Inexpensive Radius Server Gives Wireless Networks The Security They Need

Many small businesses have considered connecting computers and other devices to their corporate network via wireless (WiFi) connections, and a brave few have actually done so. Many of these early networks required that wireless devices be Many small businesses have considered connecting computers and other devices to their corporate network via wireless (WiFi) connections, and a brave few have actually done so. Many of these early networks required that wireless devices be carefully placed within the building so that the wireless signal reached all intended recipients. Typically, these networks lacked adequate security features, which left them vulnerable to information and resource theft by unauthorized persons. These two problems have now been largely solved, meaning that it may be time for more small businesses to look into the potential advantages a wireless network can offer.

Wireless Networking Basics

Building a wireless network requires two distinct types of hardware components, wireless access points, and wireless access cards. The wireless access point is a device, which is attached to an existing computer network via a standard Ethernet cable. It has an antenna on it, which allows it to broadcast and receive signals from PCs and other devices. Each device wishing to communicate with the access point needs a wireless access card, which also contains an antenna. The current wireless standard, called 802.11g, allows for up to 54 megabits of data per second to be transmitted between the desired access point and the access card. While not quite as fast as wired networks, which typically run at 100 megabits to 1000 megabits per second, wireless networks offer more flexibility, and can be less expensive to install. This is especially true for older buildings where installing cable can become cost prohibitive.

Cutting Corners

Wireless networks use radio frequency waves to transmit information, and thus they are susceptible to being blocked by walls and other obstructions in a building. These obstructions can cause “dead zones” where the radio waves are unable to reach their intended recipients. Microwave ovens and other radio frequency emitting devices can also wreak havoc on wireless signals. The solution is to place your wireless access points strategically around your building so that interference is minimized. When the distance from a wireless access point to the wireless device is more than a few dozen meters, wireless repeaters can be installed to boost the signal. These repeaters can also be placed so that the wireless signals can be accessible from all corners of the building.

Wireless Network Security Solved

Installing a simple wireless network is pretty straightforward, but installing a secure wireless network can be substantially more difficult. However, an Ann Arbor company called Interlink Networks now offers their LucidLink products, which make installing comprehensive wireless network security a snap. Before LucidLink became available, an organization wishing to lock down their wireless network would need to hire expensive network security consultants to install and manage the wireless portion of the network. LucidLink packages all of this expertise into a software add-on that is so easy to use that even a small company’s office manager can easily take control over who is accessing the company network via wireless. It goes above and beyond simple address authentication (standard with most wireless routers), and implements what is called a RADIUS server. RADIUS servers are what large organizations spend thousands of dollars installing and maintaining in order to secure their large (1000+ node) wireless networks. Until now, installing a RADIUS server was out of the price range for all but the largest companies. In contrast, LucidLink’s product can be purchased for as little as $99 for a 3 user Home Office Edition, $449 for a 10 user version, and goes up to $3995 for a 250 user version.

Summary

While there are still issues with making sure that all areas of a building are covered, the current WiFi standard (802.11g) has a more powerful signal, meaning less emphasis needs to be placed on the locations of attached devices. However, it is still recommended that a professional site survey be done to verify that all required areas of the building can be reached by the wireless signal. Meanwhile, Interlink Networks has finally solved the security problem at a price that is affordable for small and medium sized business.
  Placed within the building so that the wireless signal reached all intended recipients. Typically, these networks lacked adequate security features, which left them vulnerable to information and resource theft by unauthorized persons. These two problems have now been largely solved, meaning that it may be time for more small businesses to look into the potential advantages a wireless network can offer.

Wireless Security – What You Should Know

Wireless networking is one of the simplest ways that a person can access networks and the Internet. With the advent of wireless networking, even people and areas who cannot invest in heavy infrastructure for internet connections, etc have been able to procure at least the basic internet connectivity. Wireless networks are basically used by people who are always on the move, and therefore cannot use the Internet in a wired atmosphere. Therefore, wireless networking is mostly seen in laptops and mobile internet devices like GPRS enabled cell and smart phones.

