15-33Lesson 3 Configuring Wireless Connections■
Extended Service Set An extended service set (ESS) represents a network in
which multiple APs (and thus multiple BSSs) are used, as shown in Figure 15-18.
This allows for increased mobility because stations can move from one BSS to
another. APs can be interconnected with or without network cable (although most
of the time they are connected to one another with cables).
Extended Service SetBasic Service SetStation StationDSAccess Point
F15us18.bmp
Figure 15-18 An ESS is a connection of multiple BSSs, the DS serving as the logical link between BSSs. ■
Distribution System The distribution system (DS) is a logical component used
to interconnect BSSs in an ESS. The DS provides distribution services to allow for
the roaming of STAs between BSSs.
!
Exam Tip Although the architectural elements of 802.11 networking sound a bit intimidat-ing, it is important to understand the underlying components of the two modes in which you can configure a wireless client to operate: ad-hoc mode, in which there is no AP, and infra-structure mode, in which an AP is used. An ad-hoc network offers fewer configuration options and is sometimes used in small workgroup environments. An infrastructure network provides greater security and configurability and is the most common mode for wireless networking.
Introduction to Wireless Networking Security
When a wireless network is used, security becomes of greater concern. On traditional
wired networks, there is a certain level of security to be had simply because you can
physically protect the networking cables. On a wireless network, you cannot physically
protect the radio frequencies used and so must rely on logical protection in the form
of authentication and encryption.
One of the biggest threats to wireless networks is that operating systems such as Win-
dows XP Professional make it very easy to locate and connect to wireless networks—
so easy, in fact, that people often connect to unsecured wireless networks without
even realizing that it has happened. There are also more deliberate threats to wireless
networks. Attackers can gain access to unsecured (or improperly secured) networks by
connecting with their wireless stations, or even by installing unauthorized APs on an
existing wired network. Once connected, attackers can inspect, modify, or damage
vital resources.
Fortunately, there are a number of ways to secure a wireless network against such
threats. These methods are the focus of the next few sections.
MAC Address Filtering
A very basic way to protect an infrastructure wireless network is to implement media
access control (MAC) filtering. Every network adapter (wireless network adapters
included) contains an address known as a MAC address. An administrator can config-
ure an AP so that it accepts communications only from specified MAC addresses.
Although MAC filtering does offer some level of protection from casual intrusion, it is
far from useful as a single security solution. Following are some concerns about using
MAC filtering:
■
It is relatively easy to spoof a MAC address. Many software products exist that let
an intruder modify the MAC address on a wireless network adapter.
■
Most APs require that you manually enter MAC addresses. For networks with large
numbers of wireless clients, this means a lot of work for administrators. In addi-
tion, most APs have a limit to the number of MAC addresses you can authorize.
■
MAC filtering can stop an unauthorized computer, but not an unauthorized user. If
an intruder gains access to a computer that has an approved MAC address, the
intruder can gain access to the wireless network.
Service Set Identifier (SSID) Broadcasting
Every infrastructure network is named with a service set identifier (SSID). This name
distinguishes the network from other wireless networks. By default, most APs broad-
cast their SSID so that wireless clients can easily locate and connect to the network.
SSID broadcasting provides a great deal of convenience because wireless clients (espe-
cially those that roam among different wireless networks) can easily detect networks
without requiring much configuration from the user.
You can disable SSID broadcasting on most APs, which can prevent casual intruders
from discovering a network. However, intruders who are looking for your network will
likely be able to find it anyway. Several software programs exist that can scan for wire-
less networks and identify the SSID of a network, even if SSID broadcasting is disabled.
