To make it easier for users to take their laptops with them to meetings and to other locations in the office, many organizations are implementing wireless networks. Wireless networks can be deployed and used in many different configurations. This section examines the most common configurations.
When you are working with wireless networks, the most common terms you'll run across are wireless network adapter and wireless access point. Wireless adapters include PC cards for notebooks, Peripheral Component Interconnect (PCI) cards for desktops, and universal serial bus (USB) devices (which can be used with notebooks or desktops). A wireless adapter uses a built-in antenna to communicate with an access point. Typically, an access point is directly connected to the organization's physical network and might also function as a network switch or hub itself, meaning it has physical ports that allow direct cable connections as well as wireless connections. Other names for access points include wireless base stations and wireless gateways.
The most widely used wireless network adapters and access points are based on the Institute of Electrical and Electronics Engineers (IEEE) 802.11 specification. Wireless devices that are based on this specification can be Wi-Fi Certified to show they have been thoroughly tested for performance and compatibility. Table 1 provides a feature comparison of the most-used wireless technologies based on IEEE 802.11. As the table describes, there are four standards, and each has benefits and drawbacks. It should be noted that although 802.11a wireless devices cannot interoperate with 802.11b or 802.11g devices, fewer devices use the 5-gigahertz (GHz) range, making it less likely that there will be interference with other types of wireless devices (the majority of which use the 2.4-GHz range). For added security, IEEE has defined the newer 802.11i standard.
Wireless Standard
802.11a
802.11b
802.11g
Speed
Up to 54 Mbps
Up to 11 Mbps
Transmission frequency
5 GHz
2.4 GHz
Effective indoor range
Approximately 25 to 75 feet
Approximately 100 to 150 feet
Compatibility
Incompatible with 802.11b and 802.11g
802.11b wireless devices can interoperate with 802.11g devices (at 11 Mbps); 802.11g wireless adapters can operate with 802.11b access points (at 11 Mbps)
802.11g wireless devices can operate with 802.11b devices (at 11 Mbps)
Unlike the 802.11a, 802.11b, and 802.11g standards, the 802.11i standard isn't about transmission speeds and frequencies. 802.11i is a security standard that you can add to the existing standards. More specifically, it adds security functionality to the radio specifications of 802.11a, 802.11b, and 802.11g. This means 802.11a network adapters and access points can include the 802.11i security functionality, as can 802.11b and 802.11g wireless products.
Keep in mind that some computers (particularly laptops) contain integrated chip sets that support multiple wireless networking technologies. Wi-Fi Protected Access Version 2 (WPA2) is the approved Wi-Fi Alliance implementation of 802.11i. WPA2 implements all mandatory elements of the 802.11i standard.
Take a close look at compatibility issues before you deploy wireless devices that aren't IEEE 802.11 based. Increasingly, you'll see devices that achieve speeds higher than 54 Mbps. Some of these devices achieve speed boosts through compression and other similar techniques while staying within the guidelines of the IEEE 802.11 specification. Others might use network technologies that are proprietary, requiring you to use that company's wireless adapters and access points to achieve the transmission improvements. For more information on wireless standards and certified devices, go to http://www.wi-fi.org.
Securing a wireless network is very different from securing a wired network. With a wired network, a cable is used to connect a computer to the network. A user must use a cable to be physically connected to the network and must have access to one of your internal switches or hubs. If an unauthorized person connects a machine to the network, it is fairly easy to determine this and trace the physical cable to the intruder's computer.
When you install wireless networking, anyone within range of one of your wireless access points has access to your network. Not only can they intercept the wireless signals that are being broadcast, they can also try to crack into the network. The bad news is that it is difficult to locate the intruder because there's no physical wire to trace. The really bad news is that if intruders can gain access to a wireless access point, they are usually inside your organization's firewall. To protect the network, you should configure its firewall if one is available and configure the wireless devices to encode all wireless transmissions.
The most basic wireless encryption scheme is Wireless Equivalency Protection (WEP). With WEP, you encrypt data using 40-bit, 128-bit, 152-bit, or higher private key encryption. With WEP, all data is encrypted using a symmetric key derived from the WEP key or password before it is transmitted, and any computer that wants to read the data must be able to decrypt it using the key. In a typical wired environment, the shared key encryption alone is sufficient to safeguard your data. In a wireless environment, with high traffic volume, it is possible that someone could successfully break the shared key, and because the shared key doesn't change automatically over time, the intruder would then have access to your organization's internal network.
Because WEP provides only the most basic security, its use is strongly discouraged, except in cases where no alternative exists. The preferred alternatives to WEP are WiFi Protected Access (WPA) and Wi-Fi Protected Access Version 2 (WPA2). WPA was adopted by the Wi-Fi Alliance as an interim standard prior to the ratification of 802.11i. WPA2 is based on the official 802.11i standard and is fully backwards compatible with WPA.
