A Wireless LAN (WLAN) is a self-contained network of two or more computers connected using a wireless connection.
A typical WLAN consists of:
- client systems (a desktop, laptop), or personal digital assistant (PDA),
- wireless connectivity devices such as access points. The access points interconnect these client systems in a wireless mode or can connect to a wired network.
Understanding SSID: The Network's Identity and Security Key
To associate to a wireless network, clients must know the Service Set Identifier (SSID). From the experience of a user, the SSID is the name of the wireless network. However, the SSID functions like a password.
Most wireless access points (WAPs) broadcast their SSID using beacon frames. They have information about the communication process, such as the SSID, channel number, and security protocol information. This allows end users to click on a list of available wireless networks and then connect to the right network.
For rudimentary security, administrators can turn off the broadcast of the SSID. Then the network will appear in the list as a “hidden network.” Users will be prompted to enter the SSID before they can connect.
If all a user needs to know to associate to the wireless network is the SSID, the network is considered an “open” network. Open networks available to the public are also called hotspots.
Open networks do not have any form of encryption. Data sent across an open network can be seen by anyone with a packet sniffer. That is why when users connect to open wireless networks, it’s recommended to add a VPN connection.
Open networks usually have a captive portal.
Captive portal - a web page that opens when the client connects to the wireless network.
A captive portal usually will have a disclaimer and ask the user to agree to behave legally while connected to the network. If the network requires users to log in to use the network, it will have the login dialog box.
Frequency Bands: 2.4 GHz, 5 GHz, and 60 GHz
A wireless networking technology (Wi-Fi) uses radio waves to provide wireless high-speed Internet access. The modern wireless LAN technologies, that conform to the various IEEE 802.11 standards, use the 2.4 GHz and 5 GHz bands.
802.11b/g/n/ad devices all operate at 2.4 GHz.
802.11a/n/ac/ad devices operate at 5 GHz.
802.11ad devices operate at 6 GHz.
Standard | Year | Speed (Mbps) | Frequency (GHz) | Range (Meters) | Features |
802.11a | 1999 | 54 | 5 | 20 | |
802.11b | 1999 | 11 | 2.4 | 100 | |
802.11g | 2003 | 54 | 2.4 | 100 | |
802.11n | 2009 | 600 | 2.4/5 | 70 | MIMO |
802.11ac | 2013 | 6933 | 2.4/5 | 100 | MU-MIMO |
802.11ax | 2021 | 9608 | 2.4/5/6 | 240 | OFDMA |
Starting with 802.11n, Wi-Fi devices support a technology called multiple-input multiple-output (MIMO). With MIMO, signals are sent via multiple paths at the same time. By sending the data via multiple paths, if one path is blocked, the data still arrives.
802.11ac (Wi-Fi 5) introduced Multi-User MIMO (MU-MIMO). MU-MIMO works like MIMO but manages multiple devices more efficiently.
802.11ax (Wi-Fi 6) improved on how signals could be sent by using Orthogonal frequency-division multiple access (OFDMA).
OFDMA is a multi-user version of the orthogonal frequency-division multiplexing (OFDM) digital modulation scheme. OFDMA achieves multiple access by assigning subsets of subcarriers to individual users. This allows several users to send simultaneous low-data-rate transmissions. That means modern wireless networks, which have more devices than ever before, using Wi-Fi 6 can manage the increase in devices without sacrificing speed or distance.
Wireless devices can work in two modes: infrastructure and ad hoc.
Infrastructure networks use a centralized device (WAP) to send data between the nodes.
Ad hoc networks allow wireless devices to communicate directly with each other without a central device. Ad hoc networks are never encrypted. Now, ad hoc networks are often used to program Internet of Things (IoT) devices.
Managing Wireless Signal Attenuation: Site Surveys and Solutions
All signals are subject to attenuation. Attenuation is the tendency of a signal to degrade over distance.
Before placing the wireless access point (WAP), you should do a site survey.
A site survey - just an inspection of the site to note sources of interference like walls or fluorescent lights. Other WAPs can also interfere.
You can use a Wi-Fi Analyzer to create a heat map. A heat map is a graphic representation of signal strength. Then, you can place the WAP in the best location. Performing a site survey can also help you decide how many WAPs you might need to provide good wireless coverage.
There are multiple options if you need to extend wireless coverage.
It’s possible to just implement multiple WAPs to increase coverage. However, each WAP is a different wireless network. That means each WAP will need to have a different SSID.
You could configure a wireless extender. Wireless extenders are wireless repeaters. They accept signals from the wireless nodes and repeat them to the main network. They also use a different SSID than the main wireless network which can be confusing for end users.
If you want to provide seamless wireless coverage over a greater distance than one WAP can cover, your best bet is to implement a wireless mesh network. When you purchase multiple WAPs as part of a mesh network, one WAP functions as the main WAP. The other WAPs function like wireless extenders. However, the mesh network will use only one SSID. As a user gets closer to one WAP, and further away from the others, the NIC will seamlessly switch to using the closest WAP.
Basic Wireless Network Security Protocols: From WEP to WPA3
There are three basic things that can be done to secure a wireless network:
- Try to make sure the wireless network is only available in the areas where you want to supply wireless coverage. If the wireless network extends too far, attackers can try to hack the network without being seen.
- Make sure you disable broadcast of the SSID. Although this does little to prevent hackers from connecting to the network, it’s still considered best practice for securing a wireless network.
- You can enable MAC Filtering on the WAP. With MAC Filtering, the administrator must go in and list the MAC addresses of all the devices that are allowed to connect to the wireless network. MAC Filtering isn’t great wireless security, but it can be helpful.
To properly protect a wireless network, you must use wireless encryption.
The first encryption was the Wired Equivalent Privacy (WEP) which used the RC4 encryption algorithm. Unfortunately, the way WEP implemented RC4 was flawed, and it was easily hacked.
In 2003 the IEEE released an update for WEP called Wi-Fi Protected Access (WPA). WPA also used RC4, but it implemented Temporal Key Integrity Protocol (TKIP). WPA with TKIP improved on the encryption in WEP.
In 2004, with 802.11i, IEEE released WPA2. WPA2 uses the Advanced Encryption Standard (AES). WPA2 uses Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) which provides better encryption.
In 2018, WPA3 was released. WPA3 supports perfect forward secrecy (PFS). PFS uses a different key for each session or transaction. That means that if an attacker discovers a key, it can only be used to decrypt a small amount of data.