Extract From Byte Magazine - Dec 12 - Feeling Insecure

[Steve Bildermann]

As Byte is now a subscription service I thought some people might enjoy reading some extracts.

The Wireless Scene: D Link

Some time ago we connected up wireless here at Chaos Manor using a secure Cisco Access Point and Cisco Wireless PCMCIA Adapter cards, using the Cisco LEAP security protocols. It worked fine, and it certainly was secure.

There was one problem: The only way I could connect my Tablet PC to the Chaos Manor wireless system was to insert a Cisco card. Since Lisabetta comes with her own built in wireless this seemed needless; and of course most places I go will not have a Cisco system anyway. I find wireless confusing, and I needed a way to play with wireless here as it would look to me in places like the LA Convention Center. <continued>

[Steve Bildermann]

The Chaos of Windows Wireless and the Glaskowsky Observation

Inveterate Macintosh user and editor in chief of Microprocessor Report Peter Glaskowsky once said that, with software on the Macintosh, "everything is either very easy or impossible." He might also have been talking about getting wireless networking operating on Windows.

D Link has been practicing the saturation bombing method for getting coverage at Chaos Manor: Keep pitching products at the reviewer until he can no longer move through his office without knocking your gear off a flat surface. I believe my shelves are currently better stocked with D Link 802.11g compatible wireless gear than the local Fry's Electronics. It's good stuff, too, and it is clearly time to put this latest bonanza to the test, so we pulled a D Link DWL 2000AP wireless router out of the pile. Let me hasten to add: We have used a lot of D Link equipment, and I have yet to find anything I don't like. There's a lot of bang for the buck here.

802.11g, for those of you trying to stay buzzword compliant, is the faster version of 802.11b. It's completely upward compatible with 802.11b, and runs at the same frequency, 2.4 GHz. There is also 802.11a, which operates in the 5.4 5.7 GHz band, and is therefore incompatible with 802.11b or .11g. Some access points and laptops have radios which support both. For now, I recommend that anyone planning to roll out wireless networking from scratch use .11g. Not only is the throughput higher but it's higher from farther away: Read on.

The DWL 2000AP has a web based management page, but it also comes with a Windows based application for setup. We started with web based management but found the Windows app (much improved over previous D Link setup programs) worked just fine as well. Using the web setup wizard, we gave the 2000AP a static IP address, pointed it at Chaos Manor's internal gateway (192.168.1.1), chose an unused Wi Fi channel (10), saved the settings and restarted. And that was it: Setting up the access point was ridiculously easy. Getting it working with a Windows based wireless card was also easy. Getting the whole mess secured was (nearly) impossible.

Varying from Success, Not Failure

Whenever adding something new to your computer, or network, always vary from success: Start with a working configuration, make as small a change as you can, and see if that works. If it doesn't, go back and try a different path. I used this technique when I ran aerospace industry test labs, with very good results. In those days I called it "the relentless application of logic," a pretentious way of saying start with something that works and take small excursions off that.

Applying such simple logic makes for lowered blood pressure and the illusion that computers are wonderful, easy to install tools. Ignoring it is what makes Chaos Manor such a trial for the inhabitants when it's column time, but it does make for good stories. After all, we do lots of silly things so you don't have to.

The simplest way to implement wireless networking is wide open, without security, and that's how we started; manually entering the settings from the D Link access point to Lisabetta's "Wireless Networks" tab in the Network properties for its built in wireless card. You get to that by clicking on the tiny connection icon down in the tray.

This Wireless Networks tab is, per Microsoft Knowledge Base Article 313242 the front door for the Windows "Wireless Zero Configuration Service," Microsoft's attempt to shield the user from much of the complexity of browsing, connecting to, and securing access to Wi Fi networks. It's laudable to provide a single control panel for choosing what wireless network to connect to, but your computer won't have this tab unless the device driver for your wireless card supports Wireless Zero Config. Otherwise, you'll use the wireless management app that came with your wireless card.

That may be a blessing. The Microsoft WZC is like a Mac: Everything is either very easy, or it's impossible. Worse, if you have the WZC service, you cannot install a different wireless management app unless you also install a different wireless card. You may wish you had something other than WZC.

D Link's AirPlus Extreme application that comes with their DWL G650 AirPlusXtremeG wireless card, for instance, lets you choose the SSID, connect speed, power saving settings and maximum transmit speed, but it also provides a real time graph of both link quality and signal strength, in percentages. It also provides the true transmit speed of the link, not just the maximum theoretical speed. Other manufacturer specific wireless control panels, such as Cisco's, provide much of the same data.

