Slashdot Mirror

← Back to Stories (view on slashdot.org)

802.11 Networks, The Definitive Guide

Posted by timothy on from the little-signals dept.

cpfeifer writes with the review below of O'Reilly's 802.11 Wireless Networks: The Definitive Guide; he warns that this is not a book for everyone setting up a casual home wireless network, but says it's excellent for its intended audience. Read on for his complete review. 802.11 Wireless Networks : The Definitive Guide author Matthew S. Gast pages 443 publisher O�Reilly & Associates rating 9/10 reviewer cpfeifer ISBN 0-596-00183-5 summary A thorough survey of the features, issues and potential solutions of deploying 802.11 based wireless networks.

The Scenario

For a lot of folks, implementing an 802.11 network involves selecting and purchasing an access point and adapter cards, and installing or compiling the proper drivers. From there, we are off and running, usually in under an hour. However for the few, the proud, the sysadmins of the world it's a whole different ballgame. Sysadmins need a deeper understanding of network technologies to be able effectively design, deploy and debug them.

What's Bad?

Most of the book is right on the mark when it comes to the sysadmin audience, however chapters 8 (the PCF, for contention free service), 10 (the ISM PHYs) and 11 (802.11a overview) are only of interest to folks who are implementing 802.11 hardware, IMHO. These chapters contain very low-level material about the 802.11 transmission protocol, and will not be generally useful since equipment manufacturers do not provide access to this layer. A dead giveaway that you can skip over chapter 8 is the phrase "The PCF has not been widely implemented." If it's not widely implemented, chances are you won't have the option of using it in a deployment.

After this bellycrawl through the weeds, chapters 12 and 14 give click-by-click instructions for installing two commercially available 802.11 access point/client adapter pairs on your Windows box. The selected products are Nokia's A032 Access Point along with their C110/C111 and Lucent's Orinoco (formerly WaveLan) Access Point and client adapter. It's worth noting that these are two of the most expensive 802.11 solutions available on the market and have enhanced features that are not present in other models. These chapters are simply rehashed vendor installation documentation for these products and provide very little added value. There's nothing that I hate more than paying $30-$50 for a book which repackages documentation that is freely available on the web. Skip these chapters; the rest of the book is excellent.

What's Good?

This book starts off with six strong chapters that cover the 802.11 protocol specification, why WEP is vulnerable, and some upcoming security specifications. The first six chapters are invaluable reading for any sysadmin that is planning (or already responsible) for an 802.11 deployment. This is your ammunition when users come and ask why the wireless network is slower than the wired network with fewer users (preventing contention adds more overhead in wireless) or why they really really should tunnel every wireless connection over SSH (because WEP is fundamentally flawed). The chapter that covers the current WEP implementation demystifies the "40 bit" vs. "64 bit" key-length sleight of hand that some vendors play. The standard WEP key length is 64 bits. However, 24 of those bits are used as WEP's initialization vector for the RC4 cipher. These bits aren't encrypted in an 802.11 packet, so by sniffing 802.11 traffic you can examine the IVs of the packets and see how many distinct keys are in use, and even retrieve the actual key once you have captured enough packets. AirSnort retrieves WEP keys by implementing the Fluhrer/Martin/Shamir attack (orig paper, Stubblefield paper). Chapter 16 covers using tools such as Airsnort and Ethereal to analyze the 802.11 traffic on your network. Remember to use your powers for good and not evil.

The final 3 chapters address deployment, analysis and tuning of 802.11 networks. These chapters, combined with the first six are the heart of this book and the whole motivation for buying the book. The analysis chapter has a particularly wonderful section about gathering user requirements with respect to 802.11 specific issues (security requirements, roaming ...) and a very practical section about physical installation that clearly illustrates the author's mastery of integrating 802.11 technologies into an existing infrastructure.

So What's In It For Me?

If you're an sysadmin and implementing 802.11 technologies is on the horizon, this book is a solid reference of the current state of 802.11 solutions, both good and bad. It pulls no punches in presenting issues and weaknesses with the current solutions and documents forthcoming standards that are being proposed or developed to address them. If you're considering a smaller deployment at home, the security aspects of the text are still applicable, but the design/deployment sections are more rigorous than you will need. There is a bit of starch (repackaged vendor installation documentation) and unnecessary details (knowing that 802.11 frequency hopping uses Gaussian frequency shift keying is good for impressing women at parties, but doesn't really impact the design/deployment of an 802.11 network) but the other chapters redeem themselves and make this a very valuable text.

Table of Contents
  1. Preface
  2. Introduction to Wireless Networks
  3. Overview of 802.11 Networks
  4. The 802.11 MAC
  5. 802.11 Framing in Detail
  6. Wired Equivalent Privacy (WEP)
  7. Security, Take 2: 802.1x
  8. Management Operations
  9. Contention-Free Service with the PCF
  10. Physical Layer Overview
  11. The ISM PHYs: FH, DS, and HR/DS
  12. 802.11a: 5-GHz OFDM PHY
  13. Using 802.11 on Windows
  14. Using 802.11 on Linux
  15. Using 802.11 Access Points
  16. 802.11 Network Deployment
  17. 802.11 Network Analysis
  18. 802.11 Performance Tuning
  19. The Future, at Least for 802.11
  20. 802.11 MIB
  21. 802.11 on the Macintosh
  22. Glossary
  23. Index

You can purchase 802.11 Wireless Networks : The Definitive Guide from bn.com. Slashdot welcomes readers' book reviews -- to submit yours, read the book review guidelines, then visit the submission page.

