The buzz on the street is "wireless this, wireless that," and you want to get in on the act, especially since it looks inexpensive to use. But as with many new technologies, many of the actual costs are hidden. While the total hardware and setup effort cost is minimal, the security risk alone could be quite costly. Therefore, the LBLnet Services Group of the Information Technologies and Services Division's Networking and Telecommunications Department (NTD) wants to provide you with some facts and implementation suggestions to help keep you out of trouble.

First, placing wireless equipment on LBLnet is expressly prohibited, as is the installation of any other network equipment not managed by NTD. This also includes using wireless at home -- if you connect to the Lab network remotely using ISDN or VPN (more on this later). The reason? Both network stability and security are affected, as may be other LBLnet users. For example, an unauthorized wireless Access Point (AP) on LBLnet may cause interference with previously installed wireless equipment if the Radio Frequency channel (of which there are 11) on the bootleg AP is the same as another nearby APs. This interference can shut down the wireless network. The cost of removing this interference, both in terms of network staff time and lost productivity by users (up to 32 per AP) whose connections are lost can be significant.

Security compromises can extract an even higher toll. Specifically, wireless effectively returns us to the days of shared media that are easily monitored. The common term for this is "snooping," meaning you can listen in to your neighbor's traffic. Though there is a way to encrypt your traffic, it does not provide complete security. Without going into detail, just assume that other wireless users within a 100-meter radius can monitor your voice and Internet traffic. Although the wireless-standards committees of the Institute of Electrical and Electronics Engineers are working hard to fix these problems, in the meantime we have to take extra care while implementing current wireless technology.

Since folks are not authorized to attach wireless equipment to LBLnet, you may wonder why it is important to share this with LBNL staff? We are concerned that the commodity prices may cause some people to rush headlong into this technology without thinking about the potential consequences. In fact, we think that many folks are currently using wireless at home and are totally unaware that their neighbors could be listening in on conversations or sharing their Internet connection. Remember, wireless APs can cover over a 100-meter radius. Is your neighbor 100 meters away? How about your street? Without precautions, the unscrupulous could sit in their house or car and watch you work, or perhaps use your Internet connection.

If you are connected via LBNL's ISDN or VPN, using a wireless link at home is not allowed, as these types of remote access connections are virtual extensions of LBLnet. This is not true of DSL, cable networks, or broadband ISP connections. When connecting wireless equipment to LBNL Remote Access Services systems you expose the Lab to a security risk as direct connections enjoy access to internal services otherwise not available to outsiders.

Here are some questions to consider before you set up a wireless system at home, as well as some guidelines to help keep your network connection and systems safe. For further information, please call the LBLnet Service Group at X4559.

General Home Wireless Implementation Considerations

Question: Is there public access within 100 meters where you intend to install your access point?
Answer: If you answered yes, you will need to set up security to prevent others from accessing your wireless network. Specifically, the Wired Equivalent Privacy (WEP) option should be set up according to the documentation provided by the AP and client card documentation. This will prevent snooping from occurring. However, the current implementations of WEP (40bit, 64bit and 128bit) have a known weakness and therefore can be cracked. The current version of WEP is like a simple door lock, it keeps honest folks honest. An additional feature is available that allows for a wireless LAN (WLAN) to be named, further improving security. It is recommended that you name your home WLAN.

Finally, we recommend that you keep your AP turned off when not in use. This limits the amount of time that a would-be hacker has to see and work on hacking your WLAN. The downside to this is that if you expect to use your laptop at LBNL, you must reconfigure your client appropriately. To lessen the inconvenience, the LBLnet Services Group (LSG) of NTD offers remote access software supporting your choice of configurations at boot time.

Q:. Do you have and use a microwave oven?
A: Microwave ovens, especially leaky ones, can interfere with IEEE802.11b (11 Mbps) WLANs as both have an operating frequency of 2.4Ghz. It's good to be aware of this issue.

Q: Do you have either an ISDN or VPN connection to LBLnet?
A: If you have an LBLnet-connected ISDN or VPN connecting to the Laboratory, do not connect WLAN equipment to them. For more info please call X4559.

Q: What bandwidth do you expect from your wireless system?
A: If you do work requiring a bandwidth greater than 5.5Mbps, WLANs will limit your throughput. If you have more than one host consider that modern WLANs are based on shared media, thus the effective bandwidth can be calculated based on nMbps/mWLAN clients. However, most home users are unlikely to be concerned about this issue.

Again, if you have questions about any of the services described above, call LBLnet Services at X4559.