802.11

IEEE 802.11 is a set of standards for wireless local area network (WLAN) computer communication, developed by the IEEE LAN/MAN Standards Committee (IEEE 802) in the 5 GHz and 2.4 GHz public spectrum bands.
Although the terms 802.11 and Wi-Fi are often used interchangeably, the Wi-Fi Alliance uses the term "Wi-Fi" to define a slightly different set of overlapping standards. In some cases, market demand has led the Wi-Fi Alliance to begin certifying products before amendments to the 802.11 standard are complete

802.11a

The 802.11a standard uses the same core protocol as the original standard, operates in 5 GHz band with a maximum raw data rate of 54 Mbit/s, which yields realistic net achievable throughput in the mid-20 Mbit/s.
Since the 2.4 GHz band is heavily used to the point of being crowded, using the 5 GHz band gives 802.11a a significant advantage. However, this high carrier frequency also brings a slight disadvantage: The effective overall range of 802.11a is slightly less than that of 802.11b/g; 802.11a signals cannot penetrate as far as those for 802.11b because they are absorbed more readily by walls and other solid objects in their path.

802.11b

802.11b has a maximum raw data rate of 11 Mbit/s and uses the same media access method defined in the original standard. 802.11b products appeared on the market in early 2000, since 802.11b is a direct extension of the modulation technique defined in the original standard. The dramatic increase in throughput of 802.11b (compared to the original standard) along with simultaneous substantial price reductions led to the rapid acceptance of 802.11b as the definitive wireless LAN technology.
802.11b devices suffer interference from other products operating in the 2.4 GHz band. Devices operating in the 2.4 GHz range include: microwave ovens, Bluetooth devices, baby monitors and cordless telephones. Interference issues, and user density problems within the 2.4 GHz band have become a major concern and frustration for users.

802.11g

In June 2003, a third modulation standard was ratified: 802.11g. This works in the 2.4 GHz band (like 802.11b) but operates at a maximum raw data rate of 54 Mbit/s, or about 19 Mbit/s net throughput. 802.11g hardware is fully backwards compatible with 802.11b hardware.
The then-proposed 802.11g standard was rapidly adopted by consumers starting in January 2003, well before ratification, due to the desire for higher speeds, and reductions in manufacturing costs. By summer 2003, most dual-band 802.11a/b products became dual-band/tri-mode, supporting a and b/g in a single mobile adapter card or access point. Details of making b and g work well together occupied much of the lingering technical process; in an 11g network, however, the presence of a legacy 802.11b participant will significantly reduce the speed of the overall 802.11g network.

802.11n

802.11n is a proposed amendment which builds on the previous 802.11 standards by adding multiple-input multiple-output (MIMO). Though there are already many products on the market based on Draft 2.0 of this proposal, the amendment is not expected to be published until March 2009.

Protect Wireless Access Using MAC Address Filters

Wireless networks add a significant level of convenience for many users. The ability to roam at will and access the network without adding wires is quite useful. But, you need to do so securely. There are a number of basic steps you should take to protect your wireless network and filtering MAC addresses is one more way to secure it.

It is great to be able to access your network resources from anywhere in your home or office without having to plug into a wired network connection. But, if you can connect to your wireless access point from 80 feet away, then potentially every other wireless device in an 80-foot radius of your access point can as well.
There are a number of basic wireless security steps that many are already familiar with. Simple things like changing the SSID (service set identifier) from the vendor's default and disabling SSID broadcasting so you don't draw undo attention to your wireless network are a good start. Enabling some form of encryption, WEP (although it is quite flawed) or WPA, will help protect the data as it flies through the air and secure the communications between your device and the wireless router or access point.
Beyond these steps though, wireless routers or access points can generally filter access by MAC address as well. The MAC address is a unique identifier of your wireless network adapter. For a large enterprise with hundreds or thousands of wireless devices, it may not be feasible to try to maintain a listing of everyone's MAC address and constantly update the access list as users come and go. But, home offices or small to medium businesses may be able to add an extra layer of protection by filtering based on MAC address.
To determine the MAC address on a Windows system follow these steps:
-Click Start
-Click Run
-Enter command and press enter
-In the command console, type "ipconfig /all" and press enter
-If you have more than one network adapter, the details of each will be displayed
-Locate the wireless adapter information
-The MAC Address is the information labeled Physical Address

Refer to the directions for your wireless router or access point to find out how to enable MAC address filtering. Once you enable MAC address filtering and enter the MAC addresses of each of your wireless devices, the wireless router or access point will only allow those devices with MAC addresses on the access list to connect to the wireless network.
It is possible using various wireless and network sniffing tools to capture and spoof MAC addresses, so this method is not fool-proof.

Securing your Wireless Network

There are a numbers of things you can keep in mind which will help to lessen the likeliness of a breach of security in your wireless network. I have compiled a list of tips that I think will be of use to anyone who has a wireless network.
-As should be the case with a wired network, only share what is needed. Don’t share entire partitions, share folders instead. Also, depending on the level of confidentiality, you should always password protect anything that is shared using an archive tool.
-If you’ve implemented the WEP authentication method, be sure to use the Shared Key method, every so often change your WEP keys and make them as difficult as possible.
-Be sure to secure your wireless access point with a strong password; don’t just leave the default one in place!
Disable access point administration via wireless clients. This means that any changes to the access point configuration would have to be done from a machine attached to the wired network.
-On smaller networks, use MAC address filtering as an added means of security. Don’t rely on this feature alone but use it in conjunction with another security method.
-Change the default SSID to something that is understandable to you but not to outsiders. This will make it slightly more difficult for people to connect to your network. Be sure to change it to something that won’t give too much information away about your network.
-Disable SSID broadcasting. This feature is meant to make it easier for clients to connect to the network because the network name can be automatically discovered by the client operating system. This means anyone in range of your access point will automatically know your network exists.
-If you need wireless access in your building alone, try putting the access point in the centre of the building to decrease the chance of a wardriver* being in range of your signal.
-If you’re willing to see a dip in speed then using a VPN would be the more secure option for a wireless network. This is fairly quick and easy to setup and has great benefits, as opposed to other means of security.
wireless system.

