Chapter 6
2.4 GHz
1 through 11 802.11g
802.11ac
1.7 Gbps 5 GHz
802.11b
11 Mbps 2.4 GHz
2.4 GHz and 5 GHz
2.4 GHz and 5 GHz are frequency ranges. The exact range for these will vary from one country to the next. For example, the range for 2.4-GHz Wi-Fi in the United States is between 2.412 GHz and 2.462 GHz, broken up as channels 1 through 11 each is spaced 5 MHz apart from the next. When you set up a 2.4-GHz Wi-Fi network, it will have a channel width associated with it. By default, this 128 SOHO Networks and Wireless Protocols is often 20 MHz—an amount that spans multiple channels. That's why I usually recommend placing wireless networks (and access points) on separate channels that are distant from each other. In the United States, the 2.4-GHz non-overlapping channels are 1, 6, and 11. For example, one Wi-Fi network could be on Channel 1 (2.412 GHz) and the next could be on Channel 6 (2.437 GHz), which allows for 25 MHz of space—more than enough in most cases to avoid interference. However, to increase data rates, you can increase the channel width on many routers to 40 MHz for 2.4-GHz networks, and up to 80 MHz for 5-GHz networks. This is known as channel bonding . As you can guess, the chance for interference increases as well, so this notion can be risky. If we used 40-MHz channel bonding with our previous example, we would have interference from one Wi-Fi network to the next. Channel 6 is too close to channel 1 in this case. We would need to go to at least channel 9 (2.452 GHz) to avoid overlap- ping of the two Wi-Fi networks. The same goes for 5-GHz Wi-Fi networks. For example, channel 36's center frequency is actually 5.180 GHz. Channel 40 is 5.200 GHz. That is 20 MHz of channel width. If we wanted a separate Wi-Fi network on each of those channels, it would work fine by default, but if we wanted to perform channel bonding, then we would have to select another channel, such as channel 149 (5.755 GHz), which would allow for 40 or 80-MHz channel bonding, and possibly, higher data rates. But air is free, right? So, we should perform a wireless site survey, and identify other companies' and homes' Wi-Fi networks that are nearby. They could be using channels that are too close, and cause interference. A Wi-Fi analyzer program is the best way to go when it comes to seeing who is using which frequencies, and then selecting frequencies that we can use (even with channel bonding) without causing overlap and interference. There are vendors that develop these programs for Windows, Android, and iOS. A Wi-Fi analyzer makes it easier for a person to discern where Wi-Fi networks exist in a given frequency range by showing the information in a graphical format, a chart, or something similar. It will also show the strength of the signal of each network. All of this can help you to decide on the right channel to use when you are per- forming your wireless site survey.
802.11n
300/600 Mbps 5 and/or 2.4 GHz
5 GHz
36, 40, 44, 48, 149, 153, 157, 161, 165 802.11ac
802.11a
54 Mbps - 5 GHz
802.11g
54 Mbps 2.4 GHz
DMZ
A demilitarized zone is an area that is not quite on the Internet and not quite part of your LAN. It's a sort of middle ground that is for the most part protected by a firewall, but particular traffic will be let through. It's a good place for web servers, e-mail servers, and FTP servers because these are services required by users on the Internet. The beauty of this is that the users will not have access to your LAN—if it is configured correctly, of course. Quite often, the DMZ is set up as the third leg of a firewall. The first leg connects to the LAN, the second leg connects to the Internet, and the third connects to the DMZ. You need to know the ports that your servers will use and create rules within the firewall (or an all-in-one device, such as a SOHO router) to allow only the required traffic into the DMZ.
AES
Advanced Encryption Standard
Bluetooth Frequency
Bluetooth is a standardized protocol for sending and receiving data via a 2.4GHz wireless link. It's a secure protocol, and it's perfect for short-range, low-power, low-cost, wireless transmissions between electronic devices.
Whitelist
First, you could specify a list of computers with allowed MAC addresses, also known as a whitelist.
Mac Filtering
Generally, MAC filtering—which might also be referred to as Access Control or something similar is disabled by default, but if you were to enable it, you would have two options. First, you could specify a list of computers with allowed MAC addresses, also known as a whitelist. Second, you could specify the computers that are denied access, also known as a blacklist. Whatever you choose, it's the MAC address that is used to determine connectivity and access control. For ease of use, SOHO routers will often display the computers that are currently connected, including information such as the device name, connection type (wired or wireless), IP address, and of course, the MAC address
IoT
Internet of Things
LTE
Long Term Evolution
MAC filtering
MAC filtering is the screening of computers that are allowed access to a device or network. Every computer, wired or wireless, gets a unique MAC address. It is difficult to change or mask, so it makes for a good address to screen out unwanted connections. And because the switch portion of a SOHO router sees the MAC addresses of the computers connected to it, it's the perfect place to incorporate filtering. Generally, MAC filtering—which might also be referred to as Access Control or something similar—is disabled by default, but if you were to enable it, you would have two options.
