Category: Network Management

Criminal legal action now being taken concerning “scareware”

 Articles

Scareware Indictments Put Cybercriminals on Notice – Microsoft On The Issues

Swede charged in US over ‘scareware’ scheme | The Local (Sweden’s News in English) – Sweden

US-Behörden klagen Scareware-Betrüger an | Der Standard (Austria – German language)

From the horse’s mouth

FBI Press release

My comments

What is scareware

Scareware is a form of malware that presents itself as desktop security software. Typically this software uses a lot of emphasis on “flashing-up” of user-interface dialogs that mimic known desktop security programs, whether as add-on programs or functions that are integral to the operating system. They also put up dialogs requiring you to “register” or “activate” the software in a similar manner to most respected programs. This usually leads you to Web sites that require you to enter your credit-card number to pay for the program.

In reality, they are simply another form of Trojan Horse that is in a similar manner to the easy-to-write “fake login screen” Trojans that computer hackers have created in order to capture an administrator’s high-privilege login credentials. Some of the scareware is even written to take over the computer user’s interactive session, usually with processes that start when the computer starts, so as to “ring-fence” the user from vital system-control utilities like Task Manager, Control Panel or command-line options. In some cases, they also stop any executable files from running unless it is one of a narrow list of approved executable files. They are also known to nobble regular desktop anti-malware programs so that they don’t interfere with their nefarious activities. This behaviour outlined here is from observations that I had made over the last few weeks when I was trying to get a teenager’s computer that was infested with “scareware” back to normal operation.

Who ends up with this scareware on their computer

Typically the kind of user who will end up with such software on their computer would be consumers and small-business operators who are computer-naive or computer-illiterate and are most likely to respond to banner ads hawking “free anti-virus software”. They may not know which free consumer-grade anti-virus programs exist for their computing environment. In a similar context, they may have found their computer is operating below par and they have often heard advice that their computer is infested with viruses.

What you should do to avoid scareware and how should you handle an infestation

The proper steps to take to avoid your computer being infested with scareware is to make sure you are using reputable desktop security software on your computer. If you are strapped for cash, you should consider using AVG, Avast, Avira or Microsoft Security Essentials which have the links in the links column on the right of your screen when reading this article on the site.

If you have a computer that is already infected with this menace, it is a good idea to use another computer, whether on your home network or at your workplace, to download a “process-kill” utility like rkill.com to a USB memory key or CD-R and run this on the infected computer immediately after you log in. It may alos be worth visiting the “Bleeping Computer” resource site for further information regarding removing that particular scareware threat that is affecting your computer. This is because I have had very good experience with this site as a resource when I handled a computer that was infested with scareware.

If you are at a large workplace with a system administrator, ask them to prepare a “rescue CD” with the utilities from the “bleeping-computer” Web site or provide a link or “safe-site” option on your work-home laptop to this site so you can use this computer as a “reference” unit for finding out how to remove scareware from a computer on your home network.

How the criminal law fits in to this equation

The criminal law is now being used to target the “scareware” epidemic through the use of charges centred around fraud or deception. Like other criminal cases involving the online world, the situation will touch on legal situations where the offenders are resident in one or more differing countries and the victims are in the same or different other countries at the time of the offence.

This case could raise questions concerning different standards of proof concerning trans-national criminal offences as well as the point of trial for any such offences. 

Conclusion

Once you know what the “scareware” menace is, you are able to know that criminal-law measures are being used to tackle it and that you can recognise these threats and handle an infestation.

Disclaimer regarding ongoing criminal cases

This article pertains to an ongoing criminal-law action that is likely to go to trial. Nothing in this article is written to infer guilt on the accused parties who are innocent until proven guilty beyond reasonable doubt in a court of law. All comments are based either on previously-published material or my personal observations relevant to the facts commonly known.

Debunking the hysteria and paranoia about Google’s Street View Wi-Fi site surveys

Introduction

Over this last few weeks, there has been hysterical media and political activity in Europe and Australia concerning Google’s Street View activities. This activity has become focused on the collection of Wi-Fi network data by the Street Survey vehicles which grab the initial street images.

The hysteria focused on identifying details about Internet use and Wi-Fi devices that existed at individuals’ addresses and that this data could be used to spy on individuals.

The truth

Wi-Fi site surveys are a part of Wi-Fi networking life

The Wi-Fi site survey is associated with nefarious activities like wardriving but it is commonly practised as part of Wi-Fi network use.