WPA and WPA2 are able to rotate keys for added security and to change the way keys are derived. By changing the encryption keys over time and ensuring they aren't derived in one specific way, WPA and WPA2 can improve security significantly over WEP. WPA-compatible and WPA2-compatible devices can operate in enterprise mode or in a personal, home/small office configuration, as explained in the following points:
Enterprise mode provides authentication using IEEE 802.1X and EAP. In the enterprise mode, wireless devices have two sets of keys: session keys and group keys. Session keys are unique to each association between an access point and a wireless client. They are used to create a private virtual port between the access point and the client. Group keys are shared among all clients connected to the same access point. Both sets of keys are generated dynamically and are rotated to help safeguard the integrity of keys over time.
Personal mode provides authentication via a preshared key or password. In a personal, home/small office configuration, WPA uses a preshared encryption key rather than a changing encryption key. Here, the user enters a master key (the group key) into the access point and then configures all the other wireless devices to use this master key. A wireless device uses the master key as a starting point to mathematically generate the session key. It then regularly changes the session key so that the same session key is never used twice. Because the key rotation is automatic, key management is handled in the background.
WPA and WPA2 are fully compatible with 802.11a, 802.11b, and 802.11g. Many wireless devices shipped before WPA and WPA2 became available can be made fully compatible with WPA and WPA2 through a software upgrade. With WPA, no additional modifications are necessary. The same is not necessarily true with WPA2 because some wireless devices may require processor or other hardware upgrades to be able to perform the computationally intensive Advanced Encryption Standard (AES) encryption.
When working with WPA and WPA2, keep the following in mind:
All products Wi-Fi certified for WPA2 are interoperable with products that are Wi-Fi certified for WPA.
Both WPA and WPA2 have personal and enterprise modes of operation.
Both WPA and WPA2 use 802.1X and EAP for authentication.
WPA provides strong data encryption via Temporal Key Integrity Protocol (TKIP).
WPA2 provides enhanced data encryption via AES, which allows WPA2 to meet the Federal Information Processing Standard (FIPS) 140-2 requirement of some government agencies.
Both WPA and WPA2 offer a high level of security to help ensure private data remains private and access to wireless networks is restricted to authorized users. Only WPA2 provides strong encryption through AES, which is a requirement for some corporate and government users.
Another advanced wireless security technology is Robust Security Network (RSN), which is supported by 802.11i-compatible devices. RSN enables wireless devices to dynamically negotiate their authentication and encryption algorithms. This means the authentication and encryption algorithms used by RSN-compatible devices can be changed. New authentication techniques and algorithms can be added to address security issues. RSN is based on the EAP and the AES.
The two main types of wireless adapters you'll use are PC cards for notebooks and PCI cards for desktops. These adapters are the easiest to configure—and I've found them to be the most reliable. The other type of wireless adapter that you might see is a device that connects to a notebook or desktop computer with a USB cable. When using USB wireless devices, keep in mind there are two USB specifications: USB 1.0, the original specification, and USB 2.0, the faster, newer specification. A wireless device that is USB 2.0–compliant must be connected to a USB 2.0 port to function properly and at the speeds you expect.
Wireless technology is changing so quickly that Windows Vista won't recognize most wireless devices. This can make installation more difficult because you typically cannot rely on Plug and Play. In fact, with many of the wireless adapters I've worked with, you need to run the installation CD prior to installing the wireless devices. This is particularly true with USB devices. Be sure to read the documentation closely.
As part of the installation process, most installation software will help you configure the wireless device. In the process, you typically will need to specify the name of the wireless network to which you want to connect (the network name) and the mode in which the wireless device will run. Wireless adapters can run in one of two operating modes:
Ad hoc In ad hoc mode, you configure the wireless adapter to connect directly to other computers with wireless adapters.
Infrastructure In infrastructure mode, you configure the wireless adapter for use on a wireless network. In this configuration, the adapter expects to connect to an access point rather than to another computer directly.
After you specify the adapter mode, you might need to specify the encryption key that will be used. If your organization uses WEP security, you will in most cases have to type in the required encryption key, which is usually referred to as the network key. With WPA/WPA2 security, you will most likely use a certificate or a smart card to supply the required encryption key.
Once you've completed the installation of the device, you should be able to connect over the wireless network. Much like a wired network card, which has a local area connection, wireless network cards have a wireless network connection that is in turn connected to a specific network that is designated as a public network, private network, or domain network. If a computer has both a wired and a wireless connection, it may have two active connections: one to a wired network and one to a wireless network.
As Figure 1 shows, wireless network connections provide the following additional details about the network and the connection:
The name of the wireless network in parentheses after the connection type designator.
The current signal strength. A signal strength of one bar is poor; a signal strength of five bars is excellent.
A Disconnect link for disconnecting the wireless connection.
If you click View Status for the wireless connection, you'll see a status dialog box similar to the one shown in Figure 2. You can use the Wireless Network Connection Status dialog box to check the status of the connection and to maintain the connection, in much the same way as you can for other types of connections, as I discussed previously. You'll also see the duration and speed of the connection.
