Best Tools for the Job

Wireless Networking 101: Speed and Security

- 2007.01.31 - Tip Jar

Turn on your wireless-equipped laptop in almost any urban area, and chances are you'll find a wireless network just waiting to serve you. These "unsecured" networks are a tremendous boon when out and about, but who hosts these things? Why are they free? What are the dangers? And, the most important question of all, am I one of them?

Welcome to Wireless Networking 101, where you will learn enough about WiFi to talk about WPA2 encryption on your 802.11g access point and sound fairly intelligent doing it. Of far greater importance than sounding intelligent, however, is keeping your network and your data safe. So let's look at the various flavors of WiFi (wireless fidelity), the security options, and what it means to you, both at home on your own network and in the wild on someone else's.

First off, all forms of WiFi are a variant of the 802.11 networking protocol, a system by which radio transceivers are used to connect computers and other devices to one another. 802.11 has been around for well over a decade, although it was Apple's original AirPort base station and card, introduced in 1999 for the original iBook, that made it popular with the general public.

A, B, G, and N

Before AirPort, which uses the "B" version (meaning 802.11b), there was the faster 802.11a, which has longer range and higher speed but requires more expensive hardware. On paper, 802.11b is as fast as old-fashioned 10Base-T ethernet, but in actual use it's slower, with speed dropping quickly as distance increases. Still, while hardly fast by modern standards, an 802.11b connection is faster than many DSL lines, giving few performance reasons for 802.11b users to upgrade for Internet use.

Where the reasons to upgrade come in is when using your wireless connection for non-Internet functions, like file exchange. 802.11g (also known as "G" and AirPort Extreme) is about five times faster than 802.11b, has longer range, and tends to hold its speed better over more of its range. The real benefits to G over B come when copying files to and from network shares.

802.11n (or "N") wireless is the emerging standard, promising up to five times greater speed and better range than G - that's up to 25 times faster than B. Again, B is fast enough to take full advantage of most Internet connections, so N will benefit local networks more than anything else.

Mixing Standards

Here's where it gets interesting: mixing standards. Most newer access points and wireless routers support current as well as older standards. My AirPort Express (Extreme - G) network at home runs on 802.11g, and in its configuration program I have the option to allow 802.11b connections as well.

Why would I enable or disable support for the older standard? Simple - a pure G network will run at full speed, but the second an 802.11b device logs on, the network will slow down for everyone.

I like to play with older PCs and Macs, many of which have built-in 802.11b network cards, so I leave my home network open to 802.11b clients. In the office, I disabled that option on the Linksys wireless access point (WAP) on my network.

At home, we mostly use the wireless network for Internet access, so a slight slowdown when I connect with an older computer doesn't interfere with that, while at work we have all computers connected wirelessly not only to the Internet, but to the server and its resources, so we need all of the speed we can get.

Open Access Points

Now that you know all about B, G, and N networking, let's talk about those open access points that we find so convenient when traveling.

Most of the open networks you find will have names like "Linksys", "Netgear", or perhaps "Smith Family". The first two are defaults on routers sold by, you guessed it, Linksys and Netgear, while the third and names similar will typically be Apple AirPort networks set up in the early days of WiFi when nobody thought much about security.

The easiest way to know if a network is open or not is to try to connect to it. On a Mac, you'll be asked for a password if the network is secured, and Windows XP makes it even easier by showing a lock symbol for protected networks (and none for open networks) with the words "Security Enabled" or "Open" provided for good measure.

Simply put, you need a password or other means of authentication to log onto a secured network, and you don't need anything but a WiFi card to connect to an open network.

Before I get into the various types of security, I'd like to talk a bit about open networks. There are the truly open networks and the paid type, both of which lack password authentication of the access point itself and will allow your computer to connect and obtain an IP address freely. A truly open network will give you immediate access to whatever the access point is connected to, while a paid access point will give you free access only to a preselected IP range - usually the corporate website of the provider and their pay facility - allowing you to pay for an account or day pass. This is what companies like Starbucks (T-Mobile Hotspot) use, and it's a great way to get online when away from home.

