Print

Getting Started with Lucent's 802.11b Wireless LAN Card
Pages: 1, 2, 3

Congratulations

Hooray! You're now ready for non-encrypted communications. Anyone in range can now effortlessly log everything you do online (in many cases, from a couple of miles away!).



Wanna encrypt? Read on.

Security

The Lucent Silver and Gold cards support link-level encryption. Why encrypt? Anything that is sent via radio without encryption is "in the clear." This means that anybody with similar equipment can eavesdrop on your conversation, log data, potentially disrupt your communications, and even hijack your connection.

The 802.11b specification allows for encryption and MAC-based access control. Together, these are referred to as WEP, or Wired Equivalent Privacy. The encryption it employs is a 40-bit shared-key RC4 PRNG algorithm from RSA Data Security. Most cards that talk 802.11b (the WaveLan cards, Mac Airport, Cisco Aironet, to name a few) will support this encryption standard.

Photo of Lucent Wavelan card.

Lucent's Wavelan Wireless LAN Card.

There are a couple of big points to worth mentioning here.

  • The encryption provided happens at the link layer, not at the application layer. This means that your communications are protected up to the access point, but no further. Once it hits the wire, your packets are in the clear, and the regular warnings about sending passwords and sensitive information over untrustworthy networks still apply. Always use application layer encryption (such as SSH, SSL, a virtual private network, anything) rather than send sensitive data over the network!
  • There have been a couple of reports (see references below) that WEP may be easily crackable with a moderate amount of hardware and effort. While a full discussion of these implications is well beyond the scope of this introduction, only allowing SSH or VPN traffic on your gateway and firewalling it off will go a long way toward preventing unwanted access. Of course, too much paranoia results in a network that is so secure it's impossible to use (and therefore, no one uses it). Let's just leave it there for now; you've been warned.

When not to use encryption

Related:

Recipe for an 802.11b Home Network

Connecting PCs to Apple's Wireless Airport

Personal Area Network: A Bluetooth Primer

Affordable Wireless LAN Using Airport

Wireless News - from Meerkat


Previous Features

More from the Wireless DevCenter

At large gatherings (like a Conference or other meeting) where open Net access is permitted, it's unfeasible to distribute an encryption key to every attendant. And it wouldn't help much anyway, as everyone would know the key!

In these settings, it makes sense to allow traffic with no encryption. This has an added benefit of allowing many more types of wireless cards to participate. It is safest to assume that any network you use is hostile and being monitored. Always use secure protocols (like SSH or SSL) to protect yourself, with or without a wire.

Enabling encryption under Windows

Double-click the strength meter on the taskbar and select Actions -> Add/Edit Configuration Profile. Alternatively, go to Start -> Settings -> Control Panel -> Wireless Network. These are profiles you can set up to quickly choose between available network settings. I usually set up at least two, one for conferences (unencrypted, grab any network) and another for work (encrypted, and on a specific network).

Name the first profile Conferences and click Edit Profile. Under Network Name, type ANY. Click OK.

Now select the next radio button down, and name this one Work. Edit the profile, and under Network Name, either type ANY (to enable roaming to any available network) or type in the name of your wireless network, as provided by your friendly local sysadmin. Click the Encryption tab. Check the Enable Data Security box, and type in the proper password in the Key 1 box. Again, contact your local sysadmin for details. Click OK.

Now you can always come back to this window and select one radio box or the other to enable or disable encryption. Note that the password must be exactly 5 characters long (for 40-bit WEP). It will complain if your password is the wrong length.

Enabling encryption under Linux

Remember that KEY= line in /etc/pcmcia/wireless.opts? That's where the WEP keys get set. Just prepend your key with an s: (short for String, as opposed to Hexcode) and away you go. Again, remember that it must be exactly 5 characters long (cAsE sEnSiTiVe) for 40-bit WEP encryption.

You can also manipulate the encryption key, power settings, and virtually any other aspect of wireless communications with the iwconfig command. Be sure to at least check out the man pages for iwconfig and iwspy; they're worth a read.

Enabling encryption on the Mac

The driver will automatically determine if encryption is enabled on your local access point. If it is, it will prompt you for the password. Enter it, and have fun. Keep in mind that the Mac Airport cards support 40-bit WEP only.

Parting shots

Don't waste your time fiddling with modem-quality pay services to get online. Set up your own private, encrypted, inexpensive wireless network and get yourself (your friends, your neighborhood, your universe) connected.

Additional Info and References

Rob Flickenger is a long time supporter of FreeNetworks and DIY networking. Rob is the author of three O'Reilly books: Building Wireless Community Networks, Linux Server Hacks, and Wireless Hacks.


Related:

Recipe for an 802.11b Home Network

Connecting PCs to Apple's Wireless Airport

Personal Area Network: A Bluetooth Primer

Affordable Wireless LAN Using Airport

Wireless News - from Meerkat


Return to the Wireless DevCenter.