There are many
different kinds of technologies that allow for the wireless
transmission of digital information through the air. These include
Wi-Fi, Bluetooth, infrared, and cellular.
Wi-Fi
The most well known
is the 802.11 family of protocols, more commonly known as Wi-Fi. In
a typical Wi-Fi setup, all computers connect to a central device
called a WAP
(wireless access point). WAP is the technical term for “wireless
router”. Every wireless network has a service
set identifier (SSID), which is a human-readable name for
the network. The SSID is what appears when you search for available
wireless networks in your device's Wi-Fi settings. The WAP
broadcasts the SSID so new devices can find and connect to the
network.
For small buildings,
like a SOHO (small office/home office) environment, only one WAP is
needed because its signal can reach all or most parts of the
building. This is referred to as a Basic
Service Set (BSS). However, larger buildings cannot make
due with just a single WAP. In this situation, multiple WAPs are
strategically placed throughout the building, and are joined together
into an Extended Basic Service
Set (EBSS). In a EBSS, all the WAPs have the same SSID,
so as you roam around the building, your device automatically
switches WAPs based on whichever has the strongest signal.
Securing your WAP
Hiding the SSID:
It's possible to configure a WAP to not broadcast its
SSID, which helps prevent unauthorized people from accessing it.
Enabling MAC
address filtering: Every computer device has something called a
MAC address, which is a 48-bit, globally unique identifier. You can
provide your WAP with the MAC addresses of all your devices so that
no other devices are allowed to connect.
Changing the
admin password: Many WAPs leave the factory with identical
administrator passwords. Change it! The administrator password is
used to access the configuration settings of the WAP (usually through
a web interface), so it's important to have a strong and unique
password.
Controlling
physical access: Many WAPs have a handful of Ethernet ports on
them. Connecting a computer to one of these ports bypasses all the
wireless security that is in place, so you should either disable
these ports or place your WAP in a location that only authorized
personnel can access. Also, when you buy internet service for your
home, the ISP often provides you with a WAP that has the Wi-Fi and
administrator passwords stamped onto the case. So if you don't want
to change them, make sure the WAP isn't in a place that can be seen
by strangers (like your window sill!).
Ad Hoc Mode
Connecting to a
wireless network through a WAP is referred to as “infrastructure
mode”. But it's interesting to note that a WAP isn't
required to network computers wirelessly. In “ad
hoc mode” (also sometimes referred to as “peer-to-peer
mode”), computers connect directly with each other to form an
Independent Basic Service Set
(IBSS). This is useful if a WAP isn't available and the number of
computers you need to network is small.
Antennas
The antenna most
commonly used by WAPs and computer devices is a dipole
antenna, which is a type of omni-directional antenna. They look like a stick but actually have two
antennas inside them. Some WAPs have detachable antennas, which
gives you the option of installing larger, more powerful ones.
Signal strength
(called “gain”)
is measured in decibels (dB). Most WAPs broadcast at around 2 dB,
and some let you adjust this. You might think that the higher the
gain, the better, but not always. Lowering the gain to an amount
that just barely covers your building will prevent your neighbors
from being able to connect to your network. This also does your
neighbors a favor because it lowers the amount of RFI (radio
frequency interference) that their wireless networks will have to
contend with.
The orientation of
the antenna matters. This is called polarization.
If an antenna is standing straight up, it has a vertical
alignment. If it is laying flat, it has a horizontal
alignment. Since the antenna in your laptop is located in
the lid next to the screen, it generally has a vertical alignment
when the lid is open. In order to communicate effectively, the
antennas of the computer and the WAP must have similar polarities.
It's good practice to tilt the WAP's antenna to a 45 degree angle to
accommodate the largest variety of polarities.
Wi-Fi Security
Protocols
Because all
communication is traveling through the air, anyone with the right
equipment and skills can intercept this communication and read
it—just like tuning your car radio to a radio station. Unlike
radio broadcasts, the information that travels through Wi-Fi networks
can be very sensitive. To help protect your privacy, various
security protocols have been released over the years.
WEP. Created
in 1997, this protocol encrypts all communication with 40- or 104-bit
encryption. And it was not very secure. For one, it uses the same
encryption key to encrypt all communication with all client
computers, which makes it possible for a single computer to listen in
on everyone else's communication. And in 2001, a serious encryption
flaw was discovered which allowed a WEP key to be cracked in minutes.
WEP was officially retired in 2003 and replaced by WPA.
WPA. This
protocol corrects WEP's weakness of using a single encryption key by
changing the encryption key for every packet of data that is
transmitted (called TKIP).
The encryption key size was also increased to 64- or 128-bits. And
it includes a feature which prevents malicious clients from altering
and resending data packets. WPA was only intended for temporary use
until the WPA2 standard was finalized.
WPA2.
