PCCITIZEN.com - SAFE COMPUTING/HOME NETWORKING/COMPUTING TIPS/CLEANUP-FIXUP-ADDUP
IT SEEMS EVERYBODY IS GOING WIRELESS.... SIGH...
In order to have a basic education on wireless, you should first visit the "Basic Wireless Networking" course I have instituted here at PC Citizen. If you don't want to take the course, then please make sure you have a personal firewall if your PC is running Wireless and you take your PC/laptop out into the cold cruel world and try to connect to the nearest wireless network! Turn on ICF on the wireless network properties with pre-SP2 XP, make sure the Windows firewall is on in SP2 XP, or add Zonealarm if you are running an older OS. This will cover you if strangers try to access your PC while you are on this network. This applies above and beyond the security precautions you should be implementing, such as WEP and WPA. Beware that there is a serious catch 22 here! See this page for some good recommendations on how to configure your home network if you are putting up wireless access!
I have spent some considerable amount of time getting a Linksys BEFW11S4 and some WMP11 PCI cards and a WPC11 PC Card (PCMCIA) to function. The BEFW11S4 is a router, much like any ADSL or Cable Modem router that you can buy. It has the additional capabilities of a 802.11b "wireless access point, commonly called an AP." This means that you can install wireless NIC cards on your PC, or wireless PC Card (old PCMCIA) in your laptop, and discover the wireless network, or AP provided by the Linksys. This wireless network is provided, much like a wired network is provided on the LAN side of the router. In fact, the Linksys, and other routers will "bridge" between the wired side of the LAN and the wireless side of the router. That is, the router makes it look like it is all one single subnet.
Recently, I have spent considerable time and effort getting the Linksys 802.11G products, the WRT54G and the WPC54G PC Card, functioning, including the new WPA security capabilities. Be forewarned that WPA may or may not be backpedaled to manufacturer's 802.11a/b products. The 802.11g products will probably all have WPA support, however. See this WPA.
The wireless NICs install, much like an ethernet NIC. But their drivers are not typically included with Windows distributions, so you will/may need to install the driver manually. However, the XP Home did discover and install the driver quite conveniently - but you had to insert the CD with the drivers. On other OS's, you actually have to install the driver first, before you install the hardware. The install of the WPC11 PC Card is very similar. XP SP2 and implementations post 2005 will most likely have the appropriate drivers.
The wireless AP operates by broadcasting an announcement, "this is wireless network 'john.' " This is configured by browsing to the wireless router configuration page and "naming" this access point. The wireless NICs can see this broadcast, called an SSID (service set Identifier) broadcast, and you can elect to "join" this AP. You perform normal DHCP in order to get an IP address/gateway/DNS in the normal way that your PC operates with a wired NAT/router.
Now wireless has all kinds of insecure features about it, which must be addressed. Most all wireless products, "out of the box" are very insecure. Once you get the wireless network all set via the insecure procedures, you need to go back and do five things. There is considerable debate in the technical community about the "proper approach" for securing your wireless network, but here are four things that are easily done, in the order of easiest to harder:
NOTE: If you are able to get WPA or WPA2 to work on your Wireless Router/CPE products, then these precautions are not, in general, necessary! Congratulations!!
1) For those situations when you use the wireless in foreign environments, turn on ICF (Windows firewall for post SP2 installs) on your wireless NIC. Do this by going to "advanced" on the network connections properties. For other Windows OS's, get and install a personal firewall, such as zonealarm. And for Linux Redhat, you can turn on the simple firewall.
2) For home situations, make sure you turn off the SSID broadcast in the router. Of course, if you add a new wireless PC, you may have to go back and turn it on temporarily, in order for your new PC to recognize the AP, and then go back and turn the SSID broadcast off again. Either this, or you should be able to manually enter the SSID in the wireless NIC configuration on the new PC. In addition, you should add the wireless router as a subnetwork to your existing wired router. This will keep simple browsing on the wireless network from discovering all your wired shares. See this page.
3) Turn on the MAC filtering. Go to each PC, and get the MAC address of the wireless NIC, and enter it in the MAC table which the wireless router keeps. The wireless router will only dole out IP addresses to those PCs whose MAC addresses you have entered in its table. Of course you will have to go add the MAC address of any new PC you add. Beware that any smart hacker can still sniff your wireless LAN and retrieve MAC addresses in use. So this is just added tasks to set in front of the hacker.
4) Turn on the WEP security in order to encrypt your communications. You can follow the procedure here on the router. You normally enter a pass phrase which generates the 128 bit WEP shared key [you should use the 128 bit security instead of the 40 bit WEP key]. On each PC you will enter this shared key. On XP machines, you will have to enter the entire KEY manually - it won't generate the key from the pass phrase.
5) You will need to investigate whether WPA is available as an upgrade on your wireless router, and your NICs. See this page for some evolving information. WPA ...should... close the open security holes in your wireless network, or at least make it secure enough until 802.11x products appear in about a year. The latest WinXP service pack supports WPA - I believe it is the only OS that does this so far. All other OS's will need a special driver. See this page for some of my initial WPA experiences with Linksys. If you are successful with making WPA work, then your security liabilities are almost nil! So work on getting WPA up and running, OK?
6) Update Mar 2007: You need to add the wireless client update package from Microsoft for the WPA/WPA2 stuff. Microsoft does NOT push these as critical updates.
7) Here is an update in early 2007 from Leo and Steve:
Leo: The subject that will not die. KB923154, that's Knowledge
My experience with the BEFW11S4 is with the firmware 1.44.2, and with the Linksys WMP11 PCI wireless NIC, version 2.7, and the WPC11 PC Card, used in an IBM Thinkpad 600E laptop. This configuration seems to work pretty reliably. I did have a problem with the DHCP initially, because ....somehow... the DHCP server was certainly enabled, but it had an address range of zero, so it wouldn't dole out any addresses. I can't figure out how this happened. I don't think it was me, so be careful out there. This page discusses my experience with the WPC11/WMP11/BEFW11S4.
As a matter of curiosity, I tried to get an SMC 2635W wireless PC Card (Cardbus Adapter they called it) in the laptop to work with the Linksys BEFW11S4. I have heard stories about interoperability problems among the different wireless chips used internally. This must be the case between the SMC and the Linksys BEFW11S4, because I was never able to get this card to operate reliably. Operation would come and go. So I would recommend you stay with a single vendor unless you are willing to spend some time debugging or tuning your setup.
I also tried using the SMC 2635W in an XP install, and it would just not play well with the Linksys. This may be because the SMC2635W has not passed Windows authentication at the time of this writing, and the XP configuration does not seem to handle it.
I have also purchased a Netgear MR814, and it seems to interoperate with the Linksys reliably. More news to follow.
OK, I give up. Wireless seems to be taking over the world. Prices are plummeting faster than anything I have ever seen. I guess I will have to learn more about wireless.....
Topics explored in this website;
0) Basic Wireless Networking Course - go here if you are clueless [what is it with labeling things with a "0"?]
1) Wireless Security precautions, in general
3) Experience with WPA on Linksys products.
5) Coming developments in Wireless.
You can also see my wired and wireless home network here.
Hey, nobody said I spent a great deal of effort organizing this little web site. But really, the wireless cautions are most important, right? This is a very good description of 802.11b wireless security technology. It needs updating for the new 802.11i security proposals. But you can get a pretty good reading from this Microsoft KB article. For some specific implementation details in popular products, read on....
Copyright John D Loop Wednesday October 26, 2005