Home / IT Fundamentals / ITF+ FC0-U61 / Install, Configure & Secure a Basic Wireless Network | CompTIA IT Fundamentals FC0-U61 | 2.8

Install, Configure & Secure a Basic Wireless Network | CompTIA IT Fundamentals FC0-U61 | 2.8

By on March 25, 2020

In this video you will learn how to install, configure and secure a basic wireless network.

802.11a/b/g/n/ac

802.11 and 802.11x refers to a family of specifications developed by the IEEE (Institute of Electrical & Electronics Engineers) for wireless LAN (WLAN) technology.  802.11 specifies an over-the-air interface between a wireless client and a base station or between two wireless clients. These standards are commonly known as Wi-Fi or Wireless Ethernet.  Any Wi-Fi device contains a radio, and like an AM/FM radio, the radio in a Wi-Fi has a specific range of frequencies it can tune into. Some versions of Wi-Fi use a series of radio frequencies starting at 2.4GHz, where others use as series of radio frequencies starting at 5GHz.  Some devices support both ranges of frequencies. Either range of frequencies are divided into 20MHz-wide channels that can sometimes be grouped or bonded together into 40MHz-wide or 80MHz-wide combinations. Not all Wi-Fi devices can connect with any Wi-Fi device. The reality is that there are two wireless frequency bands used for Wi-Fi as well as differences in the number and width of wireless channels, differences in how signal interference is handled, and difference in security options.  All of these factors must be taken into account, especially when you’re adding wireless devices and network adapters to an existing network.

Types of Wireless Hardware

There are three types of wireless adapters currently available:

  • Add-on cards using the PCI (Peripheral Component Interconnect) or PCIe (PCI Express) standards for desktop computers.
  • USB (Universal Serial Bus) adapters for use with USB 2.0 or 3.x ports.
  • Internal adapters in laptop or tablet computers; laptop wireless adapters can sometimes be replaced or upgraded.
PCIe Wi-Fi Card for Desktop Computers
Typical USB Wireless Adapter
Typical Laptop Wireless Adapter

A wireless access point (WAP, or wireless AP) adds wireless Ethernet support to an existing Ethernet network.

Typical Wireless Access Point

A wireless router does what a WAP does as well as connects to a broadband modem for internet access.  Most wireless routers also include an Ethernet switch, so you can connect both wireless and wired network devices to the internet.

Typical Wireless Router

Older vs. Newer Standards

Wi-Fi can be divided into two categories:  older and newer standards. Older standards include 802.11b, 802.11a, & 802.11g.  All three of these standards are out of date in terms of speed and in some cases security.

Older Wi-Fi (802.11) Standards
*Only 3 channels do not overlap: 1, 6, & 11. Use only these channels to avoid excessive interference.

802.11b

802.11b (Wireless B) was the first wireless Ethernet standard to hit the market.  It has a maximum speed of 11Mbps, it has only 3 non-overlapping channels, and it is difficult to configure for best performance when other 2.4GHz wireless networks are present.

802.11a

802.11a (Wireless A) came to market after 802.11b and it differs in the following ways:

  • Easier configuration (12 non-overlapping channels) due to using the 5GHz frequency band
  • Use of the 5GHz frequency band

Because 802.11b and 802.11a are different frequencies, they cannot interconnect with each other unless dual-frequency adapters or wireless access points/routers are used.

802.11g

802.11g (Wireless G) was designed to provide the speed of Wireless A (up to 54Mbps) while enabling interconnection with 802.11b devices.  Some 802.11g adapter cards and access points are dual-band, also supporting 802.11a networks. Wireless G has the same limitations as Wireless B due to the use of the crowded 2.4GHz frequency band. The 2.4GHz frequency is used by other devices as well, which is why it is referred to as “crowded”.  Some of those devices are: Bluetooth devices, some older wireless phones, car alarm sensors, microwave ovens, some types of wireless cameras, some types of wireless microphones, and baby monitors. Newer standards include 802.11n and 802.11ac.  In addition to faster performance, the 802.11n and 802.11ac standards support more than one data stream so that more data can be transmitted or received at the same time.

Newer Wi-Fi (802.11) Standards
*Per stream (antenna)
**Only 3 channels do not overlap: 1, 6, & 11. Using these channels can help avoid interference.
***Optional feature.

If you want to use any devices that support 802.11b or 802.11g standards with the newer 802.11n & 802.11ac standards, you will need to configure your access point or router to run in mixed mode.  Mixed mode enables older and newer devices to run on the same network. Some routers may refer to a mode that supports the older 802.11b standard as legacy mode or b/g protection mode.

In order to determine which standard a wireless adapter supports is to view its properties.  In Windows, use the Device Manager. To access the Device Manager, click the Search window next to the Start button, search for Device Manager, and click the Device Manager (Control Panel) link in the Search window.  A faster way to access the Device Manager would be to simply hold down on the Windows button on the keyboard and press X, then click Device Manager from the menu.

