Ever wonder why
there are so many different types of wireless
access points on the market
today???
We
have and we thought we would share the
information as to what we found...
Wireless Access
Points (AP) all share one common function - to
allow wireless devices to connect to a network,
be it a wireless network only or a
wireless/wired network. Beyond this common
functionality wireless access points diverge
into different functional paths.
Some wireless access points have very basic
functionality - basically they are nothing more
than a wireless bridge which allows a client's
wireless device to have direct connectivity to
a wired network and nothing more. Most of these
simplistic access points usually offer WEP
(Wired Equivalency Protection) security but
don't be fooled into thinking any sensitive
information is protected very well. WEP
encryption is flawed and there are all sorts of
freely available programs that can "crack" this
encryption system using the flaws inherent in
WEP.
If you have requirements to protect the
wireless links between the client's device and
the access point you want to use at least the
WPA or the newer WPA-2 encryption methods with
long encryption keys that are not subject to
Dictionary Attacks. For more information about
protecting the information between the client's
device and the AP see the article on Wireless
Protection Methodology here on this
site.
While some access points offer
basic connectivity the more expensive access
points offer more diverse
capabilities:
-
Radius
Authentication for access through the
access point using an encrypted data
link.
-
Virtual Private Network (VPN)
connectivity across the wireless link
between the client's device and the access
point
-
VPN
connectivity capabilities from the client's
device to a VPN connection past the access
point.
-
Basic
login capabilities utilizing either a local
table of users or an authentication
server.
-
DHCP
(Dynamic Host Configuration Protocol) to
assign the client's computer an IP address,
setup the DNS and Gateway IP information
and several other features DHCP is capable
of providing.
-
Creation of VLAN connections between
the client's device and a VLAN end-point
past the access
point.
-
Control of transmission power
levels
-
MAC
(Media Access Control) Address pass-thru
capabilities
Most
access points today have some
combination of the above listed
capabilities with the higher cost
units containing all of the
capabilities and additional
capabilities as
well...
Of course such additional
capability does come at a higher cost for
the access point but the costs of such
access point hardware has been dropping as
more and more manufacturers attempt to beat
out their competition for your funds!
Definitely a winning situation for the
buyer of such
equipment!
Wireless Access Points for
use in Public WiFi Hotspot locations will
use just the basic functionality and leave
the rest to either the person using the
hotspot location (VPN, VLAN and remote
login to resources) but will require at
least the MAC address pass-through
capability if a hotspot controller is used
to control access and bandwidth usage.
Fortunately the costs for wireless access
points that can be used for hotspot areas
have come down to the point where it is
cost effective to use more than one unit to
cover an area. The advantage is the number
of wireless clients that can use an area
increases by about twice the number that
can use an area only serviced by one access
point. For an explanation see the article
on WiFi Hotspot configurations for a
detailed description of use and limitations
of different wireless hotspot
configurations.
A second option that is very
nice to have is the ability to control the
transmission signal output of the wireless
access point. This capability, along with
proper antenna selection can mean the
difference in a viable hotspot coverage
area or wireless signal collisions with
surrounding wireless access points which
cause a significant reduction in the
overall throughput of the wireless system’s
Being able to control the signal output
level give you the advantage of customizing
the coverage area and a second benefit is
the client's device does not have to be as
sensitive to the received signal (and they
are usually not that sensitive given the
marginal antennas most devices have) so the
effective area the client's device can
operate is extended from the access point
whereas not being able to adjust the power
level would reduce the useful area of
coverage.
A third option is the
ability to perform WDS (Wireless
Distribution System) operation. Basically
WDS allows setting up wireless "repeaters"
to extend the coverage area of the wireless
signal. While WDS is a good method to
extend the range of the wireless signal
there are trade-offs involved - each
"repeater" will reduce the available
bandwidth by one-half due to the way WDS
operates. Most wireless access points /
routers only have one radio in them and the
radio can only transmit or receive but not
both at the same time. This means the
"repeater" must first receive the wireless
signal, store the information, then
re-transmit the signal. This reduces the
total bandwidth to one-half (in a perfect
world - in reality the reduction of
bandwidth is affected by many different
variables but usually is reduced by at
least 55 percent). If you only need to
extend the wireless signal one or two
repeater "hops" then WDS is not a bad way
to go - very inexpensive compared to other
mehods and the only thing needed by the
wireless repeater is
power.