However, wireless networking faces its biggest issue – wireless security. Because the machines and the devices that are used to access a wireless network are ambiguous, no wireless network is cent percent safe today. Also, wireless networks suffer from the ignorance of the wireless network users, both at the corporate levels as well as the personal usage level.

One of the most common problems that wireless networking experiences is unauthorized access. This happens simply because most companies and organizations keep their networks accessible without any password or security. This allows almost anyone to latch onto their network, not knowing either the problems that are created out of this action, nor knowing that they are on a proprietary network.

If your company or your organization has a wireless environment, it is very necessary that the environment is secure. Any wireless network can be hacked and it can have serious ramifications for the network and the company. For one, the company can lose some of its critical and secretive data if a person is able to hack into their computers through their network. Also, the hacker can install a virus in all the computers of the network, so that the productivity of the company or organization is lowered.

One of the first actions that a wireless network owner should take is to add the authentication aspect to the wireless network. With this, anyone who wishes to use the wireless network would have to authenticate themselves, before they can use the network.

Also, you would have to make a strong password that allows anyone to access your wireless network. There are several tools that are available online, which you can use to make a strong password. You can make a password that goes till even ten alphabets. Digits should be made compulsory when it comes to making passwords.

These are just some of the aspects that you have to keep in mind while ramping up your wireless security.

300,000 iPads sold on day 1

Apple today announced that it sold over 300,000 iPads in the US as of midnight Saturday, April 3. These sales included deliveries of pre-ordered iPads to customers, deliveries to channel partners and sales at Apple Retail Stores. Apple also announced that iPad users downloaded over one million apps from Apple’s App Store and over 250,000 ebooks from its iBookstore during the first day.

Apple CEO Steve Jobs also gave us a hint as to how the iPad might influence future iTunes spending:

“It feels great to have the iPad launched into the world-it’s going to be a game changer,” said Steve Jobs, Apple’s CEO. “iPad users, on average, downloaded more than three apps and close to one book within hours of unpacking their new iPad.”

Wi-Fi on the iPad

(ZyXEL ANT1106 802.11b/g/n Omni-Directional High-Gain Antenna)

So you Apple released was on Saturday: It's marvelous--certainly the best computing device ever produced of its size or nature. The iPad handles 802.11a/b/g/n with 2.4 and 5 GHz support for the appropriate standards. 

The flavor that adds 3G and a GPS receiver is due "in late April," according to Apple. With the no-contract deal Apple snagged for 3G use with AT&T, I'm curious to see what non-US carriers agree to as 3G iPads are launched in other countries.

WI FI HACKERS!

It’s an invasion with a twist: People who think they are signing on to the Internet through a wireless hotspot might actually be connecting to a look-alike network, created by a malicious user who can steal sensitive information, said Geoff Bickers, a special agent for the FBI’s Los Angeles cyber squad.

It is not clear how many people have been victimized, and few suspects have been charged with Wi-Fi hacking. But Bickers said that over the last couple of years, these hacking techniques have become increasingly common, and are often undetectable. The risk is especially high at cafes, hotels and airports, busy places with heavy turnover of laptop users, authorities said.

“Wireless is a convenience, that’s why people use it,” Bickers said. “There’s an axiom in the computer world that convenience is the enemy of security. People don’t use wireless because they want to be secure. They use wireless because it’s easy.”

For Mark Loveless, just one letter separated security from scam.

Logging on to his hotel’s free wireless Internet in San Francisco last month, Loveless had two networks to choose between on his laptop screen — same name, one beginning with a lowercase letter, one with a capital. He chose the latter and, as he had done earlier that day, connected. But this time, a screen popped up asking for his log-in and password.

Loveless, a 46-year-old security analyst from Texas, immediately disconnected. A former hacker, he knew an attack when he saw one, he said.

Most Internet users do not.

About 14.3 million American households use wireless Internet, and this figure is projected to grow to nearly 49 million households by 2010, according to JupiterResearch, which specializes in business and technology market research.

“There’s literally probably millions of laptops in the U.S. that are configured to join networks named Linksys or D-Link when they are available,” said Corey O’Donnell, vice president of marketing for Authentium, a company that provides security software. “So if I’m a hacker, it’s as easy as setting up a network with one of those names and waiting for the fish to come.”

