Wireless Networks FAQ
First version: 11.08.2004 | This revision: 02.27.2005 (GMT+8)
|About Wi-Fi Networks|
|Q: What is Wi-Fi?|
A: Wi-Fi stands for Wireless
Fidelity, and it is a term the Wi-Fi Alliance conjured up to
market the earliest of the current wireless network
technologies. It is basically another term for a wireless
network based on the IEEE 802.11 technologies and the freedom
from cables and wires it gives.
Note: Wi-Fi and the Wi-Fi logo are registered trademarks of the Wi-Fi Alliance.
|Q: How many types of Wi-Fi wireless networks are there?|
A: There is only one type of
Wi-Fi wireless network, but within it there are currently 3
wireless network standards: 802.11a, 802.11b, and 802.11g,
approved by the
IEEE. There is also a 802.11j approved for use in
Japan, and in development (or in draft form), there is 802.11n.
They are all Wi-Fi networks.
|Q: How do these standards differ?|
A: The difference can be
classified into 3 main categories: radio specifications, network
performance, and compatibility. This is best explained by
Linksys with their
|Security From Your Nosey Neighbors|
|Q: What is good wireless security?|
A: Good security is like a
onion (or an ogre - see SHREK!) - it has many layers. Each
layer of security should be independent from others, so when one
fails others can continue to provide protection. The same
principle applies to wireless security.
|Q: I have already a firewall on my router to protect me from outside intruders, surely I don't need to secure my wireless network, right?|
A: You still need to. A
firewall protects intruders accessing your network via the
Internet, but it does not offer any protection to a wireless
network from being accessed through radio waves. An
unprotected wireless network offers a new channel to gain entry
without the Internet, or a way to gain access to the Internet
through your wireless network.
|Q: What can I do to secure my wireless network?|
A: There are a few things you
can do: enable wireless encryption, changing passwords and
keys regularly, limit the number of computers that can connect
to your network (by default many brands allow anywhere between
50 and 100 connections), MAC Address Filtering, Static DHCP,
|Q: Should I disable my router's ESSID/SSID Broadcast to secure my wireless network?|
A: ABSOLUTELY NOT!
Disabling SSID Broadcast does not
add value to security - it only stops broadcasting your wireless
network identifier (a.k.a. SSID), but the signal still carries
the identifier between your wireless devices in order to achieve
communication and connection - it is needed to identify the
network among your network devices so as to distinguish among
wireless networks and to transmit data correctly to your network
and not to your neighbor's. Furthermore, SSID is stored in
each data packet transmitted in plain text with no encryption,
and there are already easy-to-use downloadable tools that detect
this network signal and sniff out the SSID readily that even a
wireless novice can find your "hidden" network. How secure
a feature is that?!
|Q: If no one can see my wireless network, I am safe, right?|
A: Not really! You are
only invisible as long as no one can find you - it's a game of
hide-and-seek. It's like leaving your unlocked window
behind a bush hoping a burglar won't see or use it.
Anything that cannot block/prevent/secure a system from
intrusion on its own is not a security feature.
There are simple and easy-to-use utilities that can detect
hidden wireless networks. Once your neighbor has
identified your network, the rest is easy.
|Q: So why do manufacturers include the function to disable SSID Broadcast if it is not a security feature?|
A: I don't have an answer to
this. May be they didn't foresee the weakness in it, but
if this function does improve security, most manufacturers would
have grouped it under wireless security, but oddly many don't
classify it as such in the firmware.
|Q: What should I do to secure my wireless network?|
A: Enable encryption on your
wireless network at a minimum. For home or small business
use, you can choose between WEP, WPA Pre-shared Key (WPA-PSK),
and WPA2 (IEEE 802.11i).
Note: WPA and WPA2 are trademarks of the Wi-Fi Alliance.
|Q: Which encryption method should I use?|
A: It depends on both your
hardware and software support. The general rule is the
latest and the more secure the better, but some networks require
an update (either hardware or software, or both) to obtain the
latest protection in wireless security. WEP is the most
widespread and is supported by just about every wireless
network, but it has been found to be buggy and not as secure as
WPA and WPA2.
|Q: Where can I obtain updates for WPA support?|
A: You need to check your
hardware manufacture support for updates - all your hardware
must support the same encryption service.
If you are using Wireless Zero Configuration (WZC) in Windows XP to manage your network, you must install WPA patch or Service Pack 2 (SP2) update in addition to hardware updates.
|Q: If I am not using Windows XP, does that mean I do not have WPA encryption to protect my network?|
A: Again, it depends.
If your wireless adapter comes with a wireless network
management application that support WPA, you may still be able
to implement WPA encryption, else WEP encryption may be your
only choice. For Windows 2000 clients, there is an
free alternative (WPA Assistant).
|Q: Does encryption affect wireless network performance?|
A: Yes. The general
rule is the stronger the encryption, the higher its impact on
network performance, but with good hardware this should not be
|Q: What else can I do to improve security besides encryption?|
A; In addition to encryption,
you can also enable MAC Address Filtering, and/or restrict the
number of clients the DHCP server in your router can assign an
IP Address, preferably equals to the number of wired and
wireless clients you will be connected to the network most of
the time (manufacturers default normally to a very large
number - 50 to 100 clients).