When you want to connect to your Wi-Fi wireless network with a client device, you will come to a point in the device’s setup operation where you see a list of SSIDs, then you choose the SSID that you wish to connect to. This is an elementary form of a site survey.

This is extended to technology enthusiasts like myself who activate Wi-Fi network scanning functions on smartphones to see a list of wireless networks operating in the neighbourhood that they are in for curiosity’s sake. Here, we see the list of SSIDs and an icon beside each SSID that indicates whether the network is protected or not. The practice also extends to use of “Wi-Fi-finder” devices to look for open Wi-Fi networks.

Similarly, people who are optimising wireless networks will use software like inSSIDer (which I have reviewed) or HeatMapper for site surveys and wireless-network optimisation. This software can also yield information about the BSSID and operating channel for that particular SSID and more sophisticated versions can use spectrum analysers to determine interfering frequencies or determine the location using support for GPS modules.

This leads me to Navizon and Skyhook Wireless who have done these surveys in order to turn these beacons in to a location tool in a similar manner to GPS or mobile-phone-tower-based positioning. The most common application of this is the Apple iPhone platform which uses this information for locating the phone during setup, avoiding the need for users to determine their time zone or location.

What does my Wi-Fi network yield

A normally-setup wireless access point or router will send out a “beacon” with contains the following data:

  • SSID or ESSID which is the wireless network name
  • BSSID which is the MAC address for the access point’s radio transceiver. This MAC address does not have any relationship to the Ethernet MAC address or the broadband (WAN) interface’s MAC address on your wireless router.
  • Information required to determine security protocol to establish a successful conection

This data that is in this “beacon” is publicly available in a similar context to the information written on a vehicle’s registration label which would have the registration number (written on the number plates / license plates) and the VIN (vehicle identification number) for that vehicle.

It is also worth knowing that all access points and wireless routers have the option to turn off SSID broadcast. Here, you don’t have the SSID made available but have the network listed as a “hidden network” on some devices. This is something you can do in your router’s or access point’s Web-based management interface

When your network client devices are active in your wireless network and are “talking” to your wireless access point or router, they don’t broadcast an SSID or other beacon because they have “latched on” to that access point or router. This data will usually be encrypeted as part of the WPA security protocols that should be in place on your private wireless network.

Conclusion

Once you know how the Wi-Fi network works, you should then know that a site-survey operation should not gather the actual data that is moved across the network.

Product Review – MetaGeek inSSIDer Wireless Network Analyser

The program is a free download from the MetaGeek Website or other download directories like TuCOWS or CNet. There is another application from this same team that works with a 2.4GHz spectrum analyzer for use in determining interference on this band, but it comes at extra cost.

The installation routine didn’t take long when I installed it on a Dell Studio 15 laptop that was lent to me as a review sample. It could work with the standard Wi-Fi network card that came with this laptop and could therefore work with any Wi-Fi network adaptor that is used with the host computer.

The program provides a “dashboard” with three concurrent views:inssider-screen

  • a table which lists the Wi-Fi networks that the program can find with their SSID, BSSID (MAC address) and channel for each detected wireless network.
  • a signal-strength / time graph for all of the discovered Wi-Fi networks
  • a signal-strength / channel graph for all of the discovered Wi-Fi networks

As far as I am concerned, the highlight of this program is the signal-strength / channel graph which is useful for identifying channel clashes or blank channels that you can tune the wireless access point to.

One of the main limitations is that it doesn’t detect “extended service set” networks nor does it support detection of multi-SSID access points which become a wireless on-ramp for many networks.. This may be of concern when using this program to manage routers with “guest-network” functionality or managing hotspots. Another improvement that I would like to see would be to provide for network grouping by SSID or BSSID (MAC address) so you can identify “foreign” networks easily.This would then help in identifying rogue access points or “evil-twin” hotspots easily.

I would then determine it as being very useful for “tuning” a wireless access point or router so it can coexist with other Wi-Fi networks, either as part of setting one up or troubleshooting a network. I would also recommend it as an essential tool for hotspot owners who want to keep their hotspot networks operating in an optimum manner and providing good customer service. It can also work well in “smoking out” rogue access points or fake “evil-twin” hotspots.

Keeping sanity in your home network during periods of power unreliability

You may be in an area where the mains power cables are strung between poles and there are many trees alongside the cables, Similarly, your neighbourhood may use very old infrastructure for its mains power supply. As well, your electricity supply utility may be regularly engaging in “load-shedding” practices where it may reduce power to certain customers in order to avoid the need to generate extra power.