Linksys and D-Link are two of the many commercial brands of wireless routers, products that allow a user to connect to the Internet using radio frequency.

As the field of wireless connectivity expands, so too does a hacker’s playground. More than 300 municipalities across the country are planning or already operating Wi-Fi service.

Los Angeles Mayor Antonio Villaraigosa last month announced plans for citywide Wi-Fi in 2009. USC already offers free wireless, and by the end of March, Los Angeles International Airport will officially offer wireless at all its terminals under a new contract with T-Mobile.

Some airlines already offer Wi-Fi at LAX. “There are no signs for any service at all, so if any passenger is accessing a free wireless service … they should be cautious,” said Nancy Castles, an airport spokeswoman.

A survey at Chicago’s O’Hare Airport by Authentium revealed 76 peer-to-peer networks, or access points that are connected to via another user’s computer, with 27 of them advertising access to free Wi-Fi — a trademarked term for the technical specifications of wireless local area network operation. The company also found that three of the networks had fake or misleading addresses, one sign the hotspots could be hackers.

“At a busy place like O’Hare, in one hour a bad guy could get 20 laptops to connect to his network and steal the users’ account information,” said Ray Dickenson, vice president of product management at Authentium, who conducted the survey last September.

Corporate networks are sometimes the most vulnerable, as employers push for a more mobile workforce without always educating its users on the security risks of wireless Internet.

Many workers rely on corporate firewalls in the office and an automatic default network setting that links them to their corporate networks. Outside the office, the firewall is no longer in place. That means the computer is unprotected. Once hackers have “got a toehold in a network, it’s pretty much game over,” Bickers said.

Most laptops are configured to search for open wireless points and common wireless names, whether or not the user is trying to get online. That leaves people open to hacking.

In two new attacks, called “evil twin” and “man in the middle,” hackers create Wi-Fi access points titled whatever they like, such as “Free Airport Wireless” or an established, commercial name.

In the “evil twin” attack, the user turns on a laptop, which may automatically try to connect. When it does, it is connecting to a fake access point, or “evil twin,” and the hacker gets into personal files, steals passwords or plants a virus.

The hacker can become a “man in the middle” when he funnels the user’s Internet connection through this false access point to a true wireless connection. The unsuspecting Wi-Fi surfer may then proceed to enter credit card information, access e-mail or reveal other sensitive data that can be tracked by the hacker. Meanwhile, the session appears ordinary to the user.

Although the FBI has been aware of this kind of attack for about five years, its use has increased in the last couple of years and is being seen as a “huge threat,” Bickers said.

“The actual tools you need, the software, the hardware, etc., to mount this sort of attack has become insanely easy to acquire,” Bickers said. “You need a laptop, wireless radio and the ability to download a free tool and run it. It literally is child’s play.”

The creation of the access point itself is not generally considered criminal; it’s what happens next — tracking people’s Internet use — that can cross the line.

These hacking techniques are considered to be “tantamount to a computer intrusion and illegal interception of wireless communication that can be prosecuted under federal law,” Bickers said.

But computer evidence and statistics are hard to come by, said Arif Alikhan, a former federal prosecutor and former chief of the cyber and intellectual property crimes section for the U.S. attorney’s office in Los Angeles. People can unwittingly compromise their computers in a multitude of ways, and often there’s no trace.

“You can tell how many burglaries occur because you’re victimized, and someone knows they’re victimized,” Alikhan said. “People don’t always know if someone is using their wireless network, and it’s very difficult to tell unless you trace back every single connection…. It happens more than I think we all realize.”

The U.S. attorney’s office will not comment on pending investigations; however, wireless hacking cases are relatively new, and few if any current cases involve “evil twin” or “man in the middle” attacks, law enforcement authorities said.

“This is a classic case of law and law enforcement being a little behind the technological curve,” Bickers said.

Other types of wireless-related Internet hacking cases have recently popped up across the country.

Nicholas Tombros was found guilty in 2004, under the federal Can-Spam Act, of “war-spamming.” He drove around the Venice Beach area with his laptop and used unprotected wireless access points to send spam. He could receive up to three years in federal prison at his sentencing next month.