Note this does not improve security offered by encryption, but the extra restriction(s) placed on the network means it is harder for an intruder to connect to your network. Restriction on DHCP clients works equally well on wired networks.
|Q: Is MAC Address Filtering secure?|
A: No. MAC Address
Filtering does not encrypt data during transmission, and on its
own has been found to be flawed, but it is an added deterrent
when combined with encryption service without additional impact
on performance or connectivity.
|Q: Why must I change the SSID to something unique?|
A: SSID identifies your
network to your wireless devices, so it helps to maintain a
connection to your wireless network if it can be readily
identified. Imagine everyone's router is called (say)
DEFAULT, how can you and your computer know which network is
|Q: I am not getting a good signal around the house, why is that?|
are many reasons for this Location or placement of the
router and/or adapters, physical obstacles and materials, other
radio sources causing interference can all contribute to poor
|Q: How can any physical obstacles affect my signal? I thought it can travel through anything!|
light and sound, radio waves can be absorbed and dampened when
traveling through materials. The degree of degradation
varies from materials. See this
example for an estimate.
|Q: What can I do to improve signal quality?|
are a few things you can try, e.g., change the radio channel
used by your router, place/move the router to a more central
location of the area it is trying to cover, keep other
electronic and electrical devices as far away as possible,
create improved line-of-sight between router and clients (hence
less materials to penetrate), change to a high gain antenna of a
better rating (available from Radio Shack), add wireless
repeaters at strategic locations in the house.
|Q: What is Infrastructure Mode and what is Ad-hoc Mode?|
infrastructure mode network is a wireless network where all
clients are connected to one or more centralized device(s), such
as a wireless router or Access Point, to manage network traffic
flow and connections.
An ad-hoc mode wireless network does not have a central device and all computers are connected to each other directly - a wireless peer-to-peer network.
|Q: I keep reading only channels 1, 6, 11 are good. Does that mean all other channels are bad?|
A: This is an often
misunderstood fact. The reason for being "good" is that
they overlap each other the least among all the channels
available for wireless networks.
Each channel on a router or Access Point is 5MHz apart using radio frequency signals in the ISM (Industrial, Scientific, and Medical) bands. Due to spread spectrum effect, the signal will utilize frequency spectrum up to 12.5 MHz above and below the channel's quoted frequency. This can be best demonstrated by tuning your radio to a radio station. As it approaches the desired frequency it picks up faint signals of the radio station, increasing until it hits the peak/quoted frequency.Hence, two separate wireless networks using neighboring channels, e.g., channels 1 and 2 in the same general vicinity can interfere with each other. Allowing maximum separation between channels will decrease the amount of channel cross-talk and reduce interference, thus improved performance. On a router, the spectrums of channels 1, 6, 11 overlap each other the least. In other words, channel 1 and 2 overlap each other the most, but it doesn't mean channel 2 is bad if no other channel is in use in the vicinity.
There are 2 problems with the argument that only channels 1, 6, and 11 are good.
a) Most manufacturers set their wireless routers and Access Points to these 3 channels by default, so everyone including your own network is using the same 3 channels by default. This over-crowding of channels is also a known cause for interference, and a good reason for changing from a crowded channel to a less occupied one.
b) If one or a few of your neighbors decide to use a channel other than 1, 6, or 11, the spectrum spread from their channels will inevitably also overlap channels 1, 6, and 11.
The general rule of thumb is to select a channel
which is the least crowded and has the furthest separation from
other channels in use.
|Q: If channels 1, 6, 11 are really the only good channels, why not just give us these 3 channels, and forget about the rest?|
A: Because this would create
a very crowded place with everyone being squeezed to operate in
just 3 channels. Just because their spectrums do not
overlap doesn't automatically equate to being good - most
manufacturers default their routers to these 3 channels, which
is why you have a choice to move your router's signal to the
least crowded frequency - this also helps to keep your network
|Q: Why don't the manufacturers give us more channels or have the channels more spread out?|
A: The distribution of radio
frequencies is regulated by governmental bodies like the FCC in
the U.S. It is often unlawful in the relevant countries to
occupy frequencies or channels that has not been assigned by
these bodies for the purpose.
|Additional Reading (may open in a new window)|
|Step-by-step Setup Guide To A Secure Home Wi-Fi Network|
|Connect To An Encrypted Wi-Fi Network With A Hidden ESSID/SSID|
|Windows XP Wireless Zero Configuration (WZC)/Wireless Network Troubleshooting Checklist|
|Wireless signal degradation|
|DoS Vulnerability Threatens Wireless Networks|
|Overview of the WPA Wireless Security Update in Windows XP|
|WPA Wireless Security for Home Networks|
|WPA's Little Secret|
How to Make
Your 802.11b Wireless Home Network More Secure
(also applicable to 802.11a and 802.11g networks)
|Wireless Networking Overview|
|Connect to an available wireless network|
|Configuring Wireless Network Clients|
All rights reserved. No Reproduction
Without Expressed Or Written Permission.