Sometimes, the premises that you are in may have very old electrical infrastructure that is undersized for modern needs and you may experience situations where the fuses blow too frequently. You may also have an appliance that is “on its last legs” so much so that it causes the fuses to blow or the circuit breaker or earth-leakage circuit breaker (safety switch) to trip when it is used.

In these situations, there is an increased likelihood of unreliable power and whenever the power comes back on, you may have problems getting your home network and Internet service up and running.

Equipment reset procedures

One task you may have to do every time the power comes back after a power cut or surge would be to reset the network-Internet “edge” equipment. If you have a modem integrated in to your router, like most ADSL setups, you may be able to get away with just powering down the router, waiting 10 seconds, then powering up the router.

On the other hand, if you have a cable modem, FTTH fibre-optic modem, DSL modem (including high-speed VDSL2 modems that are part of some next-generation broadband setups) or similar equipment connected to the broadband router via an Ethernet cable and powered by its own power supply, you may have to use a different procedure when resetting your network.

This is to avoid the common access-mismatch situation when you power both devices up at the same time. In this situation, the router attempts to gain network-availability information from the external modem while the external modem is trying to re-establish its link with the Internet service provider and it may not have that link established by the time the router needs it. This usually leads to the router using a “private network” or “Auto-IP” address as its broadband (WAN) address rather than the proper Internet service IP address.

You then reset your network using this procedure outlined below:

  1. Disconnect both the router and the external modem from the power
  2. Wait 10 seconds
  3. Connect the external modem to the power
  4. Wait for the external modem’s CABLE or other media-specific connection light to become stable
  5. Then wait for the “service” or “Internet” light to glow steady.
  6. Once that has happened, connect the router to the power
  7. Wait for the router’s “Internet”, “Broadband” or “WAN” light to become stable. You should then have a stable connection by then

Some installations such as certain FTTH installations may have a separate modem located outside the house and you may not be able to reset that unit. Here, you may just get away with just resetting your router by powering it down, waiting 10 seconds then powering it up again.

After this, you may have to restart or reset network-attached storage devices and other equipment in order to make sure they know where they are on the network and they make themselves known to the rest of the network. This also means that you may have to either reboot your computers that were on or force them to re-obtain their IP address from the broadband router.

Use of an uninterruptible power supply unit with your network equipment

It may be worth using an uninterruptible power supply with the network-Internet “edge” equipment to keep the equipment working properly in an environment known for an unstable power supply. You may get away with the lower-capacity UPS devices like the APC Back-UPS ES series if you intend to provide this kind of power to the network-Internet “edge” and, perhaps, a VoIP ATA or cordless phone base station. This would be an imperative where the household phone service is provided by a VoIP service like the many “n-boxes” (Livebox, Freebox, etc) in France, or the newly launched iiNet “Bob” base station in Australia.

It is also a good idea to connect a high-capacity UPS to your network-attached storage device if you run one on your network. This unit can make sure that the NAS unit is managed properly through the power outages to avoid data corruption and hard-disk damage. Here, you could perhaps use the same higher-capacity unit also to run the network-Internet “edge” equipment or run this equipment on a separate low-capacity UPS.

You may deploy a UPS for your computer, perhaps to provide a graceful shutdown when the power goes down. Here, you would still need the separate UPS for the network equipmentin order to avoid competition for the reserve power that may be needed for your computer or server to complete a proper shutdown if need be.

Conclusion

When you know how to properly manage your home network when the mains power becomes unstable, you will be able to assure long service life for your equipment and “keep your head on” when these times come around.

New UPnP standard for inter-network connection

UPnP Forum standard page – RemoteAccess:1

The UPnP Forum have this week released a Device Class Profile for setting up networks for inter-network operation and remote access. This is mainly to permit:

a) UPnP devices to work across multiple logical networks and

b) UPnP methods to be used for inter-network configuration

What is involved

The standard encompasses public-network-discovery mechanisms like STUN for determining the type of upstream NAT device in the Internet network and dynamic DNS for establishing the IP address for the main network’s fully-qualified Internet name. Some of these standards are implemented through VoIP setups to permit discovery of the VoIP network.

It also involves the establishment of secure VPN or DirectAccess (IPv6 over IPv4) tunnels between networks for this purpose. This doesn’t depend on a particular tunnelling method like PPTP, IPSec or SSL, but is more about establishing the tunnels between the networks.

There is also the establishment of UPnP “device relays” at each end of the tunnel so that UPnP entities (devices or services) in one network can be seen by similar entities in another network.

The standard also includes methods to permit replicated setup and teardown of devices and services between both networks. This would happen when the link is established or torn down or as UPnP devices come on line and go off line while the link is alive.