He is the only defendant who has been charged in a case involving wireless hacking by the Greater Los Angeles section of the U.S. Department of Justice’s cyber and intellectual property crimes division since it was established in October 2001, according to Assistant U.S. Atty. Wesley L. Hsu, deputy chief of the section.

“They are technically difficult cases…. They’re difficult cases to put together, so law enforcement is having to sort of catch up,” Hsu said.

On Sept. 30, Gov. Arnold Schwarzenegger signed into law the Wi-Fi User Protection Bill, which aims to block unauthorized sharing of open Wi-Fi networks and inform users of the dangers of unsecured networks. Starting in October, warnings and tips will be required on all wireless home-networking equipment sold in California.

The law specifically addresses “piggybacking” — or the use of another person’s wireless network to access the Internet — a problem that security experts say has been a concern for years.

Linksys WVC54GCA Webcam 640×480 802.11G Wireless Internet Home Monitoring Camera

The Linksys Compact Wireless-G Internet Video Camera sends live video through the Internet to a web browser anywhere in the world This compact, self-contained unit lets you keep track of your home, your kids, your workplace -- whatever is important to you. Unlike standard "web cams" that require an attached PC, the Internet Video Camera contains its own web server, so it can connect directly to a network, either over Wireless-G (802.11g) networking, or over 10/100 Ethernet cable. Choose either MPEG-4 or Motion JPEG video compression for a high-quality, high-framerate, up to 640x480 video stream.

Brother HL-2170W 23ppm Laser Printer with Wireless and Wired Network Interfaces

Versatile and Professional
This monochrome laser printer not only warms up in less than 10 seconds and prints up to 23 pages per minute to give you near-instant access to important reports, documents, and annual family letters when you need them, it also includes a manual bypass feeder for professional printing on envelopes and letterhead. The high-quality resolution (up to 2400 x 600 dpi) of this personal black-and-white laser printer reflects the time and care that you put into each document, while giving you the benefits of low cost per page laser output. The printer also includes 32 MB memory, and a 250-sheet capacity tray that can conveniently accommodate standard, legal, and custom-sized paper.

Built-In Wired and Wireless Networking 
Perfect for family or home offices, the HL-2170W gives you the option to connect the printer via USB, Ethernet, or 802.11b/g wireless networking. Brother makes wireless setup a snap; for users with wireless access points that support SecureEasySetup, Wi-Fi Protected Setup, or AOSS, you can automatically configure your wireless settings by simply pressing a button on your router.
Ergonomic and Energy Efficient
The Brother HL-2140 17.9-by-18.7-by-14.2-inch efficient design features a toner save mode for extended toner life as well as sleep mode. Easy to set up and a breeze to use, this printer is compatible with both Mac and Windows operating systems, and includes an animated user-friendly tutorial to help answer common support and maintenance questions.
Environmentally Friendly Design
For added peace of mind, this machine is Energy Star compliant, which means it helps save the environment while saving you money. (Energy Star is a joint program of the U.S. Environmental Protection Agency and the U.S. Department of Energy promoting energy efficiency).
This personal laser printer is backed by a one-year limited manufacturer's warranty.
What's in the Box
HL-2170W laser printer, starter toner cartridge and instruction kit.

Share your home broadband connection across multiple devices.

One option is to use the disk that came with the router. Most vendors ship a CD in the packaging that contains a program that will locate the router and set things up automatically for you. I recommend you use it if you do not understand much about networking as it will really simplify everything and give you exact instructions on what to do for your make and model of router.

If this is not an option you will likely need to log in to your router via your browser. There will be an instruction booklet showing you how to plug your computer and modem into the router. The modem’s network cable will plug into the socket labeled “WAN.” Your computer will plug into one of the numbered sockets. I like to physically connect the computer and router for this part because it’s easier to use wires for this setup than attempt to connect via wireless.

Once everything is plugged in, look in your routers manual for the default settings. There will be a default user name and password listed, as well as a default IP address. The address is usually 192.168.1.1. You will enter this into your Web browser with the http:// in front, and you should be prompted for a user name and password. Enter these and it will take you to the administration screen.