Unfortunately the Windows Wireless Zero Config Service (WZC) provides no such detail; if you hover your cursor over the wireless link icon in the System Tray, it will show, say, an 11 megabit connect speed for an .11b network, and a gross signal quality measurement from "poor" to "very good." You cannot choose many hardware specific features. WZC also isn't well documented, particularly for WEP key entry. Actually, to say it's not well documented is to be kind. That brings us to wireless network security.

The Obscurity of Security

When Wi Fi was created, so was WEP, "Wired Equivalent Privacy," so called because it was supposed to make wireless as private as an Ethernet conversation. This turned out not to be the case, as you have probably read in this publication and others. WEP just isn't secure enough for anything you would really mind being disclosed, though it's certainly better than nothing.

Worse, the "security through obscurity" of the past that it was difficult to jack into someone's computer network is no longer true for wireless. You literally can steal bandwidth (or eavesdrop) from a car outside someone's house: War driving and 802.11g makes this threat more real. After we got the network up, I picked up Lisabetta, the Compaq Tablet PC, and was unable to get a decent signal from the front yard of Chaos Manor via her built in 802.11b card. With Alex's Dell Inspiron 7500 laptop and the D Link 802.11g DWL G650 card, I could walk downstairs, into the front garden, and across the street before the signal got spotty.

Not only is the performance higher, but it's higher from farther away. The improvements in signal processing integral to .11g really are a boon, but only so long as you aren't relying on the barrier of mere distance to keep your network safe. Clearly anyone with a decent external antenna, from a hacked up Pringles can to a $70 8 dB gain ribbon, could "wardrive" by and borrow bandwidth from me, or, worse, eavesdrop.

Don't Tell Your Name

One of the first ways to make your network somewhat more secure is to stop broadcasting its identity. The SSID (Service Set IDentifier: Think "Wireless network name") of the network is customarily broadcast on open networks. This makes it very easy to find and connect to. It's easy for you, and for anyone else.

The firmware shipped with the D Link DWL 2000AP access point didn't support turning off SSID broadcast. A quick trip to the D Link web site disclosed that the latest firmware update did support that feature, so we downloaded and installed that.

So far so good, but can you connect to a network that won't broadcast its name?

Sometimes yes. We set up Lisabetta with her built in 802.11b wireless while the network name was being broadcast. She remembered that, and when we turned off the broadcasting we could still connect to the network using the name we had given it.

Sometimes no. D Link's own DWL G650 PC Card software, upon being told the SSID and WEP key, did not find the network (which it had previously seen) for several minutes. Not helping matters was Symantec's Norton Internet Security, which can take 5 to 40 seconds to detect, setup, and protect a new wireless connection. I finally deleted the old settings, carefully typed them in again, and told the D Link software to rescan for a wireless network. It finally found the network, Norton "protected" the connection, and I was back to a 54 megabit transmit rate, the maximum for 802.11b. The object lesson: Wireless network discovery, or rediscovery, can take a LOT longer than it takes an Ethernet port to see the cable plugged in. Be patient.

Key Length and Key Insights

The next step was to enable WEP, and this nearly drove us mad.

WEP keys come in two lengths, 64 bit or 128 bit. These keys are partitioned into a 24 bit preamble (the Initialization Vector) and an actual encryption key, so they are alternately listed as 40 bit and 104 bit keys. There are also nonstandard WEP installations which use even longer keys; we're using a 256 bit WEP key on the wireless link which provides program guide data to the TiVo downstairs. This, though, is deeply nonstandard, so I wanted to use 128 bit WEP on the link for our more general Wi Fi network. The 128 bit key provides at least Good Enough security for my tests. We aren't going to leave this network on all the time, and anyone stealing bandwidth from me will have to park outside my house during a time when the test net is turned on. Alas, it turns out that entering the key itself is a headache.

The problem is that, while the key length is standardized, it can be entered either as ASCII or as a Hexadecimal number. We have yet to find an application which was completely explicit about how they wanted the keys entered; none of them have a complete example.

Worse, you may recall that the Compaq Tablet PC only has Windows Wireless Zero Configuration (WZC) as its wireless control panel; WZC contains no help, not one item, about whether the key is to be entered as hex, or as ASCII. Moreover, there is not one item anywhere on the Microsoft site about this. To make it more frustrating, WZC shows the entered digits as "*" (it is a password, after all), and the text entry box is too small to show all of the text! You can't even count its length!