Abilities

The-access or client network can be a simple single-subnet private network such as a home network, small-business network or public-access network. Larger corporate networks can qualify if the firewall at the network’s edge doesn’t specifically exclude UPnP Remote Access.

The master network which the remote device is visiting must be a simple single-subnet private network such as a home network or small-business network. The remote access server can be part of the network-Internet “edge” device like the typical "VPN endpoint” router sold to small businesses or can be a separate piece or hardware or software existing on that same network. In the latter case, the server would have to work properly with a UPnP-compliant router (which most routers sold through the retail channel are) and obtain the network’s outside IP address and set up port-forward rules through that same device. 

The value of UPnP Remote Access with corporate networks needs to be assessed, both in the context of network security for high-value data as well as interaction with established VPN setups. This can also include issues like the “other” network gaining access to UPnP devices on the local network or particular devices or device classes being visible across the tunnel.

What needs to happen

This standard needs to permit the user to establish or simple yet secure credential-delivery method for VPNs that extend the small networks. This may involve implementing methods similar to either use of a PIN when pairing Bluetooth devices, “push-push” WPS –style configuration or, for “deploy then establish” setups, an email-based system similar to what is being used to confirm user intent when people sign up for Internet forums and social networks; or other similar practices.

The latter situation would appeal to setups where, at one end of the link, there isn’t likely to be a regular client computer in place, such as CCTV and telemetry applications or remote servers.

Compliant systems may also need to support two or more different methods to cater for whether the logical networks are in the same building or afar; or for whether the user prefers to deploy the equipment then configure it remotely or configure all the equipment at one location before deploying it.

Why would this technology end up being useful

One main reason for this development would be to extend the UPnP technologies to VoIP setups. This would then allow for home and small business to benefit from corporate-class telephony setups like tie-lines, common phone books, logical extensions and the like as well as easy-to-implement VoIP telephony.

Another application would be to enable access to existing UPnP devices in other locations. The common reason would be to benefit from multimedia content held at home from a hotel room or to synchronise such content between NAS boxes installed at home and a vacation property. Other applications that come to mind would include remote management of UPnP devices that are part of building control, safety and security such as central heating or alarm systems.

Parts of this standard may be implemented by router and remote-access software vendors as a way of establishing a “box-box” or “box-PC” VPN setup between two small networks like a home network and a small-office network. This could allow the small-business operator to benefit from the VPN setup that big businesses often benefit from, thus allowing for increased yet secure network flexibility.

Windows 7 – How it will benefit the small business and work-home laptop users

There have been some significant advances in Windows 7 that benefit the small business and the mobile laptop users. This includes people who use their computers for both their work use and home / community use.

Location Aware Printing for “work-home” laptops

If you run Windows 7 Professional or above on your laptop, this operating system has another feature to support the “work-home” laptop. It is in the form of “Location Aware Printing” where the default printer is determined based on which network the computer is connected to. The network can be determined by factors like the domain Windows is associated with, the SSID of a wireless network or the MAC of the Internet Gateway or DHCP Server that it gets its IP address from.

The printer can be a network printer that exists on the network like the HP OfficeJet at your workplace or your Epson WiFi-enabled all-in-one at home, a locally-connected printer like your Canon portable USB printer or a software-based virtual printer like your fax software’s “print-to-fax” function or “print-to-PDF” software.

At the moment, there isn’t ready support for handling location-aware printing in locations where there are many printers in the same facility, such as the typical workplace or educational institution with its many rooms.

Inherent support for mobile broadband services

Windows 7 has inherent support for 3G wireless broadband services thus eliminating the need to run operator-provided software to use the 3G modem. It also caters for laptops that have integrated 3G modems, which is a feature becoming more common with units that are supplied through mobile-phone outlets. In some cases, you may not need to install any software provided by the 3G provider to use wireless broadband Internet service.

This is similar to when Microsoft implemented Dial Up Networking in Windows 95 and users didn’t have to run any other software to get online with their dial-up Internet service.

Wi-Fi Wireless Flexibility for the business partner and hotspot surfer

Windows 7 has improved the Wi-Fi wireless infrastructure thus allowing a Wi-Fi equipped computer with an appropriate hardware driver for its wireless card to do more tricks. It can become a wireless-wireless LAN bridge which can allow for such things as running Wi-Fi devices that can’t go beyond regular WPA2-PSK authentication and don’t have an easy-to-use Web browser with networks that implement WPA2-Enterprise authentication at workplaces or Web-based authentication at hotspots. A good use for this could be for a business partner to take pictures with his Wi-Fi digital camera and upload them to his laptop or a site worker who wants to play his Roberts Stream 202 Internet radio at a wireless hotspot just by using his laptop (which will alert him to new work) as a gateway. It can also allow for “bonding” of multiple Wi-Fi signals for greater throughput, which can come in handy with multi-access-point networks.

