Wireless: 802.11b Internal or 802.11g External ?
Joe Stonehurst
option. There is no 802.11g internal option. I would appreciate
comments on whether to add the option, or to omit the internal 802.11b
option and use a 802.11b or 802.11g external PC card.
In favor of the internal option are that it is internal, so it does
not take up a PC slot or stick out, and it is tested by the PC maker,
so it should work properly with that PC. On the other hand, using an
external PC card would allow me to buy a card and access point set,
greatly improving the odds that the card and the access point for my
LAN would be compatible. It would also allow me to use 802.11g, which
I understand is faster and more secure than 802.11b. Finally, if the
PC card went bad, I could replace it more easily than an internal
setup.
In theory I could take the 802.11b internal option and also use an
802.11g card, but the two might conflict, and I would be paying for
both setups but using only one. I am primarily interested in fast,
secure, trouble-free wireless access to my multi-floor LAN, not net
surfing at some coffee shop.
Michael Geary
One more option: The internal 802.11b is almost certain to be a mini-PCI
card. You might want to find out how accessible that card is. On my
ThinkPad, the mini-PCI wireless card is easily replaceable--I replaced the
original Actiontec card with a Cisco card. (Still 802.11b, but supports the
LEAP authentication that we use at the office.) 802.11b and g use the same
frequency--meaning the same antenna works with each, so you can replace an
802.11b card with an 802.11g card.
Better yet, can you get the machine "wireless ready", meaning it has the
antennas preinstalled but no mini-PCI wireless card?
-Mike
Bob H.
FWIW:
I recently picked up an Acer 290 notebook with internal 802.11b
adapter (Centrino = includes: Intel PRO/Wireless LAN 2100 3B Mini PCI
Adapter, built-in.)
I also use a Buffalo 11g CardBus adapter in this notebook to access my
Buffalo 11g wireless router at home. The reason I bought the Buffalo
card & router was to get WPA security, and to get the faster 11g.
(The built-in Intel 11b in the Acer notebook does not yet support WPA,
but Intel has released WPA support for this adapter - now, it's up to
individual notebook vendors to add it to their drivers. I'm sure Acer
will release Acer-specific drivers soon to add WPA to the built-in 11b
adapters in their Centrino notebooks.)
Both adapters can coexist happily - just remove the card and change
the router access settings to allow the built-in 802.11b access, if
desired. This mainly requires making sure the router security
settings do not require WPA, or the built-in 11b without WPA will not
be permitted to access the WPA-enabled router.
Both the built-in 11b and the add-on 11g card can access this router,
if the router is configured properly.
The built-in 11b has the advantage of a better antenna arrangement.
But there are also add-on antennae available for certain types of
cards to improve card performance in weak signal conditions. The
Buffalo 11g card is one such card with provision for external antenna
if desired.
Have fun!
Vincent Fox
*snip*
>> > both setups but using only one. I am primarily interested in fast,
>> > secure, trouble-free wireless access to my multi-floor LAN, not net
>> > surfing at some coffee shop.
Get the internal, won't make much difference in everyday use.
You want secure, plug into the wired ethernet. Sorry, but the TRUTH
is that wireless is not secure. You can dress it up with a VPN
over WEP, or WPA when that comes out, but it's still less secure
than wired ethernet.
Me I don't take it very seriously though, I only use 64-bit WEP
at home, however I do have the laptop XP firewall turned on and pretty
much use encrypted ssh connections for terminal access and when
web browsing use SSL when available. When I'm doing something
that I think should be handled at moderate security I go to
a wired connection.
--
Vincent Fox
Georgia Institute of Technology, Atlanta Georgia, 30332
Internet: v...@mail.gatech.edu
Rolf Blom
-snip-
>
> FWIW:
>
> I recently picked up an Acer 290 notebook with internal 802.11b
> adapter (Centrino = includes: Intel PRO/Wireless LAN 2100 3B Mini PCI
> Adapter, built-in.)
>
-snip-
>
> (The built-in Intel 11b in the Acer notebook does not yet support WPA,
> but Intel has released WPA support for this adapter - now, it's up to
> individual notebook vendors to add it to their drivers. I'm sure Acer
> will release Acer-specific drivers soon to add WPA to the built-in 11b
> adapters in their Centrino notebooks.)
>
-snip-
The HP nx7000/Compac X1000 have the same 2100 mini-pci card, and they
have the WPA driver available for download.