Repeated tries to enable WEP met with complete failure. After all, we didn't know how long to make the key, or whether to make it ASCII or hex: and nothing would tell us. The DWL 2000AP allows you to choose either ASCII or hex, but that does no good if you don't know how long to make the key, or how to enter it on the laptop you hope to connect to the net. Visits to the Microsoft Knowledge Base produced a lot of information and not one example. It was enough to induce hair pulling.

Fortunately, we weren't the first to be frustrated by this obscure fact, and a Google search found a German university webpage documenting that a 128 bit WEP key, entered in Hex, is 26 digits. In ASCII, it's 13 characters. (For 40/64 WEP use ten character hex; for 104/128 WEP use 26 hex characters.) Through experimentation, we discovered that the WZC WEP key entry is hex, not ASCII, and thus we needed to enter 26 hex characters. By entering it very carefully into the WZC control panel (you are flying blind, of course), then resetting and restarting the machine, and being very patient, we were finally on the air, with whatever level of security 128 bit WEP provides.

Once properly set up which was a much bigger job than we thought WiFi Just Works, on Lisabetta with .11b, on the DWL G650 with .11g, and with the raft of other D Link wireless gear they sent us. And it's quite a raft; as yet untested by us are the DWL 800AP+ Range Extender, a pocket wireless print server, a Compact Flash size 802.11b wireless card, and USB .11b gear. On the other hand, I did use the DWL 810+ Wireless Bridge to set up an isolated island of connectivity: Plug an Ethernet switch into this device, and every machine on the switch can connect to your wireless net. Readers may remember our efforts to do that at Larry Niven's place after he broke his leg and couldn't get upstairs to his office. The D Link DWL 810+ would have made that easy.

Networking, WEP, and the Real World

The problem comes when a reasonably experienced user buys a wireless access point and PC Card so he can run between his office and his partner's down the hall and stay connected. For most users it won't be at all difficult to set up, and they're surfing wirelessly in ten minutes.

"Is it secure?" his partner asks. "No, but I'll make it so," he thinks to himself, and attempts to enable WEP. Two hours later, he's frustrated and still on deadline, so he leaves security off until he can get back to it. If the poor schlub goes online to look for information on how network security works, he either finds a rehash of the brain dead manual he read twice while making coffee, or deeply obscure discussions of TKIP and Michael and key length which make him think seriously of returning to sneakernet, or homing pigeons, or clay tablets. It's no wonder, then, that so many wireless networks are run without any security; it's just not easy.

It can be done. Have faith, and remember: For 128 bit WEP, you need precisely 26 hexadecimal characters if you are going to connect to a Microsoft WZC device. You will have to type in that 26 character hex number, blind, twice.

Of course if you entered the original key as ASCII, you must manually convert it to HEX since the D link app doesn't translate, and the Microsoft WZC only accepts that interminable set of Hex characters. It would be superfluous of me to point out that this isn't optimum.

To be fair, the Wi Fi industry is trying to make this easier. Next month, we'll work through Wi Fi Protected Access, the latest update in Wi Fi security. WPA (not to be confused with Windows Product Activation, or the Works Progress Administration) is supposed to be more secure than WEP, assuming you use relatively complex encryption keys. For now, I can finally grab the Tablet, wander through the Great Hall, take notes, and surf wirelessly. That's Good Enough.

One last note: the latest version of the Compaq/HP Tablet has 802.11g wireless built in. It also has an Intel CPU. If you're buying a new Compaq Tablet, and I really like them a lot, that's the version to buy.

The bottom line on D Link Wireless: D Link equipment is as easy to use as any and a lot easier than most. It works. The instructions are clear and useful, and the Configuration Utility that comes with their various wireless cards is excellent. If you don't mind running your wireless net wide open, you can set it up in five minutes. Enabling WEP isn't that much harder, provided that you remember the magic formula: precisely 26 hex characters for 128 bit WEP. We use a lot of D Link equipment, and we've yet to find any we don't like.

Rayovac 15 Minute NIMH Batteries and Charger

This is a sturdy unit: There's a fan in the charger, and the transformer is one of those heavy wall bricks of the kind I hate because the plug is at right angles to the brick, and the brick often covers the other outlet. It's also hard to use on a surge protector bar. This one is better than most in that the plug is two prong and not keyed: you can generally plug the Rayovac in so the other outlet is also usable.

I get that complaint out of the way, because there's a lot to like about this Rayovac 15 minute NIMH system. It really does charge the Rayovac 15 minute batteries to full power in 15 minutes, and while I can't testify to total battery life, these are reported to keep going and going: full performance for 1,000 recharge cycles. I can say that with a 15 minute charge the Rayovac 15 minute batteries got as many flash pictures from my Olympus camera as did the original NIMH batteries that came with the camera.