A true open network usually belongs to an individual, family, or a very small business that lacks the networking savvy to lock things down.

Security and Privacy

My DSL connection at home is quite fast, and the office connection is even faster, so why shouldn't I share with those in need? Simple: Giving the masses Internet access also gives the masses access to everything else connected to my access point, including my computers and the data stored on them.

Sure, I've got firewalls and run protection software, but there are some very smart people out there with very devious plans, so in my opinion it's best to just lock down your network.

It's even more important in the office. My server is exposed to the Internet through both hardware and software firewalls, and the wireless router is connected behind the server, meaning it's firewall protected through the server and the hardware firewall but lacks a firewall of its own. If that access point wasn't secured, a "guest" would have unfettered access not only to the Internet as filtered by my server but also to the server itself and all of the sensitive information it contains. Not good.

One last word about unsecured networks: They are not secure.

Well duh, but this really does matter. If you're connected to the Internet through somebody's unsecured network, it means that everything you do is out in the open, unencrypted. A clever hacker can sit back and intercept the packets leaving your computer and reconstruct them, thereby recreating your emails, online forms, the credit card information you entered to buy that book, or the words from your instant messages.

I'm not saying not to use an unsecured network, just don't have an expectation of privacy when you're using that unsecured network.

WEP and WPA

Okay, so you want to secure your network. What level of security do you really need?

I'll leave out high-end enterprise level security, most of which requires an authentication server (either your own or a remote service) and concentrate on the simple ones that most routers and access points include right from the box.

WEP and WPA are the two main choices, with subchoices within those two systems. WEP, short for Wireless Encryption Protocol, is a simple password protection system. Put the right password into the system, and you're connected. WPA, or Wireless Personal Authentication, is also a password system, but the password itself is encrypted as it goes between the client (computer) and server (access point).

What that means is that a clever hacker with the right tools can sit near a WEP-protected network and "sniff" the password the first time someone logs on. While WPA isn't perfect, it's a lot harder to break (and even harder on the newer WPA2).

WEP comes in 40-, 64-, and 128-bit encryption levels, but the only difference is the length of the password. WPA gives more choices, with two types of passwords and two levels of encryption, WPA and WPA2. Whether you use the TKIS or AES password is a matter of choice or the limitations of your wireless hardware; there are no real differences in security for non-server systems.

The Problem

You might wonder why everyone doesn't just use WPA2 with a long and complex password, and the answer is simple - not every network component supports it. Generally speaking, any access point, wireless router, and wireless network card made in the last three years supports WPA, but only so-called "enterprise" cards of the last two years and the very latest consumer cards support WPA2.

Most access points also don't support WPA2. I have an old Apple AirPort base station that only supports WEP, while my AirPort Extreme home setup supports WPA and the Linksys Access Point (business model) in the office supports full WPA2.

Likewise, the Intel 3495 WiFi card in my Toshiba Portegé Tablet PC (a business model) supports WPA2, but the wireless card (an Intel 2200) in a friend's consumer model Toshiba Satellite Tablet PC only supports the weaker WPA.

The problem come when you have a mixed environment of different brands and ages of wireless networking components. Apple tends to stay fairly current, with most AirPort Extreme cards in recent Macs supporting WPA2, but older AirPort-equipped Macs only support WPA.

It's even more confusing when using non-Apple hardware, which includes not only PCs but wireless print servers, range extenders, and also PDAs and video game consoles. PCMCIA "PC Card" wireless adapters are the worst, with many supporting WPA, but only a handful supporting WPA2. Worse still are some of the cheap cards that only support WEP - and in the case of some older cards, only the very weak 40-bit WEP or no wireless security at all.

When setting up wireless security you must choose a protocol supported by the least secure device that you will attach to your network.