4G
Most popularly implemented as Long Term Evolution (LTE), a wireless data standard with theoretical download speeds of 300 Mbps and upload speeds of 75 Mbps.
NAT
Network address translation is the process of modifying IP addresses as information crosses a router. It hides an entire IP address space on the LAN (for example, 192.168.0.1 through 192.168.0.255). Whenever an IP address on the LAN wants to communicate with the Internet, the IP is converted to the public IP of the router (for example, 68.54.127.95) but it will be whatever IP address was assigned to the router by the ISP. This way, it looks like the router is the only device making the connection to remote computers on the Internet, providing a modicum of safety for the computers on the LAN. NAT also allows a single IP to do the work for many IP addresses in the LAN.
Qos
Quality of service is a feature that attempts to prioritize data for specific computers or for specific programs. It could be that you want to prioritize certain types of data, such as Remote Desktop Protocol (RDP) traffic, streaming media, Voice over IP (VoIP) phone calls, gaming, or audio or video playback. Or, perhaps a user wants a gaming PC or a smartphone to have a higher priority in general. QoS allows a user to do both of these things. Figure 6.4 shows an example of QoS configured on a basic SOHO router. One computer has been given high-priority access to the router. Also, an application (FTP) has been given low priority for all systems connected. Most SOHO routers have a QoS database that can be updated to include newer types of applications. However, if the application is not listed, then there is usually an option to add a custom application by using its port number.
RFID
Radio-frequency identification (RFID) is a wireless technology used to read information that is stored on "tags." These tags can be attached to, or embed- ded in, just about anything. They are used in many industries and have many uses such as access control, commerce, advertising, manufacturing, agriculture, and so on.
Blacklist
Second, you could specify the computers that are denied access, also known as a blacklist. Whatever you choose, it's the MAC address that is used to determine connectivity and access control
SSID
Service Set Identifier. Identifies the name of a wireless network. Disabling SSID broadcast can hide the network from casual users but an attacker can easily discover it with a wireless sniffer. It's recommended to change the SSID from the default name.
3G
Third generation wireless communication technology allows high speed wireless data transfer
Port forwarding
This forwards an external network port to an internal IP address and port. This enables you to have a web server, FTP server, and other servers, but you need to have only one port for each open on the WAN side of the router.
UPnP
Universal Plug and Play is a group of networking protocols that allows computers, printers, and other Internet-ready devices to discover each other on the network. It is a consumer-level technology designed to make networking easier for the user. For example, if you wanted easier accessibility and connectivity of a PC, a smartphone, and a printer that were all connected to the SOHO router, UPnP can provide that. However, it is often recommended to disable this function if you are concerned about security.
WPA2
Wi-Fi Protected Access Version 2 (WPA2)
Z-Wave
Z-Wave is a protocol that is standardized by the Z-Wave Alliance and works within the 800- and 900-MHz frequencies. As with Zigbee, you might find Z-Wave modules in security systems, lighting control devices, thermostats, and so on. As of the writing of this book, Z-Wave has a longer transmission distance than Zigbee and is very common in the realm of home automation. However, protocol choice also depends on the manufacturer of the device, the exact purpose for the device, and cost. Some homes and offices use both Zigbee and Z-Wave because many devices only use one or the other. To control either Z-Wave or Zigbee devices, a smart hub is required that has support for one or both of the protocols. As with any wireless devices, security is a concern. Devices that use Zigbee or Z-Wave utilize 128-bit encrypting technologies check and make sure that this is enabled. Also, make use of any PINs or passcodes available on devices.
Zigbee
Zigbee is standardized as IEEE 802.15-4. It is a low-power wireless technology that is similar to Bluetooth as far as frequency, transmission power, and distance. For example, it runs on 2.4 GHz as well as 915 MHz for Zigbee Pro and typically has a communications distance of 10 to 20 meters maximum. However, it is designed and manufactured in such a way that Zigbee products can be cheaper than Bluetooth and Wi-Fi equivalents. Also, it has a unified data communications methodology that BT and Wi-Fi do not, allowing for more configurability, greater control, and better communications between devices. Zigbee-based devices have low power consumption, which increases their battery life tremendously compared to Wi-Fi and BT devices. You might find Zigbee modules in sensors that can control lighting, temperature, window blinds, and much more, including home entertainment control, industrial control, medical data collection, smoke and fire alarms, and safety and securityin general.