The 4 battery charger unit comes with an offer for a free auto adapter that lets you charge batteries in your car: a great convenience. With this unit and two sets of 15 minute batteries there is no reason ever to run out of battery power on the road.

For all practical purposes, there are two choices for batteries now, alkaline disposables and NIMH rechargeables. The disposables have the advantage of long shelf life charge: They don't "leak" electrons over time. NIMH, on the other hand, will go dead in a couple of weeks if not used. This makes alkaline the batteries of choice for flashlights and other low drain devices (remotes, non printing calculators) you don't use all the time.

Alkaline batteries are often used in toys and devices like Game Boy, but it's not clear they should be. Most electronic devices show "low power" or cut off at fairly high voltages. Your kid's "used up" Game Boy alkaline batteries are quite good enough for flashlights and other such uses. The result is you spend a good bit more money on batteries for electronics than you need to, but you get the convenience: They're readily available and you don't have to wait to charge them. Rechargables make sense for anything with a motor, and most computer gear.

The Rayovac 15 Minute charge system makes it convenient to use Rayovac NIMH rechargables in many applications like toys and electronics precisely because they really do fully charge in 15 minutes.

A couple of points. This system gets warm (not hot, but warm) when it's doing the 15 minute charge. There's a fan in the charger, not particularly loud, but it's there. You'll hear it across a quiet room, but not in a car. When it stops, the batteries are charged. Second, while the Rayovac system will recharge ordinary NIMH batteries, it's very slow: overnight compared to one or two hours (depending on how discharged the batteries were) with the charger that came with the Olympus Camera. The Rayovac charged the Olumpus Camedia batteries, but it took a long time. The fan does not go on with any batteries other than the Rayovac 15 Minute batteries: The charger can sense those, and really ups the amps to get the 15 Minute charges. With other kinds of batteries it is very cautious.

This system works with both AA and AAA batteries; once again, there are Rayovac 15 Minute AAA batteries, but it will, overnight, charge standard AAA NIMH. Many older chargers work with AA or AAA but not both. You can charge Rayovac 15 minute batteries in any charger, but of course they'll only charge up at the usual rate for that charger.

I have added the Rayovac charger and batteries to my standard electronics travel kit, but I still carry the Olympus Camedia charger as well since I have a lot of older NIMH batteries (including a bunch of green no name batteries I bought at a COMDEX 7 years ago for a buck each). Besides, the Olympus unit works with European as well American voltages without adaptors.

As far as I know Rayovac has the only 15 minute charge batteries and charger available now. The system works, and it sure makes it easy to keep your camera and electronics batteries fully charged.

Winding Down

The book of the month is Neal Stephenson's Quicksilver (William Morrow, 2003; ISBN 0380977427). This enormous 900 page novel tells the story of the ancestor of the fictitious hero of Cryptonomicon. It's set in Restoration England; Counter Reformation Europe just after the 30 years war; and the Americas in the time of the Salem Witch trials. You get the London Plague and Fire, Leibnitz vs. Newton on the invention of calculus, the founding of the Royal Society, the second Siege of Vienna, and a partridge in a pear tree. It will take you a while to read it, and you'll love every minute.

The second book of the month is Paul Johnson, ART: A New History (HarperCollins, 2003; ISBN 0060530758), and that will take you another two months to read: You'll be a better person for having done so. It's also very readable.

The computer book of the month is Michael Howard and David LeBlanc, Writing Secure Code (Microsoft Press, 2002; ISBN 0735617228). It carries a cover blurb from Bill Gates: "Required reading at Microsoft." It discusses both philosophy and techniques, it's huge, it is not light reading, and I highly recommend it for anyone who has to deal with IT matters.

The movie of the month was Under Tuscan Skies. It's a chick flick, and I went because my wife made me go, and I loved it. So did she. It's fun with good performances by everyone in it. Meanwhile the critics are talking about Academy Awards for Mystic River, and I can't understand that. There are good performances in that movie but the plot depends on such unlikely coincidences that I simply couldn't accept it. Clearly others don't agree.

The game of the month for me remains Dark Age Of Camelot with the Atlantis expansion. That's fun. I had intended some extensive observations on computer game trends, but I'm way out of space and time, so that will have to wait. I do wish one of the companies would go back to realistic turn based strategy/tactics games simulating modern warfare. I weary of these "real time" games in which 3 days of battle take place in an hour and the challenge is to think and click faster than a computer. That's no fun.