The first thing you will want to do is set a new router password. This is the password that lets you into the router administration panel. It is not related to wireless or network settings. There should be a link to set a password either in the menu, or perhaps as part of the basic settings page. As every brand of router has slightly different menus, you may have to hunt a little bit for these settings. When in doubt, read the instruction manual or refer to the documentation link in the administration page.

In the basic settings menu you’ll find many different options. For most of these settings, you will want to use the default settings. The exception is if you use DSL and have to enter a login and password to enable your Internet connection. You will want to enter that information.

I would also recommend that you leave any of the IP address settings as default. There are certain IP address subnets that are blocked off for private network use. These include the 192.168.x.x addresses, as well as 10.x.x.x addresses. You will likely see the 192.168.1.1 listed here as a gateway address. You will probably also see a subnet mask field. If your gateway IP is 192.168.1.1, your subnet mask should be defaulted to 255.255.255.0. A subnet mask is basically used to determine which network a device belongs to.

In addition, you will also want to make sure that the router is acting as a DHCP server. What this means is that it will be assigning IP addresses automatically to any device that you attempt to connect to the network. Usually there will be fields to enter the starting address for the DHCP. if your gateway is 192.168.1.1, your starting address will likely be 192.168.1.2.

Cisco Plumbs Home Wireless Market With New Routers

Cisco Systems Inc. said it will begin selling a new line of home-market wireless routers that the networking giant is touting for its modest design, ease of use and potential for widespread appeal.

The vendor is offering its fresh brand of consumer routers, called the Valet, in two versions at different functionality and price points.

Cisco also added to its roster of home-focused wireless routers with four new units under the Linksys E-Series banner.

Cisco differentiated the Valet and Linksys offerings in part based on technical complexity, positioning the E-series as suitably powerful for its core audience of technology-minded users, while still retaining the simplicity that consumers require.

The basic Valet model is aimed at the small- to medium sized home market containing primarily wireless devices, and is priced at $99.99. The Valet Plus unit is aimed at medium- to large-sized homes containing a mix of wireless and wired devices, and is priced at $149.99.

The Valet Connector, priced at $79.99, upgrades older computers to wireless and is offered as a complementary device to the Valet routers.

Cisco said that the Valet routers are available now at Amazon.com, Staples and at the Cisco web site. Retailers Best Buy, Target, Wal-Mart and others ultimately will sell the units, Cisco said.

The introduction of the Valet routers marks a departure in Cisco’s strategy for the home wireless market as the vendor previously has sold consumer-oriented routers only under its Linksys brand.

New Linksys consumer routers

Cisco’s new Linksys E-series consists of four routers ranging in price from $79.99 to $179.99 and includes the Cisco Connect software. Officials said that the E-series allows users to customize and control their wireless network settings to match their preferences.

An entry level model, called the E1000 Wireless-N router, priced at $79.99, connects devices at transfer speeds up to 300 Mbps, uses Faster Ethernet ports, and is aimed at general wireless Internet use; the E2000 Advanced Wireless-N model, priced at $119.99, includes four Gigabit Ethernet ports, features dual band technology, and is aimed at connecting computers, gaming consoles, HDTVs and Blu-Ray players.

In addition, the E2100L Advanced Wireless-N router with Linux OS, also priced at $119.99, uses the Linux operating system for network customization, features four Fast Ethernet ports and built-in UPnP AV Media Server to stream media content to an Xbox 360, PS3 or other device. At the top of the line is the E3000 High Performance Wireless-N router, dual band, priced at $179.99, and containing all the high performance features of the other models.

A high-performance, Wireless-N USB adapter, priced at $69.99, also is available.

The E-series models are available at the same outlets as the Valet line and at the Cisco web site.

In unwrapping the Valet and Linksys E-series routers, Cisco officials pointed to increased consumer demand for wireless products, offering up statistics from researcher International Data Corp. that slightly more than 30 percent of U.S. homes are set up for wireless use, along with data from ABI Research on the heft of the market, specifically that some 264 million wireless-enabled products--including mobile phones, gaming systems and music players, shipped worldwide last year.