Definitions (from
Webopedia):
- AP -
Short for
Access
Point,
a
hardware
device or a
computer's
software that acts as a
communication hub for users of a
wireless device to connect to a
wired
LAN. APs are
important for providing
heightened
wirelesssecurity and for
extending the physical range of
service a wireless user has
access to.
-
DHCP - Short for
Dynamic
Host
Configuration
Protocol, a
protocol for
assigning
dynamic
IP
addresses to devices on
a
network. With dynamic
addressing, a device can have a
different IP address every time
it connects to the network. In
some systems, the device's IP
address can even change while it
is still connected. DHCP also
supports a mix of static and
dynamic IP addresses.
-
MAC
Address - Short for
Media
Access
Control
address, a
hardware address that uniquely
identifies
each
node of a
network. In
IEEE 802 networks,
the
Data Link Control (DLC)
layer of
the
OSI Reference
Model is divided into two
sublayers: the Logical Link
Control (LLC) layer and
the Media Access Control
(MAC) layer. The MAC
layer interfaces directly with
the network medium. Consequently,
each different type of network
medium requires a different MAC
layer.
-
Radius - Short for
Remote
Authentication
Dial-In
User
Service, an
authentication and accounting
system used by
many
Internet Service
Providers
(ISPs). When you dial in to
the ISP you must enter
your
username and
password. This information is
passed to a
RADIUS
server, which checks that the
information is correct, and
then
authorizes access to the
ISP system.
-
VLAN -
Short for virtual
LAN, a
network of computers that behave as if
they are connected to the same wire
even though they may actually be
physically located on different
segments of a LAN. VLANs are configured
through
software rather
than
hardware, which
makes them extremely flexible. One of
the biggest advantages of VLANs is that
when a computer is physically moved to
another location, it can stay on the
same VLAN without any hardware
reconfiguration.
-
VPN - (pronounced as separate
letters) Short for
virtual
private
network, a
network that is constructed by
using public wires to connect
nodes. For example, there are a
number of systems that enable you to
create networks using
the
Internet as the medium for
transporting data. These systems
use
encryption and
other
security mechanisms to ensure
that only
authorized users
can access the network and that the data cannot
be intercepted
-
WEP - Short for
Wired
Equivalent
Privacy,
a security protocol
for wireless local area
networks (
WLANs) defined in
the
802.11b standard. WEP is
designed to provide the same
level of security as that of a
wired
LAN. LANs are inherently more
secure than WLANs because LANs
are somewhat protected by the
physicalities of their structure,
having some or all part of the
network inside a building that
can be protected from
unauthorized access. WLANs, which
are over radio waves, do not have
the same physical structure and
therefore are more vulnerable to
tampering. WEP aims to provide
security by
encrypting data over radio waves so
that it is protected as it is
transmitted from one end point to
another. However, it has been
found that WEP is not as secure
as once believed. WEP is used at
the two lowest layers of
the
OSI
model - the data link and
physical layers; it therefore
does not offer end-to-end
security.
-
WPA -
Short for
Wi-Fi
Protected
Access,
a
Wi-Fi
standard that was designed to
improve upon
the security
features of
WEP.
The technology is designed to work
with
existing Wi-Fi
products that have been
enabled with WEP (i.e., as
a
software upgrade to
existing
hardware), but the
technology includes two
improvements over WEP:
- Improved
data
encryption through the
Temporal
Key
Integrity
Protocol
(TKIP). TKIP scrambles
the keys using
a
hashing
algorithm and, by adding
an integrity-checking
feature, ensures that the
keys haven’t been
tampered
with.
- User
authentication, which is
generally missing in WEP,
through the
E
xtensible
Authentication
Protocol (EAP). WEP
regulates access to
a wireless
network based on a
computer’s
hardware-specific
MAC
address, which is
relatively simple to be
sniffed out and stolen.
EAP is built on a more
secure public-key
encryption system to
ensure that only
authorized network users
can access the
network.
It should be noted
that WPA is an interim standard
that will be replaced with
the
IEEE’s 802.11i standard
upon its
completion.
Definitions
(from Webopedia):
|
Welcome to the EWCLLC WiFi-Shopping Emporium!
