x

802.1x is an Ethernet authentication protocol. In very basic terms, it "blocks" access on an ethernet port until the device (PC, printer, IP phone etc) successfully proves its identity. This is an excellent tool for improving network security in enterprise environments but is of no real interest to home users.

OTHER STANDARDS

You may hear reference to the following standards.

802.11a - 54Mbs 5Ghz WLAN standard

802.11b - 11Mbs 2.4Ghz WLAN standard

802.11d - Worldmode (ensures worldwide compatibility with cards and Access Points)

802.11e - Qos (Quality of Service; this is needed to improve network reliability for voice applications etc)

802.11f - Inter Access Point Protocol (IAPP); this handles "roaming" from one radio cell to another

802.11h - Transmission Power Control (TPC) and Dynamic Frequency Selection (DSF); this is required for use of 5Ghz in Europe

802.11i - Enhanced security based upon US Federal FIPS standards (ie, extremely secure)

802.11j - Japan enhancements (don't ask...)

802.11n - Super-fast new standard under consideration (no where near ratified yet). Speeds upto 320Mb/s!

SECURING YOUR WLAN

There are three simple steps to ensuring you secure your WLAN that EVERYONE should follow.

1) Enable WEP

2) Change your SSID

3) Disable SSID Broadcast

4) Setup MAC Address Filtering

Enable WEP

As we saw above, WEP is a method whereby you effectively encrypt (ie "Scramble") your radio traffic, so someone listening in will not be able to simply open your packets. You do this by entering what is called a shared secret on your Access Point and on your computer. This is usually a long 26 digit hexadecimal string that someone is very unlikely to guess. Take 37ea7f91c25721d0c4ef37df3f as an example. Who's going to guess that?! You enter it on your Access Point when you first set it up (usually by a web-browser, but you can use a serial cable to "console" in on some models). Then, when you install the wireless NIC on your PC, you do the same. Be careful with entering your WEP key! . If it's not EXACTLY the same on both ends, you won't be able to access the network. That's the whole idea after all.

If you don't want to use the software that came with your wireless network card, or didn't get any, you can setup your WEP on Windows XP. This can be done by selecting the WLAN connection under Network Connections , choosing its Properties and ticking the Data Encryption (WEP enabled) box. You then enter the 26 digit key in the field shown.

Personally I prefer using the software with the card.

Change your SSID

All WLANs have a "name" called the SSID (Service Set Identifier). This is used to differentiate between multiple WLANs. For example, you may use a WLAN at work but also have a personal WLAN setup at home. Many hotels and even cafes are now setting up WLANs for business visitors etc. As each WLAN can have different settings, you must have some way to tell them apart. The SSID can therefore be considered the WLAN's "name".

When you buy a wireless Access Point it will come with a default value. For example, Cisco Aironet gear comes with the SSID "tsunami". LinkSys uses (rather imaginatively) "LinkSys".

Make sure you change this!

Every script-kiddie in the world knows the most common SSIDs and they can setup their PC to "associate" to your WLAN if they configure their laptop with the right SSID.

Use something unique, but don't think of this as any sort of security. It's just a name. Use your nick-name, your first name, your petname or make up some nonesense. As long as it's not the default. Then, when you are setting up your own PC or laptop, you enter the SSID on the wireless NIC software (or XP). Remember, like WEP, you have to put this on both your PC and your Access Point.

Disable SSID Broadcast

By default most Access Points "broadcast" their SSID. This allows visiting clients (ie laptop users, but also hackers!) to listen and pick up your SSID from the broadcast packets. This is fine if you're running a public hotspot, but is not really a good idea if you just want a personal WLAN at home.

Disable this broadcast feature on the Access Point.

It means you won't be able to associate with the WLAN unless you know the SSID, but that's the whole idea. You don't want strangers associating with your WLAN. And, as you are the one setting up the Access Point and your own PCs, you already know the SSID, so you don't need to broadcast it.

Setup MAC Address filtering

This feature tells your Access Point to only allow certain wireless network cards to associate (and therefore use) your WLAN. Each network card (both wired and wireless) have a unique MAC address . Think of it sort of like a serial number. It's also known as a "hardware address" or sometimes "ethernet address".

By setting up MAC Adress Filtering, you are limiting the actual cards (and therefore computers) that can use your wireless network. It is possible to spoof this, but it's not easy and makes hacking your network much harder.

Other tips

If you're buying new WLAN equipment, make sure it is WPA compliant (see above). This is a new-ish standard that greatly improves security.

If you don't have equipment that supports WPA, make sure you change your WEP manually every few weeks or months. It might be a pain, but it should only take 2 or 3 minutes.

Turn down your transmit power to the minimum necessary. If you only want to get coverage in your apartment or house, you don't need to trasmit your wireless network across the street or into your neighbours house, do you? It's just common sense.

