Wi-Fi Wireless Networks FAQ

First version: 11.08.2004 | This revision
: 02.27.2005 (GMT+8)

 

About Wi-Fi Networks
Q:  What is Wi-Fi?
A:  Wi-Fi stands for Wireless Fidelity, and it is a term the Wi-Fi Alliance conjured up to market the earliest of the current wireless network technologies.  It is basically another term for a wireless network based on the IEEE 802.11 technologies and the freedom from cables and wires it gives.

Note: Wi-Fi and the Wi-Fi logo are registered trademarks of the Wi-Fi Alliance.
 
Q:  How many types of Wi-Fi wireless networks are there?
A:  There is only one type of Wi-Fi wireless network, but within it there are currently 3 wireless network standards: 802.11a, 802.11b, and 802.11g, approved by the IEEE.  There is also a 802.11j approved for use in Japan, and in development (or in draft form), there is 802.11n.  They are all Wi-Fi networks.
 
Q:  How do these standards differ?
A:  The difference can be classified into 3 main categories: radio specifications, network performance, and compatibility.  This is best explained by Linksys with their comparison chart.
 
 
Security From Your Nosey Neighbors
Q:  What is good wireless security?
A:  Good security is like a onion (or an ogre - see SHREK!) - it has many layers.  Each layer of security should be independent from others, so when one fails others can continue to provide protection.  The same principle applies to wireless security.
 
Q:  I have already a firewall on my router to protect me from outside intruders, surely I don't need to secure my wireless network, right?
A:  You still need to.  A firewall protects intruders accessing your network via the Internet, but it does not offer any protection to a wireless network from being accessed through radio waves.  An unprotected wireless network offers a new channel to gain entry without the Internet, or a way to gain access to the Internet through your wireless network.
 
Q:  What can I do to secure my wireless network?
A:  There are a few things you can do:  enable wireless encryption, changing passwords and keys regularly, limit the number of computers that can connect to your network (by default many brands allow anywhere between 50 and 100 connections), MAC Address Filtering, Static DHCP, etc.
 
Q:  Should I disable my router's ESSID/SSID Broadcast to secure my wireless network?
A:  ABSOLUTELY NOT!

Disabling SSID Broadcast does not add value to security - it only stops broadcasting your wireless network identifier (a.k.a. SSID), but the signal still carries the identifier between your wireless devices in order to achieve communication and connection - it is needed to identify the network among your network devices so as to distinguish among wireless networks and to transmit data correctly to your network and not to your neighbor's.  Furthermore, SSID is stored in each data packet transmitted in plain text with no encryption, and there are already easy-to-use downloadable tools that detect this network signal and sniff out the SSID readily that even a wireless novice can find your "hidden" network.  How secure a feature is that?!
In fact, disabling SSID broadcast can cause connectivity issue, especially when the neighborhood is crowded with wireless networks or when your signal quality is average to poor.
 

Q:  If no one can see my wireless network, I am safe, right?
A:  Not really!  You are only invisible as long as no one can find you - it's a game of hide-and-seek.  It's like leaving your unlocked window behind a bush hoping a burglar won't see or use it.   Anything that cannot block/prevent/secure a system from intrusion on its own is not a security feature.  There are simple and easy-to-use utilities that can detect hidden wireless networks.  Once your neighbor has identified your network, the rest is easy.
 
Q:  So why do manufacturers include the function to disable SSID Broadcast if it is not a security feature?
A:  I don't have an answer to this.  May be they didn't foresee the weakness in it, but if this function does improve security, most manufacturers would have grouped it under wireless security, but oddly many don't classify it as such in the firmware.
 
Q:  What should I do to secure my wireless network?
A:  Enable encryption on your wireless network at a minimum.  For home or small business use, you can choose between WEP, WPA Pre-shared Key (WPA-PSK), and WPA2 (IEEE 802.11i).

Note:  WPA and WPA2 are trademarks of the Wi-Fi Alliance.
 
Q:  Which encryption method should I use?
A:  It depends on both your hardware and software support.  The general rule is the latest and the more secure the better, but some networks require an update (either hardware or software, or both) to obtain the latest protection in wireless security.  WEP is the most widespread and is supported by just about every wireless network, but it has been found to be buggy and not as secure as WPA and WPA2.
 
Q:  Where can I obtain updates for WPA support?
A:  You need to check your hardware manufacture support for updates - all your hardware must support the same encryption service.
If you are using Wireless Zero Configuration (WZC) in Windows XP to manage your network, you must install WPA patch or Service Pack 2 (SP2) update in addition to hardware updates.
 
Q:  If I am not using Windows XP, does that mean I do not have WPA encryption to protect my network?
A:  Again, it depends.  If your wireless adapter comes with a wireless network management application that support WPA, you may still be able to implement WPA encryption, else WEP encryption may be your only choice.  For Windows 2000 clients, there is an additional free alternative (WPA Assistant).
 
Q:  Does encryption affect wireless network performance?
A:  Yes.  The general rule is the stronger the encryption, the higher its impact on network performance, but with good hardware this should not be significant.
 
Q:  What else can I do to improve security besides encryption?
A;  In addition to encryption, you can also enable MAC Address Filtering, and/or restrict the number of clients the DHCP server in your router can assign an IP Address, preferably equals to the number of wired and wireless clients you will be connected to the network most of the time  (manufacturers default normally to a very large number - 50 to 100 clients).
Note this does not improve security offered by encryption, but the extra restriction(s) placed on the network means it is harder for an intruder to connect to your network.  Restriction on DHCP clients works equally well on wired networks.
 