Finalized in 2006, WPA2 includes all of the improvements that WPA
brought to the table, as well as an improved encryption algorithm
called AES. AES is a
very strong algorithm that no one has been able to find a significant
flaw in (yet). In fact, the U.S. government approved it to be used
for transmitting classified information in 2003. WPA2 is currently
the most secure wireless security standard, and it's what all your
devices should be using. WAPs that support “mixed-mode” allow
devices to connect using either WPA or WPA2 (for older devices that
do not support WPA2).
WPS. What if
you want to connect a device like a printer or scanner to your Wi-Fi
network? Because these devices often lack display screens, how are
you supposed to give it the SSID and password of your Wi-Fi network?
Enter WPS. It allows you to connect a device to a network with as
little as two button presses. First, you press the WPS button on the
device. Then, you press the WPS button on the WPA (your WPA must
support WPS). And bingo, it's connected. However, it has a major
security flaw. It also allows you to connect devices to it using an
eight-digit code, which an attacker could use to brute force his way
into the network. Therefore, security experts recommend that you
turn WPS off if your WAP supports it.
Sidenote: HTTPS
You might be nervous
about transmitting sensitive information over a wireless network,
especially if it is a public Wi-Fi network, like the one at Starbucks
or your favorite coffee shop—AND YOU SHOULD BE! Even if the network uses
the best possible encryption standard (WPA2), not only could someone
theoretically discover a flaw at any time and start intercepting your
data, but the owners of the WAP could theoretically configure their
WAP to intercept and log all information that travels through it!
Or, attackers could set up their own WAP within range of the
legitimate WAP and configure their WAP to broadcast an SSID which is
identical to that of the legitimate WAP, causing your device to
connect to the attacker's WAP instead of to the legitimate one (if I
recall correctly, this was done at the 2016 Olympics in Rio).
However, you need
not worry as long as you are browsing secure websites (using the
HTTPS protocol) and using apps that use secure connections. The
encryption standard that protects you is called SSL.
When using this standard, your computer encrypts the data before
sending it over the air. What’s more, the data can't be decrypted
until it reaches its intended recipient. So even if someone
intercepted your communication, they wouldn't be able to make any
sense of it because it is encrypted. God forbid if someone breaks
SSL—the internet as we know it would grind to a halt, because this
standard is what makes possible such things as online shopping and
online banking!
The 802.11 family
of protocols
A number of
different Wi-Fi protocols have been released over the years, each of
which have different characteristics. These are the low-level
protocols that the security protocols discussed above run “on top
of”. I'll refer you to my
Computer
Networks 101 blog post for a description of these protocols.
Bluetooth
For short-range,
wireless communication, Bluetooth is often used. It is designed to
do very specific things and is not intended to be general purpose,
like Wi-Fi is. A Bluetooth network is called a PAN
(personal area network). It is extremely resistant to RFI (radio
frequency interference) due to the fact that it hops frequencies
about 1,600 times per second.
Every Bluetooth
device is assigned a “class”, based on its range. Lower class
devices use less power because they don't have to transmit as strong
of a signal.
Class 1 |
100 meters |
Class 2 |
10 meters |
Class 3 |
1 meter |
Many different
versions have been released over the years (summarized in the table
below):
Version |
Max speed |
Description |
1.1, 1.2 |
1 Mbps |
|
2.0, 2.1 |
3 Mbps |
A feature called Enhanced Data Rate (EDR) improves its max
speed. |
3.0 + HS |
24 Mbps |
The high speed (HS) feature is optional and uses a Wi-Fi
network to achieve the full 24 Mbps bandwidth. |
4.0, 4.1, 4.2
“Bluetooth Smart” |
24 Mbps |
Focuses on power consumption, security, and IP connectivity. |
5.0 |
24 Mbps |
Focused on the “Internet of Things”, aims to be low power. |
Infrared
Infrared is most
commonly used in remote controls, like the one for your television.
But it can also be used to transmit digital information. The
Infrared Data Association (IrDA) protocol uses infrared light as its
communication medium. However, it is very limited. It only supports
speeds of up to 4 Mbps and is half-duplex. And it only has a max
range of 1 meter. Plus, it relies on line of sight communication
(any physical object placed in its way will break the link). Because
of these limitations, IrDA no security features—why bother make any
when the computers have to be so close to each other and it’s so
easy to block the signal? Note that some computers have what looks
like an infrared receiver, but these are usually used for remote
controls, not for IrDA.
Cellular
Lastly, we have
cellular. Cellular data connections are often referred to as 1G, 2G,
3G, or 4G. These do not refer to specific standards, but are loose terms that refer to
how recent and fast the underlying technology is. At the present
time, the fastest cellular technology is LTE. It is considered 4G
and theoretically supports speeds of up to 300 Mbps download and 75
Mbps upload.
If you are not in
range of a Wi-Fi network, you can tether
your device to your cell phone. My understanding of this is that you
can download apps that do this, but you need to jailbreak your device
in order for them to work.
References