802.11n: Lessons Learned - Part 1

Since early 2008, Xirrus has deployed over 1,000 802.11n Wi-Fi networks for universities, K-12
school districts, enterprises, hospitals, conventions centers, and other customers. During the
design and implementation of these networks, Xirrus has gained a wealth of experience and
knowledge in 802.11n technology and what it takes to successfully install and operate high
performance, resilient 802.11n networks.
This White Paper outlines key lessons Xirrus has learned from our 802.11n deployment
experience. Every network is different, but as our experience has shown, following several key
guidelines will help optimize new 802.11n networks to achieve maximum performance and
robustness towards the ultimate goal of using wireless to replace wired networks.
Network Design
Proper planning is crucial prior to deploying 802.11n networks. Appropriate planning is a good
idea with any 802.11 network, but it is especially important with new 802.11n networks because:
1. 802.11n will be used more often as the primary network connection compared with
802.11abg
2. 802.11n has more flexibility and configuration options than legacy Wi-Fi, so network
designs must take into account end-user needs in order to optimize performance and
robustness.
There are five key parameters to look at for a proper 802.11n network design, as reviewed in the
sections below.
Site Survey
Executing an active site survey prior to deploying Wi-Fi equipment (whether a Xirrus Array or
other AP) is important because it lets the network administrator know exactly where equipment
needs to be placed prior to deploying. With an active site survey, real equipment is taken on site
and used to determine the best placement prior to pulling cables and drilling walls for the actual
installation. Rather than doing an active site survey some Wi-Fi vendors and network designers
merely guess at the location of APs by looking at floor plans and assuming that the RF
propagation of all buildings is the same. Active site surveys are always important with Wi-Fi, but
they are especially important with 802.11n networks for the following reasons.
MIMO
To improve throughput, 802.11n networks use Multiple Input Multiple Output (MIMO). MIMO
increases overall throughput by using multiple antennas and signals to send the traffic. With
MIMO, rather than having a single high-powered stream carrying the data traffic, there are 2 or 3
lower powered streams carrying the data traffic. In general, MIMO increases network and station
performance, however because of MIMO 802.11n penetration, characteristics are more
dependent on the environment; MIMO can be affected by wall and other objects differently than
standard transmission techniques. Before deploying an 802.11n network, it is imperative to see
how 802.11n radios will behave in the current environment and not assume that the RF
propagation will be the same as existing 802.11abg networks.

 Lesson Learned: Because of MIMO, 802.11n RF propagation can be
significantly different than with traditional 802.11abg networks. An active site
survey should always be done to tests the RF characteristics of the
environment prior to deployment.
Dual-band Coverage
A discussed in the RF Design section later in this White Paper, operating 802.11n in the 5GHz
band is a key requirement to fully realizing the benefits of 802.11n. When doing a site survey, it is
imperative that readings be taken for both 2.4GHz and 5GHz. In most environments, 2.4GHz will
propagate further than 5GHz. If 5GHz is to be used in 802.11n networks (as is highly
recommended), the survey should take readings in both bands and both should be seen from all
areas to be covered.
The diagrams below show the results of a standard survey for 802.11n. As can be seen, the
coverage characteristics of 2.4GHz and 5GHz are different, with 2.4GHz providing coverage
where 5GHz does not. Adjusting equipment location or adding additional equipment may be
necessary to provide full 5GHz band coverage, and hence realize the benefits of 802.11n’s high
performance.

2.4GHz Coverage 5GHz Coverage

 Lesson Learned: When doing site surveys, look at both 5GHz and 2.4GHz
bands. 802.11n can operate in both bands and to fully realize its benefits, both
bands should be supported throughout the entire network.

Multiple Radios
Another consideration when doing a site survey is ensuring that multiple radios are available at a
sufficient RSSI level (Xirrus recommends -72dBm or greater for most applications) from every
area to be covered by the Wi-Fi network. For a resilient, dynamic connection there should be
multiple radios from which a station can choose in case one of the radios is heavily utilized or if
one of the radios goes down. The table below shows the signal readings from a sight survey of
an actual Xirrus customer survey. As one can see, multiple 2GHz and 5GHz channels can be
seen with strong signal coverage (-72dBm or higher).