Improved business network functionality

The Windows 7 Professional or Ultimate computer has improved business network functionality, which can come in handy with corporate or business-partner networks. One feature that I like is “network-specific” security that accounts for VPN and DirectAccess network setups. Here, you can set up a “domain-driven” business network profile for the VPN tunnel while you have a “private-network” security rule that applies to your home network or a “public-network” security rule that applies to public networks like wireless hotspots. This still allows business-driven network tools like system management tools or desktop-based MIS “dashboards” to operate “through the tunnel” with your computer being secure enough for the network you are in.

Speaking of DirectAccess, this is an improved IPv6-IPSec VPN replacement provided with Windows 7 Ultimate that does away with the need for extra weight associated with a lot of VPN software. The software sets up a separate IPv6 path to the DirectAccess server that your employer or business partner provides and makes the access to business resources more transparent. This function will require the use of a Windows Server 2008 R2 box installed at the workplace by your employer or IT contractor and your computer to run Windows 7 Ultimate.

Conclusion

This series of Windows 7 articles shows how your Windows-based computer and network can be improved when you deploy Windows 7.

Devices not associating with your Draytek router? Check for “compatibility modes”

I have tried to connect my Nokia N85 mobile phone and a Kogan Internet radio (which is on loan for an upcoming review) with a 2007-era Draytek VPN-endpoint router used as our household’s Internet “edge”. But what would happen is that I would supply the correct WPA-PSK passphrase and it would not admit the device. It would admit Apple MacOS X and iPhone equipment as well as Windows computers without a hitch. The problem was that the router was on a WEP-WPA compatibility mode which you may have set up for when not many embedded WiFi network clients supported WPA out-of-the-box.

A good idea would be to make sure your router operates in WPA security mode. This is to make sure all your WPA clients associate properly and quickly when you give them the WPA-PSK passphrase and your network is also secure to the full extent of the WPA standard.

The Wi-Fi Personal Area Network is getting closer

Blogs and News Articles

Wi-Fi Alliance Peers into the Future with Ad Hoc Replacement | Wi-Fi Net News

Wi-Fi Gets Even Better | Wi-Fi Planet

Wi-fi to get a whole lot better | BBC News – Technology

Wi-Fi Direct : un sérieux concurrent pour le Bluetooth | DegroupNews (France)

From the horse’s mouth

http://www.wi-fi.org/news_articles.php?f=media_news&news_id=909

My comments

A while ago, I had mentioned in my blog about Intel and Ozmo designing chipsets that support a Wi-Fi (802.11a/b/g/n) personal area network. As well, Microsoft had built support for this kind of activity in to Windows 7 so the operating system can manage these networks if the computer’s chipset has inherent support for this. Now, the Wi-Fi Alliance are defining the “Wi-Fi Direct” standard that allows the establishment of these personal-area networks. They have also said that the “Wi-Fi Direct” personal-area network can be catered for on some existing equipment through the use of a driver or firmware update downloaded from the manufacturer’s site.

Wi-Fi Personal-Area Network concept diagram

Wi-Fi Personal-Area Network concept diagram

A Wi-Fi personal-area network is based around a computer, typically a laptop general-purpose computer, providing a single low-power Wi-Fi service set for a small number of devices while being able to link with an existing Wi-Fi service set using the same Wi-Fi networking chipset. The computer is essentially acting as though it is a wireless router with a Wi-Fi backhaul.

One main near-term benefit of operating a Wi-Fi personal-area network is to use a Wi-Fi-enabled device that doesn’t have the full screen, keyboard and Web browser, like a digital camera or Internet radio at most wireless hotspots which typically require you to establish your session through a Web page. Similarly, you can do network-based activities like transfer files, make your music library available to your DLNA-capable media equipment or engage in multi-player multi-machine gaming while using a public Wi-Fi network like a wireless hotspot.

The main benefit of this method beyond using the classic “Ad-hoc” mode that is part of the 802.11a/b/g/n standards. The “ad-hoc” setup often provided poor security and was very unstable, especially if it was being used to transfer large amounts of data like files between colleagues’ laptop computers.