As with Local Area Connections, Wireless Network Connections have configurable properties. This means that every discussion about configuring local area connection properties also applies to wireless network connections. You can do the following:
Install and uninstall networking features for clients, services, and protocols. In the Status dialog box, click Properties and then click Install or Uninstall as appropriate.
Set TCP/IPv6 and TCP/IPv4 settings for DHCP, static IP, and dynamic IP addressing. In the Status dialog box, click Properties and then double-click Internet Protocol Version 6 (TCP/IPv6) or Internet Protocol Version 4 (TCP/IPv4).
Disable or diagnose wireless connections. In the Status dialog box, click Disable or Diagnose as appropriate.
If you have problems establishing a wireless connection and automated diagnostics can't resolve the problem, use these tips to help you troubleshoot:
Problem: Limited or no connectivity to the wireless network.
Resolution: Check the signal strength. If the signal strength is low (poor) you will need to either move closer to the access point or redirect your antenna. For a built-in antenna, you might need to change the position of the laptop relative to the access point. The problem could also be that the network did not assign your computer a network address. To check your IP address assignment, double-click the wireless connection in the Network Connections dialog box and then select the Support tab. If the IP address is 0.0.0.0, your computer was not assigned an IP address, and you need to click Repair. If the IP address currently assigned to the computer is in the range of 169.254.0.1 to 169.254.255.254, then the computer is using Automatic Private IP Addressing (APIPA). Try clicking Repair to resolve the problem.
Problem: Not connected or unable to connect to the wireless network.
Resolution: If you are out of the broadcast area, your computer will not be able to connect to the wireless network. Double-click on the connection. The computer will display the Wireless Network Connection dialog box, and in the right pane you will see the message "No wireless networks were found in range." If you think this is an error, click Refresh Network List under Network Tasks. Otherwise, try moving closer to the access point or changing the position of your antenna/computer relative to the access point. The computer also might not be configured properly for establishing a wireless connection on this network.
You'll have better connection speeds—up to the maximum possible with the wireless technology you are using—when you have a stronger signal. If the signal strength is weak, the connection speed might be reduced considerably. To improve the signal strength, try moving the adapter's antenna if one is available or try changing the position of the computer relative to the access point.
Any wireless access point broadcasting within range should be available to a computer with a wireless adapter. By default, Windows Vista is set to allow you to configure the network settings that should be used. This enables you to configure different authentication, encryption, and communication options as necessary.
If you haven't previously connected to a wireless network, you can create a connection for the network by completing the following steps:
Click Start and then click Network. In Network Explorer, click Network And Sharing Center on the toolbar.
In Network And Sharing Center, click Set Up A Connection Or Network. This starts the Set Up A Connection Or Network Wizard.
Select Manually Connect To A Wireless Network and then click Next.
As shown in Figure 3, you now need to enter information about the wireless network to which you want to connect. Your network administrator should have this information.
Figure 3: Enter the information for connecting to the wireless network.
In the Network Name box, enter the network name (also referred to as the network's secure identifier SSID).
Use the Security Type selection list to select the type of security being used. The encryption type is then filled in automatically for you.
With WEP and WPA-Personal, you must enter the required security key or password phrase in the Security Key/Passphrase box. For example, A WEP key typically is one of the following:
q 5 case-sensitive characters
q 13 case-sensitive characters
q 10 hexadecimal case-insensitive characters
q 26 hexadecimal case-insensitive characters
By default, the connection is started automatically whenever the user logs on. If you also want the computer to connect to the network regardless of whether it can be reached, such as when the computer is out of range of the wireless base, select Connect Even If The Network Is Not Broadcasting.
Click Next to connect to the wireless network using the settings you've entered.
If you're previously connected to a wireless network, you can easily connect to it or disconnect from it by completing the following steps:
In Network And Sharing Center, click Connect To A Network. By default, all available networks are listed by name, status, and signal strength. If a network that should be available isn't listed, try clicking the Refresh button.
Moving the pointer over a wireless network entry displays a message box that provides the network name, signal strength, security type, radio type (the wireless standard supported), and the link's security ID.
You can now connect to or disconnect from wireless networks:
q To connect to a wireless network, click the network and then click Connect.
q To disconnect from a wireless network, click the network and then click Disconnect. Confirm the action by clicking Disconnect again.
You can manage wireless networks using Manage Wireless Networks, shown in Figure 4. To access Manage Wireless Networks, follow these steps:
In Network And Sharing Center, click Manage Wireless Networks.
Manage Wireless Networks lists wireless networks in the order in which the computer should try to use the available networks. The network listed at the top of the list is tried before any others. If the computer fails to establish a connection over this network, the next network in the list is tried, and so on.
To change the preference order of a network, click it and then use the Move Up or Move Down buttons to set the order in which the computer should try to use the network. As necessary, click Add to create a new wireless network that will be added to the wireless networks list, or select an existing network and click Remove to delete a listed wireless network.