Network Adapters in Device Manager

802.11n

802.11n (Wireless N) is the current minimum standard for equipment with Wi-Fi capabilities.  Its standard version supports the same 2.4GHz frequency band as its predecessors (802.11b & 802.11g). However, it supports up to four data streams, enabling speeds of up to 288Mbps with 20MHz channels.  To achieve faster speeds, 802.11n optionally can support 40MHz channels. When four channels with four streams are used, 802.11n can reach speeds of 600Mbps. Due to overlapping channels in 2.4GHz, it’s easier to set up 40MHz channels with 802.11n hardware that supports 5GHz signals.

2.4GHz Overlapping Channels

802.11ac

802.11ac (Wireless AC) supports only 5GHz frequencies and achieves much faster speeds than 802.11n 5GHz by doubling channel width and supporting up to eight data streams.  802.11ac wireless routers include 802.11n 2.4GHz support so that the older Wi-Fi 2.4GHz and 5GHz standards can also connect to the router, and 802.11ac wireless adapters also include 802.11n 2.4GHz support.

5GHz signals have many more channels available.

Speed Limitations

There are a couple of factors that affect Wi-Fi speeds such as:

  • The greater the distance between an access point/wireless router and a wireless client, the slower the speed of the connection.
  • When wireless devices that support different speeds connect, they connect at the speed of the slower device.
  • When network channel congestion is present with 2.4GHz wireless networks, a single 20MHz channel may be used on 802.11n-compatible wireless access points even though 802.11n supports wilder channels.
  • The more data streams connecting devices, the better the performance.  Lowend 802.11n network adapters and access points/wireless routers typically have only one antenna, and thus only one data stream.

To determine the number of data streams a Wireless N or Wireless AC adapter supports, you can check its specifications.  Some wireless adapters display this information in the Windows Device Manager.

Interference & Attenuation Factors

Interference and attenuation are two factors that make older versions of Wi-Fi (802.11b, 802.11a, & 802.11g) much less desirable than current versions.

Interference

Interference is caused by devices that are operating in the same frequency as the wireless network.  For example, if channel 3 is used for your 2.4GHz wireless network, a nearby network using channel 2 or channel 4 would interfere with your network (and your network would interfere with it) because of the overlapping problem with 2.4GHz wireless networking.  Other devices that can interfere with 2.4GHz networking include some types of cordless phones, some wireless mice and keyboards, early versions of Bluetooth, and some types of home automation devices. Some 2.4GHz wireless routers and access points use automatic configuration of channels in an attempt to avoid other nearby networks.  Free and paid network analyzer apps for computers and mobile devices can be used to determine the channels in use in nearby networks and help you select a channel manually.

One benefit of using 5GHz networking such as 802.11ac is the greater number of usable channels and the reduction of possible interference from other devices.  Because the channels do not overlap and because 802.11ac supports the ability to use non-adjacent channels (two 40MHz channels or an 80MHz channel), 802.11ac provides faster throughput with easier configuration than 2.4GHz wireless networks.

Attenuation

Attenuation is the loss of signal strength in networking cables or connections. This typically is measured in decibels (dB) or voltage and can occur due to a variety of factors. It may cause signals to become distored or indiscernible. An example of this is Wi-Fi signal and strength getting noticeably weaker the further that your device is from the router. In wireless transmission, attenuation could be caused by objects in the path of the signal, such as doors, walls, or trees. Another issue with older standards (802.11b, 802.11a, & 802.11g) is the problem of signal reflection. Signal reflection off objects arrive at a wireless adapter or router at different times, causing lower signal quality — a problem referred to as multipath fading.

802.11n & 802.11ac are designed to take advantage of multipath signals to improve performance.  These versions also support MIMO (multiple input, multiple output) antennas to improve performance.  Some 802.11ac routers add a feature called MU-MIMO (multiuser MIMO) to more efficiently allocate network bandwidth among multiple devices.  Some advanced 802.11ac routers also use a technique called beamforming to set up a directional signal between the router and a specific client device rather than just using 360 degree broadcast signals. The easiest way to mitigate weak signal strength and attenuation issues is by simply moving the router to a location central to the devices that connect to it and locating the router on a wall or ceiling away from obstructions such as furniture.

Best Practices

Here are some best practices when setting up a wireless network aside from just securing the network:

  • Change the SSID
  • Change the default password
  • Understand encrypted versus unencrypted networks and how to make encrypted networks as secure as possible

These changes can be made in two ways:

  • By logging into the router or access point manually using the device’s built-in web server.  See the device’s documentation for complete details.
  • By running a setup app included with the device.

A third method of setting up security known as Wi-Fi Protected Setup (WPS) is no longer recommended due to it being easily hacked, especially if it is implemented by pushing a button on the router or access point to start the setup process.