This technology has also been designed to suit all classes of network deployment, ranging from home and small-business networks to large corporation and government networks. The needs of a large corporation or government department with sensitive intellectual assets have been taken care of including the ability for the access points in these networks to detect Wi-Fi Direct networks and, where policy dictates, to shut down these networks. There is only one security fear that I have in that the technology could be used to create an “evil-twin” rogue access point at a wireless hotspot. The way I would mitigate this problem would be to limit the power of a Wi-Fi Direct network and give hotspots the ability to detect these networks. Further still, I would support the use of SSL-style verification mechanisms being part of the SSID beacons in enterprise and hotspot networks as mentioned in my article on keeping the WiFi public hotspot industry safe.

Some of the computing press see the technology as a competitor to Bluetooth especially when it comes to linking devices with general-purpose computers. This is although Bluetooth have established small-size low-power chipsets for integration into peripheral devices like headsets and mice. It may also be seen as a chance for companies to work on low-power small-size Wi-Fi radio chips for use in these kind of devices, which can also benefit devices that deal with Wi-Fi on a LAN perspective like Internet-enabled consumer electronics.

Also, if the pundits see that this technology is going to work for human-interface devices (keyboards, mice, remote controls, game controllers, etc) and similar applications, they need to have this concept developed and proven across an IP subnet. This is because Wi-Fi is simply being used as one of many physical network media for IP networks; and there haven’t been any device classes and application-layer protocols established for human-interface devices, sensors and similar applications to operate across these networks.

Once this technology is worked out properly, I would see Wi-Fi Direct being an enabler for network activities involving Internet-based consumer electronics or working alongside a colleague rather than being another wireless medium for keyboards and mice.

Feature Article – Understanding the 802.11n high-bandwidth wireless network

Introduction

Now that the 802.11n high-bandwidth wireless-network standard has been declared a final standard, the price of 802.11n-compatible wireless-network hardware will come down to more affordable levels. This will lead to you considering upgrading your wireless network to 802.11n whenever the time is right to renew your home-network IT hardware.

The 802.11n access point

This works in a different manner to the 802.11a/b/g access points we are so used to. Basically, these units use a “multiple in, multiple out” methodology with “front-end diversity”. They will typically have two or three aerials with each aerial serving a particular transceiver. Some units may have an aerial serving a receiver as well as the two aerials serving two transceivers. It is totally different from “antenna diversity” which is used on most 802.11b/g routers and access points, where one transceiver works with two aerials, choosing whichever has the best signal strength.

These access points and the network client devices that connect to them also make use of “constructive multipath” to improve their quality of reception.This is different from the “destructive multipath” often experienced with FM radio and analogue television. Here, signals picked up as reflected signals are mixed with signals received by line-of-sight and “worked out” as a data stream.

The premium-priced 802.11n access points will be typically dual-band in which they can work on the existing 2.4GHz band or the newer 5GHz band. Some of this equipment may be able to work on both bands, as though there are two access points in one box.

Access Point Types

Single Band

These access points use a single access point that is set up to work on one band, typically 2.4GHz, but some of them work on 5GHz as an “add-on” access point.

Dual Band, Single Radio

These access points are like a single-band access point but can be set by the user to work on either 2.4GHz or 5GHz, but not both of the bands.

Dual Band, Dual Radio

These access points, sometimes described as “simultaneous dual-band”, are effectively two 802.11n access points in one box with one working on 2.4GHz and the other working on 5GHz.

Access Point Operating Modes

Primary Operating Modes

A typical 802.11n access point can be configured to work in one of two primary operating modes – a “compatibility” mode or an “N-only” mode.

Compatibility Mode

This mode, known as Mixed Mode or G-compatible mode allows 802.11g wireless network hardware to work from the same access point alongside 802.11n equipment. The limitation with this mode is that the wireless network works to a “worst-case” scenario with throughput that doesn’t hit the standards for an 802.11n segment. You will still have the larger coverage and service reliability with the 802.11n equipment and this benefit may pass through to 802.11g equipment

N-only Mode

This mode allows the access point to work only with 802.11n equipment and gives the equipment full wireless throughput as well as the full reliability of the standard.

Wideband vs Standard Channels

802.11n access points can run their channels as either “standard” 20MHz channels or 40MHz wideband channels which can yield higher throughput. The wideband channels also make use of a “standard” channel as a “base” channel for the double-width channel.