Wireless Security Threats

The following are a few things you need to ask yourself when implementing security for your wireless network.
-Do I have some form of logging enabled? Logging is important as it will help you to trace who is trying to gain unauthorized access to your network. It will also act as evidence when prosecuting a suspected intruder in court.
-Do I allow guest access? If you do then be sure to separate your corporate network from the WLAN by placing the WLAN in your DMZ or outside the network and implement a firewall between them. Also, don’t forget to log and audit guest user activity so that you can see if any abuse is taking place.
-Where does my wireless signal end? Perform a site survey and find out exactly where the signal starts and ends; know your boundary.
-Do I know what’s on the network? Document everything and when a new access point is attached to the current network make sure you know about it. In larger companies, departments implement their own WLAN by adding an access point to the network and not informing the administration department, thus potentially opening up a hole in the network.
-Have I performed a Wireless LAN security audit? Make sure you scan your network to identify known vulnerabilities, and if any are found, take action as soon as possible!
-Are the wireless clients safe? Introduce, or amend a current security policy that will require mobile users to keep their laptops protected with antivirus and firewall software.

Wireless Security Threats

What are the threats that we face today with regards to wireless networks? An informative list has been compiled by the National Institute of Standards and Technology as part of their documentation on Wireless Security. Hereunder is an extract from that document.
To date, the list below includes some of the more salient threats and vulnerabilities of wireless systems:
All the vulnerabilities that exist in a conventional wired network apply to wireless technologies.
Malicious entities may gain unauthorized access to an agency’s computer or voice (IP telephony) network through wireless connections, potentially bypassing any firewall protections.
Sensitive information that is not encrypted (or that is encrypted with poor cryptographic techniques) and that is transmitted between two wireless devices may be intercepted and disclosed.
Denial of service (DoS) attacks may be directed at wireless connections or devices.
Malicious entities may steal the identity of legitimate users and masquerade them on internal or external corporate networks.
Sensitive data may be corrupted during improper synchronization.
Malicious entities may be able to violate the privacy of legitimate users and be able to track their physical movements.
Malicious entities may deploy unauthorized equipment (e.g., client devices and access points) to surreptitiously gain access to sensitive information.
Handheld devices are easily stolen and can reveal sensitive information.
Data may be extracted without detection from improperly configured devices.
Viruses or other malicious code may corrupt data on a wireless device and be subsequently introduced to a wired network connection.
Malicious entities may, through wireless connections, connect to other agencies for the purposes of launching attacks and concealing their activity.
Interlopers, from inside or out, may be able to gain connectivity to network management controls and thereby disable or disrupt operations.
Malicious entities may use a third party, un-trusted wireless network services to gain access to an agency’s network resources.
Internal attacks may be possible via ad hoc transmissions.
As with wired networks, agency officials need to be aware of liability issues for the loss of sensitive information or for any attacks launched from a compromised network.~ Source: NIST, United States of America
As you can see, there are vulnerabilities on all levels, some of which wouldn’t normally come to mind, so we must be prepared for the worst and not take anything for granted. One prime example would be, with reference to the above point about how handheld devices are easy stolen - we can take the simple preventative measures to combat such a threat. Don’t carry round highly sensitive information on your portable device; only take what is absolutely necessary. Leave other data on the corporate or home network, or on a removable storage media. Also, if available, enable the auto lock feature (with a password) and add a PIN number to the device; so that when you switch it on, you will have to enter a Personal Identification Number before it starts up.

Wireless Network Security

Networks carry all sorts of confidential data, so security is a highly important part of any wireless network structure. Security ensures that the same level of data integrity and confidentiality as a wired network are maintained. Without properly implemented security measures, any wireless network adapter coming within range of another network adapter or access point can join the network. The amount of non secure wireless access points is alarming – a recent study showed how over 90% of Access Points have little or no security enabled. I once did a little research of my own and found that 3 out of 5 of the public access points I checked had either no security at all or WEP - which allowed me to crack the key within 15 minutes using freely available tools on the Internet.
So why is there such a high lack of security? Well, I would say it’s probably down to laziness and lack of knowledge; people are not aware of these things. Especially in small companies and at home, people tend to have the “so long as it’s up and running” attitude which means that if after using the wireless setup wizard they are able to browse the internet or access files remotely from a wireless device then all is well… BIG mistake! To overlook wireless security is like leaving the front door to your house permanently open. Without any - or little - security that’s essentially what you’re doing; allowing anyone in range to sniff your network packets, read your e-mails, use your internet for free, and even gain access to your files.
With the introduction of push-button security for home user products, we can expect to see an increase in the implementation of wireless security among wireless router users. The main aim behind push-button security is to provide a simplified and enhanced method of setting up and building a home network. With so many people – particularly home users – failing to notice the importance of security as part of their wireless network building, push-button becomes a means of enabling some form of security with a click of the mouse or touch of a button. While one may begin to question the strength of such security, another will remind you that something is better than nothing at all!
If you’re reading this and still use WEP, check for a driver and/or firmware update for your hardware and, if possible, change to WPA security now! Also, keep in mind for the next time you purchase new hardware, make sure the product supports WPA TKIP at the very least.