This is called "radio cell architecture". You ensure the cell size (and shape) covers only where you want and no where else.

USEFUL LINKS

http://www.80211-planet.com/ (excellent allround site; good tutorials; good news)

http://www.weca.net/OpenSection/index.asp (Home of the WiFi Alliance)

http://standards.ieee.org/wireless/ (home of the IEEE wireless standards)

http://www.drizzle.com/~aboba/IEEE/ (quite a good site for technical information on wireless security & hacking etc)

http://grouper.ieee.org/groups/802/1...tgi_update.htm (updates/presentations/papers on 802.11i)

Feel free to add anything if you think I have missed it.

Cheers-PV
well in some houses like mine which is old built in like 1960 the walls are double brick and ing thick as wireless is not effective at all especially in my position the router is on the other end of the house and the signal would aave to pass through about 4-5 thick walls so i get a small signal which is so in my house its all wired i have the router with 3 computer and a switch connected to it the switch is in m room and the computers up stairs run off my switch
Reply With Quote
  #14  
Old 05-05-05, 10:43 AM
FragTek's Avatar
FragTek FragTek is offline
OC3D Elite
 
Join Date: Mar 2005
Location: Stafford, VA USA
Posts: 15,959
Send a message via AIM to FragTek Send a message via MSN to FragTek Send a message via Yahoo to FragTek
Some houses just require a wired network, no two ways about that one.
__________________
AMD FX-8370 @ 4.7Ghz | Asus Sabertooth 990FX R2.0 | 32Gb G.Skill Sniper DDR3-1866 | XFX Radeon R9 390X
Samsung 850 EVO 500Gb SSD / OCZ Vertex 4 128Gb SSD / 2Tb WD Black / 3 x 2Tb WD Green
PCP&C Silencer 750w | Fractal Design R3
Reply With Quote
  #15  
Old 05-05-05, 09:44 PM
bloodthirst bloodthirst is offline
OC3D Elite
 
Join Date: Apr 2005
Posts: 2,391
Quote:
Originally Posted by name='FragTek'
Some houses just require a wired network, no two ways about that one.
yeah i wouldnt mind wireless tho would be pretty sweet
Reply With Quote
  #16  
Old 05-05-05, 10:02 PM
FragTek's Avatar
FragTek FragTek is offline
OC3D Elite
 
Join Date: Mar 2005
Location: Stafford, VA USA
Posts: 15,959
Send a message via AIM to FragTek Send a message via MSN to FragTek Send a message via Yahoo to FragTek
Quote:
Originally Posted by name='harmonicgen007'
yeah i wouldnt mind wireless tho would be pretty sweet
I love everything about it except for the slow down of networked computer file transfers which I don't do much of but you really feel it when u are doing it.
__________________
AMD FX-8370 @ 4.7Ghz | Asus Sabertooth 990FX R2.0 | 32Gb G.Skill Sniper DDR3-1866 | XFX Radeon R9 390X
Samsung 850 EVO 500Gb SSD / OCZ Vertex 4 128Gb SSD / 2Tb WD Black / 3 x 2Tb WD Green
PCP&C Silencer 750w | Fractal Design R3
Reply With Quote
  #17  
Old 06-05-05, 09:40 AM
bloodthirst bloodthirst is offline
OC3D Elite
 
Join Date: Apr 2005
Posts: 2,391
Quote:
Originally Posted by name='FragTek'
I love everything about it except for the slow down of networked computer file transfers which I don't do much of but you really feel it when u are doing it.
what about when playing CSS and stuff is there any real lag
Reply With Quote
  #18  
Old 06-05-05, 09:56 AM
FarFarAway FarFarAway is offline
Newbie
 
Join Date: Mar 2005
Posts: 0
Quote:
Originally Posted by name='harmonicgen007'
what about when playing CSS and stuff is there any real lag
Whether or not wireless slows down the connection, I much prefer wired as you don't get interference from other devices and you're guarenteed a decent connection
Reply With Quote
  #19  
Old 06-05-05, 10:07 AM
bloodthirst bloodthirst is offline
OC3D Elite
 
Join Date: Apr 2005
Posts: 2,391
Quote:
Originally Posted by name='kempez815'
Whether or not wireless slows down the connection, I mush prefer wired as you don't get interference from other devices and you're guarenteed a decent connection
yepp i agree on you there, also especially in my house we have cordless phones which could the signals around a bit
Reply With Quote
  #20  
Old 06-05-05, 10:39 PM
limqareb limqareb is offline
OC3D Elite
 
Join Date: Mar 2005
Posts: 1,908
i got a trendnet 11mbps router and a d-link 54mpbs pci adapter are they good? opinions please
__________________


Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump










All times are GMT. The time now is 02:19 PM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.