Controlling the Radiation Zone
When a wireless network is active, it broadcasts radio frequency (RF) signals. These signals are used to transmit the wireless data from an access point to the WNIC and back again. The same signal is also used in ad-hoc networks, or even between PDAs with 802.11 WNICs. Although this particular use of RF technology is relatively new, the use of the radio wave is very old. In fact, one of the closest relatives to the wireless network is the wireless phone. Ironically, some wireless phones have started to incorporate the 2.4GHz range, which is the same frequency used by 802.11b WLANs.
When using a radio wave, there is a range limit imposed by the signal. Because of interference from various obstacles, including sunlight and air, the signals weaken the farther one travels from the broadcasting unit. If you could see these signals, you might see a circular, deteriorating globe that is strongest at the center. This virtual globe is known as the radiation zone.
What many people do not realize is that the radiation zone can be quite large, depending on the location and strength of the base unit. Although solid walls, metal beams, and electrical wiring can impede the signal, these zones are often much larger than advertised on the WLAN's documentation.
To illustrate this, you can perform a simple test using a wireless phone. Place your phone base near an open window and call someone you know. Then start walking. You might find that you can walk several hundred yards down the street and still maintain a relatively clear connection. In fact, depending on weather, hanging wires, and the strength of your phone's antenna, you could travel up to twice the distance advertised by the phone's documentation. This applies to your WLAN as well.
In addition to the fact that a radiation zone might extend far beyond an office's or home's physical boundaries, the tools and technology used by hackers can amplify the signal. Using a positional antenna a hacker can narrow the window of detection and pick up signals from farther away. These same antennas are used to legitimately "push" wireless signals up to 20 miles or more. In other words, you will not be able to look out your window and see this hacker; he will probably be several blocks away. As a bonus for the hacker, the wireless signals have a tendency to bounce around in metropolitan areas, which means that even an unamplified signal can be detected several blocks in any direction.
Fortunately, there are several methods with which you can control this signal bleeding. The first method is to place the access point in a central location in your office. Although this might be obvious, many access points are set up on an outside room next to a wall, and worse, near a window. If there is a need to install several access points across a large space, try to position them as close to the center of the building, or as far away from outside walls, as possible. For example, in our house example, a simple movement of the access point has an obvious impact on the leakage of the wireless signals.
In addition to managing the physical position of the access point, you can also control the signal sent out from the access point. In particular, you can control the power of the signal, which determines how far the signal travels. You can also control the direction of the signal by positioning the antenna and disabling one antenna to cut off one side of the access point. For example, in the Linksys BEFW1154, you can completely turn off the signal on either the right or left antenna. This option is very handy in eliminating interference between access points and in restricting unneeded signals.
Although this particular access point does not have the power option, such a feature comes with a few higher end models. If you are only going to use the access point in a small conference room, you do not need a high-powered, top-of-the-line access point. A low-budget model will suffice.
By using antenna management techniques, you can control the range of your WLAN. In high-rise buildings or apartment complexes, this can be a serious issue. Interference-and nosy neighbors-can quickly become a problem. By removing one antenna, reducing the output, and adjusting the position of the antenna, you can effectively keep the signal within a tight range.
Regardless of how much you control the radiation zone, there is a high chance that it will bleed slightly. In other words, this method of protection should be used in conjunction with other methods to completely secure the WLAN.
In this tutorial:
- Securing the WLAN
- Access Point-Based Security Measures
- MAC Filtering
- Controlling the Radiation Zone
- Defensive Security Through a DMZ
- Third-Party Security Methods
- VPNs
- Funk Steel-Belted Radius
- Central User Administration
- Central Hardware Administration
- Securing Your Wireless LAN
- RADIUS Accounting
- WLAN Protection Enhancements
- AES