As you have the same card, maybe you can try HP/Compacs driver in your
Acer, until Acer comes out with their own version?
Assuming Windoze O/S, you also need Microsofts WPA upgrade for the
connection agent (zero-config for xp, or Intels connection agent) to
actually use the drivers capability.
/Rolf
Bob H.
Thanks for the tip.
It turns out that Acer's ~Taiwan~ support website for Acer notebooks
has the later drivers that DO support WPA on that Intel 2100 wireless
in the Acer Travelmate 290.
(After I posted that Acer didn't support 802.11 WPA in the Intel
wireless in the Acer 290, I noticed that Acer USA support website
drivers are not up to date with Acer Taiwan support website drivers.)
So the answer is: Yes, the built-in Centrino 802.11b wireless by
Intel PRO/Wireless LAN 2100 DOES support WPA security.
HOWEVER: It DOES NOT support the strongest variant of WPA security,
that is, WPA using AES encryption.
(I believe that AES is "optional" part of WPA spec. Not all vendors
will incorporate AES into their products' WPA support, yet.)
Of course, you can still use that WPA-AES compliant wireless card, in
addition to the built-in wireless, when you want the better security.
I consider the built-in to perhaps be useful for public hotspots not
using WPA.
Here's some good info by Tim Higgins on WPA:
http://www.smallnetbuilder.com/Sections-article35-page1.php
http://www.smallnetbuilder.com/Sections-article50-page1.php
Aside from much better security, the AES flavor of WPA also yields
better performance, from what I've read.
As to the posted comments about the relative inadequacy of ANY
wireless network security:
ALL security (not just on wireless networks) is a matter of
deterrence. There is nothing that is 100% secure. The goal is to
make it difficult enough for a miscreant to break in that he/she will
decide to move on and try somewhere else.
You may decide that since there is no such thing as 100% security, you
choose to leave your doors unlocked and your keys in your car.
Personally, I lock my doors, and don't leave my keys in my car - and I
have alarm stickers whether or not I actually have an alarm.
It's all about deterrence. At the end of the day, a prowler will pass
over my house and move on to yours, if you leave yours wide open.
(And apparently, for many wardrivers, 64bit WEP is so easy to crack
that it is akin to having only your flimsy screen door latched.)
And no, my implementation of better security does not mean I'm
"worried" about it - do not confuse the state of being aware and
proactive with the state of "worry", because they are not necessarily
associated.
A wired network does not have the security issues of a wireless
network, but wired networks have the drawback of having to pull CAT5
cable. If you want it to look ok esthetically, that means pulling
cable thru walls etc. and installing nice wallplates & connectors.
Very costly, and limiting. (But I have wired Ethernet too - wireless
is still way too slow for larger file transfers.)
Wireless has security issues and is slow compared to wired, but the
above cons of wired plus increasing public wireless hotspots
availability are what got me started in 802.11.
If I make my own wireless network difficult enough to break in to, I'm
betting that any potential miscreant will shrug and move on to easier
targets, because I don't have anything tempting enough inside my walls
to justify the effort of trying to break in.
If I'm using a public hotspot, then I'm stuck with whatever their AP
is using. In that case, I'll do what I can to lock down my client
internally - firewall, granular security courtesy of WinXP Pro (NOT
Home edition), etc. I'll leave super-sensitive files at home. And
I'll archive frequent Ghost backups, in case I come down with
something nasty on my machine while I'm out.
The holes in WEP are well-documented. But I have not seen anything on
WPA-AES being cracked, yet. It may happen eventually, but as of now,
it's relatively secure, if configured properly.
So, my personal take on 802.11 security for the average joe like me,
on one's own network:
Use products that fully support WPA with AES encryption, on all
network nodes (APs and clients). Make sure to actually ENABLE WPA
with AES on all nodes, and select an AES keyword that is bizarre and
impossible to guess.
Furthermore, to complete the security setup:
1. Limit AP clients to specified MAC addresses.
2. Disable AP SSID broadcast.
3. Change the AP ESS-ID to something bizarre and impossible to guess.
4. Ditto 3 for AP admin password.
5. Disable AP admin access from the wireless side.
6. Set the AP to change the AES key frequently.
7. Disable Ad Hoc mode in all nodes.
8. If you plan on using only 11g, set AP to 11g-only.
9. Disable DHCP if using a Router AP. (I consider this an additional
security measure not essential if doing all of the above.)
Further comments welcome, especially from those more expert than I.
:)
--