The preferred method of operation is that a 2.4GHz access point works on “standard” channels and most such access points will be set to have this kind of behaviour by default. But you can run these access points on the wideband channels with the limitation of poorer compatibility with 802.11g devices. If you are running a 2,4GHz access point in a manner to be compatible with regular 802.11g devices, it would be a good idea to stick to “standard” channels. If you are running 5GHz access points, you can get away with using the wideband channels and I would prefer setting up a 5GHz 802.11n extended-service-set to work this way.

The number of streams a device can handle

An 802.11n wireless device will typically be rated as being a single-stream, dual-stream or multiple-stream device. This relates to how many streams of data the wireless device can handle. All Wireless-N (802.11n) access points and routers will typically be either a dual-stream type or a multiple-stream type in the case of premium devices. Similarly, laptops with integrated Wireless-N capability; and add-on Wireless-N products will typically be dual-stream devices.

The main class of devices that will handle only one stream will be primarily-battery-powered devices like smartphones, WiFi VoIP phones, and WiFi-enabled digital cameras / portable media players because the single-stream ability won’t be intensive on these devices’ internal battery resources. Similarly, the idea of a single-stream Wireless-N network interface will also appeal to applications where size or cost do matter.

Other points to know

Best practice with dual-band equipment

If you are running dual-band equipment, especially dual-band dual-radio equipment, it would be a good idea to use the 5GHz band as N-only mode, while 2.4GHz works as compatibility mode. If you are running dual-band single-radio equipment, you will need to use older 2.4GHz equipment to run an 802.11g service set with the dual-band single-radio equipment on 5GHz N-only mode.

Use of aftermarket antennas

You can use external aftermarket antennas (aerials) with 802.11n equipment as long as all of the antennas are of the same type. This may work well if you replace the omnidirectional whip aerials with stronger omnidirectional ones. Then you may have to space the aerials further apart for the front-end diversity to work properly The main difficulty you will have is using directional aerials, in which case you may need to look for directional aerials optimised for 802.11n setups.

As well, if you are running dual-band dual-radio equipment, you will have to use antennas that can work on the 2.4GHz and 5GHz bands rather than antennas optimised for the 2.4GHz bands.

Shaping your 802.11n wireless network – the ideal upgrade path for your wireless network

I will be talking of WiFi networks that work on a particular technology and with a unique SSID and security parameter set as an “extended-service-set”. This allows me to cover setups where there are multiple access points working with a particular configuration.

You may be tempted to construct a multiple-access-point extended-service-set with an 802.11g access point and an 802.11n access point working in “compatibility mode” connected by an Ethernet or HomePlug wired backbone. The simple answer is "don’t”. You will end up with your wireless network having reliability problems especially as devices roam between the different access points and switch operating modes.

The simple answer would be to run different extended-service-sets with at least one access point for each WiFi technology. They are set up with different ESSIDs (such as SSID for the G cloud and SSID-N for the N cloud) with the wireless stations choosing between the different ESSIDs. The only thing they can have that is common is the WPA security parameters, and a common wired backbone which can be Gigabit Ethernet or HomePlug AV.

This could be achieved through deploying an existing 802.11g router that is set up as an access point and working on “SSID-G” and one channel while a newer 802.11n router working as the Internet “edge” is set to “N-only: or “compatibility” mode in the case of a single-band 2.4GHz unit, and set to “SSID-N” and a different channel.

As you evolve your wireless network, you may want to work towards establishing a 2.4GHz 802.11n “compatibility-mode” extended-service-set and a 5GHz N-only extended-service-set. You then upgrade your portable computers to work with dual-band 802.11n network interfaces or add dual-band 802.11n network adaptors to your existing equipment. The 5GHz extended-service-set will come in handy for high-throughput activity like video streaming and related applications while the 2.4GHz extended service set can work well with voice applications, smartphones, Internet radio and similar applications where throughput doesn’t matter.

If you are upgrading a wireless hotspot to 802.11n, it would be preferable to make sure your hotspot’s extended-service-set is on the 2.4GHz band and operating in “compatibility” mode so that customers can still use their existing 802.11g hardware on the wireless hotspot.

Some issues may occur with dual-band networks where the 5GHz extended-service-set may not cover the same area as the 2.4GHz extended-service-set. This is because the 5GHz band is of a higher frequency and shorter wavelength than the 2.4GHz band and is best demonstrated by AM radio stations being receivable at a longer distance compared to FM radio stations. It can be rectified by deploying a dual-band single-radio access point working on the 5GHz band in to the 5GHz extended-service-set as an infill access point.

Conclusion

Once you understand the 802.11n wireless standard and what it can and cannot do, you can make sure that you get the best out of the new standard while gaining the maximum mileage out of the existing wireless-network hardware.