8 of 92 comments (clear)

  1. 802.11 Throughput by RiBread · · Score: 5, Informative


    This is your ammunition when users come and ask
    why the wireless network is slower than the wired network with fewer users (preventing contention adds more overhead in wireless)

    The right answer is: wireless networks are just plain slower than wired ones. Wired networks claim 100Mb/s access and wireless ones claim ~1/10 of that at 11Mb/s.

    Actually CSMACA (as opposed to CSMACD the medium contention handling mechanism wired 802.3 networks use) really plays only a small part in the speed of .11 networks. It's the format of .11 physical layer packets and quality of current PHY layer chips which limits the throughput of most solutions to around 4 Mb/s.

    New cards coming out from US Robitics using TI 802.11 silicon get consistent throughput close to 7Mb/s. Linksys also uses the TI ACX100 chipset, but doesn't have quite the marketing machine USR does.

    If you need more speed you ought to check them out. Still not like a wired network but a hell of a lot better than 4 Mb/s.

  2. The author Matthew Gast... by mattyohe · · Score: 4, Informative

    also published two articles on wireless security...

    Seven Security Problems of 802.11 Wireless
    http://www.oreillynet.com/pub/a/wireless/2002/05/2 4/wlan.html
    May 2002

    Wireless LAN Security: A Short History
    http://www.oreillynet.com/pub/a/wireless/2002/04/1 9/security.html
    April 2002

    --
    - what is the definition of simultanagnosia?! I've been meaning to look it up!
  3. The REAL definitive guide - free! by morcheeba · · Score: 5, Informative

    And all this time I thought that this was the definitive guide. Silly me. It's cool that 802 standards (which usually cost big bucks) are now available for a free download once they've been in print for 6 months. Way to go, IEEE! Now, if we can just convince ANSI to do the same... See also the main 802.11 homepage

    --
    HIV Crosses Species Barrier... into Muppets
  4. Because it's not needed... by chris_martin · · Score: 2, Informative

    The chapter is on the setup of your Airport Network. Have you ever set up an Airport network? Did you need a manual? The chapter goes over the settings and such of the different settings of the computer and setup of the basestation, but nothing that's not in the online help really, and it's even missing info (Like how to type in a HEX password that's used on non-apple AP's. But again, that info is in the help on the Mac anyway.) The chapter is only 14 pages long, with lots of pictures. I'm glad they threw it in there, but if you own a Mac and an Airport card, you probably know everything that's in the chapter already. Trust me, if you need to know the info that's in that chapter, the rest of the book will fry your brain :)

    --
    -- Chris Martin, System Administrator
  5. Re:So, WEP is insecure by bergeron76 · · Score: 5, Informative

    Your best bet would be to treat the wireless stations as "untrusted" and VPN them into your network. As such, you'll get decent encryption over the wire(err, air rather) and you can lock them down nicely. It's the only real solution to wirelss security.

    --
    Don't think that a small group of dedicated individuals can't change the world. It's the only thing that ever has.
  6. 15 minutes keys are great :-) by bogie · · Score: 3, Informative

    There is not a lot of info out there for 802.1x yet. Some pointers for you if you already didn't know about them.

    Microsoft has a howto for EAP-TLS W/ IAS server and AD, which is what I use at home w/ a Orinoco AP-500 and it works very well. http://www.microsoft.com/windowsxp/pro/techinfo/de ployment/wireless/default.asp

    Funk software offers a EAP-TTLS solution as well here is their press release.
    http://www.funk.com/News&Events/8021x_pa rtner.asp

    Finally in the free software world, freeradius offers experimental EAP-TLS as well.

    BTW if you google there are a few articles out there that say 802.1x is insecure. These are outdated and WRONG. Current 8021.x solutions use Mutual authentication NOT one-way as alluded to in previous articles. I even emailed one of the authors of one of those articles and they agreed that the current solutions solve the problem.

    --
    If you wanna get rich, you know that payback is a bitch
  7. PCF -- Cisco supports it by JoshuaDFranklin · · Score: 3, Informative
    A word of warning about that easy-to-skip chapter: Cisco's Aironet series supports the PCF. So if you really want to understand what's going on, read that chapter too. So just because it's not "widely implemented" doesn't mean it doesn't exist.

    I've also been very impressed with the Aironet gear. Reliable, lots of options, good interface. If you've just got a few nodes it probably isn't worth the cost, but if you're serious get Cisco (or Lucent).

  8. Re:great book! by Cajal · · Score: 3, Informative

    Would you kindly explain how Apple "owns" the 802.11b protocol simply because they market it under the "Airport" name?

    Furthermore, where is this purported mass media linking of wireless networks to piracy? Even if this myth does exist, who cares? Why avoid setting up a WLAN just because some moron at Ziff-Davis/CNN/whomever thinks 802.11b is about leet h4z0rs tradint warez?

    As for Bluetooth being a viable replacement for 802.11b - get real. Bluetooth has massive range and bandwidth problems. Bluetooth transmits at 720 Kb/s. Even the original 802.11 spec was 2 MB/s, and 802.11a and .11g ramp that up to 54 MB/s!