Q:  Is MAC Address Filtering secure?
A:  No.  MAC Address Filtering does not encrypt data during transmission, and on its own has been found to be flawed, but it is an added deterrent when combined with encryption service without additional impact on performance or connectivity.
 
 
Improving Connectivity
Q:  Why must I change the SSID to something unique?
A:  SSID identifies your network to your wireless devices, so it helps to maintain a connection to your wireless network if it can be readily identified.  Imagine everyone's router is called (say) DEFAULT, how can you and your computer know which network is yours?
 
Q:  I am not getting a good signal around the house, why is that?
A:  There are many reasons for this  Location or placement of the router and/or adapters, physical obstacles and materials, other radio sources causing interference can all contribute to poor radio signal.
 
Q:  How can any physical obstacles affect my signal?  I thought it can travel through anything!
A:  Like light and sound, radio waves can be absorbed and dampened when traveling through materials.  The degree of degradation varies from materials.  See this example for an estimate.
 
Q:  What can I do to improve signal quality?
A:  There are a few things you can try, e.g., change the radio channel used by your router, place/move the router to a more central location of the area it is trying to cover, keep other electronic and electrical devices as far away as possible, create improved line-of-sight between router and clients (hence less materials to penetrate), change to a high gain antenna of a better rating (available from Radio Shack), add wireless repeaters at strategic locations in the house.
 
Q:  What is Infrastructure Mode and what is Ad-hoc Mode?
A:  An infrastructure mode network is a wireless network where all clients are connected to one or more centralized device(s), such as a wireless router or Access Point, to manage network traffic flow and connections.
An ad-hoc mode wireless network does not have a central device and all computers are connected to each other directly - a wireless peer-to-peer network.
 
Q:  I keep reading only channels 1, 6, 11 are good.  Does that mean all other channels are bad?
A:  This is an often misunderstood fact.  The reason for being "good" is that they overlap each other the least among all the channels available for wireless networks.

Each channel on a router or Access Point is 5MHz apart using radio frequency signals in the ISM (Industrial, Scientific, and Medical) bands.  Due to spread spectrum effect, the signal will utilize frequency spectrum up to 12.5 MHz above and below the channel's quoted frequency.  This can be best demonstrated by tuning your radio to a radio station.  As it approaches the desired frequency it picks up faint signals of the radio station, increasing until it hits the peak/quoted frequency.  Hence, two separate wireless networks using neighboring channels, e.g., channels 1 and 2 in the same general vicinity can interfere with each other.  Allowing maximum separation between channels will decrease the amount of channel cross-talk and reduce interference, thus improved performance.  On a router, the spectrums of channels 1, 6, 11 overlap each other the least.  In other words, channel 1 and 2 overlap each other the most, but it doesn't mean channel 2 is bad if no other channel is in use in the vicinity.
There are 2 problems with the argument that only channels 1, 6, and 11 are good.
a)  Most manufacturers set their wireless routers and Access Points to these 3 channels by default, so everyone including your own network is using the same 3 channels by default.  This over-crowding of channels is also a known cause for interference, and a good reason for changing from a crowded channel to a less occupied one.
b)  If one or a few of your neighbors decide to use a channel other than 1, 6, or 11, the spectrum spread from their channels will inevitably also overlap channels 1, 6, and 11.

The general rule of thumb is to select a channel which is the least crowded and has the furthest separation from other channels in use.
 

Q:  If channels 1, 6, 11 are really the only good channels, why not just give us these 3 channels, and forget about the rest?
A:  Because this would create a very crowded place with everyone being squeezed to operate in just 3 channels.  Just because their spectrums do not overlap doesn't automatically equate to being good - most manufacturers default their routers to these 3 channels, which is why you have a choice to move your router's signal to the least crowded frequency - this also helps to keep your network connected.
 
Q:  Why don't the manufacturers give us more channels or have the channels more spread out?
A:  The distribution of radio frequencies is regulated by governmental bodies like the FCC in the U.S.  It is often unlawful in the relevant countries to occupy frequencies or channels that has not been assigned by these bodies for the purpose.
 
 
 

 

Additional Reading (may open in a new window)
Step-by-step Setup Guide To A Secure Home Wi-Fi Network
Connect To An Encrypted Wi-Fi Network With A Hidden ESSID/SSID
Windows XP Wireless Zero Configuration (WZC)/Wireless Network Troubleshooting Checklist
Wireless signal degradation
DoS Vulnerability Threatens Wireless Networks
Overview of the WPA Wireless Security Update in Windows XP
WPA Wireless Security for Home Networks
WPA's Little Secret
How to Make Your 802.11b Wireless Home Network More Secure
(also applicable to 802.11a and 802.11g networks)
Wireless Networking Overview
Connect to an available wireless network
Configuring Wireless Network Clients

 

 

Concierge Windows computing Internet tips Latest virus alerts MS Knowledge Base Links Friends

 

All rights reserved.  No Reproduction Without Expressed Or Written Permission.
Registered Trademarks and Trademarks remain with their respective owners.

Disclaimer :
This is an online self help guide created for my family and friends.  It remains under construction and will be modified, refined, and updated continually (when time permits).  While tweaks and applications have been tried and tested extensively on different systems to ensure compatibility and stability, Spymac Network, Inc. and I accept no responsibility for any loss of data as a result of computer failure, so
use at your own risk please.
Remember: Always backup your important data before any modification!