Change the SSID (Service Set Identifier)

Brand new out-of-the-box wireless routers or access points typically have a default wireless network name (service set identifier, SSID) already configured that identifies the brand of the device and sometimes the model number.  This information is broadcast to all devices near the router/access point. If you don’t change this information, a would-be hacker could look up the default settings and try to gain unauthorized access to your network. The SSID should be changed to something that does not

  • Identify the brand/model of wireless hardware you are using.
  • Specify your family name or location.
  • Reveal other personally identifiable information (PII)

Some vendors now require users to change the administrator name and password and create a custom SSID as part of the initial setup.

An example of a safe SSID:  4TU843SKQ (it uses random characters and numbers).

Examples of unsafe SSIDs:

  • smith760W:  If the Smith family lives at 760 West, this SSID makes finding their home rather easy.
  • Johnny’s_WiFi:  It’s probably not in your best interest to put your name in the SSID.
SSID on a Typical Wireless Router

Your wireless router might also offer the option to disable SSID broadcast in order to make the network hidden.  To connect with a hidden network, the user must have its SSID as well as the password. Although enabling this option might seem to improve security, your network can still be detected with a network-scanning app.

Changing the Default Password

Changing the default SSID is a start to protecting your Wi-Fi network.  More importantly, you should change the default password to prevent unauthorized access to your Wi-Fi network.  Unfortunately a lot of wireless router/access point manufacturers list the default username and password to their devices in their documentation and that documentation is often available online for free.  The popular choice for a default username is often admin and the popular choice for a default password is often admin or password, or there is no password at all.  Change the management password to a non-obvious phrase. Some routers can be managed wirelessly, which means that an attacker could change its settings and take over your network without even seeing your router.  If your router has an option to use a wired (Ethernet) connection for management, enable this option, disable wireless management, and change the default password.

Unencrypted

Wireless networks can be set up to be either unencrypted (open) or encrypted.  We will discuss the various options below.

Open

Open wireless networks are just that, open.  They have no encryption. Anybody with a smartphone, laptop, computer, tablet or some other networking device could simply just connect to the network.  Open networks are popular in hotel lobbies, restaurants and coffee shops because there is no connection management needed. Unfortunately, an open wireless network can be easily exploited.  People looking for illegal downloads or visiting other illegal websites like to use open wireless networks to grab the data they want. Tracing the connection from the illegal site back to the wireless network doesn’t show who was using it.  If your wireless network is open, you could be blamed (or arrested).

Captive Portal

A captive portal is a web page accessed with a web browser that is displayed to newly connected users of Wi-Fi or a wired network before they are granted broader access to network resources. Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement, acceptable use policy, survey completion, or other valid credentials that both the host and user agree to adhere by. Captive portals are used for a broad range of mobile and pedestrian broadband services, including cable and commercially provided Wi-Fi and home hotspots. A captive portal can also be used to provide access to enterprise or residential wired networks, such as apartment houses, hotel rooms, and business centers. A captive portal is not a secure connection. However, if the terms of service listed are enforced by network configuration settings (for example, settings that block the use of keyboard loggers or remote control apps), it is slightly more secure than an open network.

Encrypted

Wireless security (encryption) works like this:  when you select an encryption standard, you assign a password (encryption key) that users must provide before they can connect to the wireless network.  There are three different types of encryption you can use with a Wi-Fi network: WEP, WPA, WPA2.

WEP

Wired Equivalent Privacy (WEP) was the first type of wireless security developed.  WEP was introduced with the 802.11b & 802.11a wireless networks. When WEP was first introduced, the password could only be ten hexadecimal (0-9, A-F) or five ASCII (A-Z, 0-9) characters long.  The password was encrypted as a 64-bit key. Later, WEP devices started using 26-character hex or 13-character ASCII passwords that were encrypted into a 128-bit key (much harder to guess). Some types of corporate network hardware support 256-bit encryption; this can only be used if all other devices on the network also support 256-bit encryption.  WEP keys generally are based on hexadecimal values (characters 0-9, A-F), although some devices can use decimal values (characters 0-9, A-Z, a-z). The limited character set, short key length, and weaknesses in how WEP authentication take place have made WEP obsolete. It was supported by 802.11g, but not by later versions.

WPA

A more powerful encryption standard called Wireless Protected Access (WPA) replaced WEP with the introduction of 802.11g.  Software and firmware updates were made available by many vendors for the older 802.11b and 802.11a devices to add WPA support.  WPA also uses a pre-shared key (PSK), but unlike WEP, the key can be of varying length (up to 63 ASCII characters, including punctuation), the original key is used as the basis for frequent changes, and it is encrypted using Temporal Key Integrity Protocol (TKIP) encryption.  TKIP has many features that make it stronger than WEP.

WPA2

Wireless Protected Access 2 (WPA2) is an improved version of WPA.  WPA2 uses the even stronger Advanced Encryption Standard (AES) encryption technology.  When possible, use WPA2 (also known as WPA/AES) on your wireless network. If your wireless router/access point has a WPA/WPA2 setting, it can support either type of encryption on the same network.  Use this option if you have devices that support WPA but do not support WPA2.

Wireless Encryption Options on Wireless Router
Wireless Ethernet Encryption Types

Related Items