When setting up wireless security you must choose a protocol supported by the least secure device that you will attach to your network. If you have an older AirPort Mac for example, WPA2 is out of the question, as you are limited to WPA at best - and possibly even WEP, depending on the age of the computer and your software.

As a general rule, 128-Bit WEP is adequate for home use in a detached house, but probably not in an apartment complex. If your hardware all supports it, go with WPA, and if everything you have is very modern, go ahead and use WPA2.

I'm still using regular WPA both at home and in the office because of a few computers that don't support WPA2, but as those are phased out, I plan to upgrade my wireless security.

Most importantly, whether you are using WEP or WPA, pick a long and complex password that includes both upper and lower case letters, as well as numbers and, if your password protocol supports it, symbols. Make your passwords a long, unintelligible jumbled mess, and be sure to change it once in a while. My old WEP password was "kl4hs9H32vB4r", which really rolls off the tongue (and which I will never use again).

Cheap vs. Low Cost

The last thing I can suggest is to avoid cheap networking components. Cheap does not mean inexpensive; it means cheap, as in poor quality garbage.

I purchased a number of PCI wireless cards for my desktop PCs that only cost $17 at Fry's, but they are excellent cards that use the same Atheros chipset as Apple used in many of its AirPort Extreme cards. So close is it that my 7-year-old Power Mac G4 thinks it's a built-in AirPort Extreme and uses the native OS X drivers with it. These wonderful cards were sold under the Gigabyte name and had the Atheros logo on the box, which told me that, despite the price, these were premium cards. The model is GN-WP01GT and usually sell for about $50; the ones I bought were brown-box "OEM" models at $16.99.

What I would avoid are cards from names you've never heard of, unless it's clearly labeled as having an Atheros (fast and good range) or Intel chip. For Macs, you can find generic Atheros cards that will work natively with OS X, but there are no guarantees. Of course, you could always get an $80 Sonnet Aria Extreme, which is just a standard Atheros card, but guaranteed to work natively with OS X (what I bought for my Power Mac before I found the cheap Gigabyte cards).

There you have it. Be sure to set up your wireless network with the fastest protocol you can use and block out slower "B" wireless unless you want to use an older machine. Set up WPA2 (if you can) or WPA security and use a complex password if you can. Finally, connect with quality network adapters with either chipsets from known brands (Atheros, Intel) or sold by companies you trust and that support your system.

Follow that simple advice, and your wireless network will be both fast and secure. LEM

Further Reading

Andrew J Fishkin, Esq, is a laptop using attorney in Los Angeles, CA.

Today's Links

Recent Content

About LEM Support Usage Privacy Contact

Follow Low End Mac on Twitter
Join Low End Mac on Facebook

Page not found | Low End Mac

Well this is somewhat embarrassing, isn’t it?

It seems we can’t find what you’re looking for. Perhaps searching, or one of the links below, can help.

Most Used Categories

Archives

Try looking in the monthly archives. 🙂

Page not found | Low End Mac

Well this is somewhat embarrassing, isn’t it?

It seems we can’t find what you’re looking for. Perhaps searching, or one of the links below, can help.

Most Used Categories

Archives

Try looking in the monthly archives. 🙂

Favorite Sites

MacSurfer
Cult of Mac
Shrine of Apple
MacInTouch
MyAppleMenu
InfoMac
The Mac Observer
Accelerate Your Mac
RetroMacCast
The Vintage Mac Museum
Deal Brothers
DealMac
Mac2Sell
Mac Driver Museum
JAG's House
System 6 Heaven
System 7 Today
the pickle's Low-End Mac FAQ

Affiliates

Amazon.com
The iTunes Store
PC Connection Express
Macgo Blu-ray Player
Parallels Desktop for Mac
eBay

Low End Mac's Amazon.com store

Advertise

Well this is somewhat embarrassing, isn’t it?

It seems we can’t find what you’re looking for. Perhaps searching, or one of the links below, can help.

Most Used Categories

Archives

Try looking in the monthly archives. 🙂

at BackBeat Media (646-546-5194). This number is for advertising only.

Open Link