In-vehicle networks

Peugeot intègre le Wi-Fi dans ses véhicules | DegroupNews (French language)

Chrysler confirms in-car Wi-Fi coming next year | Engadget

BMW’s ConnectedDrive brings the whole internet to your car… on EDGE | Engadget

There is a new trend concerning the small network in that the car will have its own IP-based network with a link to the Internet. This has been brought about by manufacturers making WiFi “edge” routers with a 3G wireless link on the Internet side for installation in vehicles. Similarly vehicle builders like BMW, Chrysler and Peugeot are using this feature as a product differentiator in some of their vehicle models.

But what use are these devices?

Primarily these devices provide Internet access to passengers in minivans, limos and the like; and some bus fleets are taking this further for provision of Internet access to their premium routes. Some people may also think that these routers may have the same appeal as the “component-look” car stereo systems of the late ‘70s and early ‘80s; where they only appealed to young men who were customising cars and vans in order to impress others.

What could they offer

Like the typical home Internet-edge router, all of these routers offer Ethernet and WiFi for the local network connection, which means that car devices can be directly connected to these Internet gateways. This can lead to online applications being made available to integrated or aftermarket-installed equipment which is being considered as sophisticated as a typical personal computer.

Ethernet port on the car stereo

A car stereo system could have an Ethernet port and support the same kind of network media services as some of the in-home entertainment systems offer. One application could be Internet radio functionality, where the set could have access to the Frontier Platform, Reciva or vTuner Internet-radio directories; and be able to pull in Internet radio from around the globe. An idea that may come to mind is the concept of young men “cruising” along Chapel Street in South Yarra; Campbell Parade in Bondi; Surfers Paradise or other “show-off” streets in Australia or coastal USA with the dance grooves from Heart London’s “Club Classics” program thumping out of the “subs and splits” in their souped-up machines during a special UK long weekend. Another function would be to support the “visual radio” platform that is part of most mobile-phone FM-radio implementations.

Another more interesting application is an in-car DLNA media network. The 3G WiFi router could work as a WiFi client when, in the presence of the home network, cause syncing of content between the home DLNA media network’s server and a hard disk built in to the car stereo. This allows for newly-added music content from the home network and up-to-date podcasts to be available in the car.

Similarly, there could be the ability to play content held on a DLNA-capable WiFi-enabled mobile phone or portable media player through the car speakers. As well, a small NAS like the Thecus N0204 miniNAS which I have mentioned about in this blog could be shoehorned to work from a car’s power supply and become a DLNA-enabled media storage unit for the car.

This functionality can be extended to the back seat in the form of access to newer video content from the home network or access to online video content to the back screens. As well, the vehicle’s music system could work as a DLNA media server for use in providing media at secondary locations like holiday homes or worksites. This would be in conjunction with a DLNA-compliant media player connected by a WiFi segment between the vehicle and the building’s network.

There is more information about how DLNA is investigating implementation of this standard in the automotive context in this white paper (PDF) at their website.

Ethernet connection for navigation systems

The “sat-nav” systems can benefit from Ethernet connectivity for integrated units or WiFi connectivity for portable navigation devices. This could allow for these systems to have up-to-date information about new points of interest as well as another link for receiving real-time traffic information.

The IP feed can work very strongly with real-time information being received from the wireless Internet in order to provide updated traffic information and / or real-time service information for garages, restaurants, motels and the like. This will then allow drivers to make better decisions about their journeys such as alternate runs or use of services. It could cater for “social recommendation” functionality for the roadside services so one can go to where the food’s known to be good for example.

Support for IP-driven vehicle telemetry

The vehicle could have an Internet-based direct link to the garage that the owner has a working relationship with, or to the fleet-management service in the case of a vehicle that is part of an organisation-owned fleet. This link can allow access to historical diagnostic information about the vehicle thus allowing for informed decisions concerning what repair work needs to be taken or whether the vehicle should be pensioned off.

Similarly, there could be the ability to implement vehicle / driver surveillance techniques which can be of benefit to parents of teenage drivers or organisations who need to keep in step with workplace safety or professional-driver regulations.

In some cases like public and community transportation, it may be desireable to have IP-based closed-circuit TV surveillance that streams the vision “back to base” instead of or as well as recording it to a local hard disk. This will also please the police force where officers are in a “first-response” situation and need “many eyes and many brains working together” on an emergency situation.

Electric vehicles (including hybrid-electric vehicles)

These vehicles will typically benefit from network and Internet connectivity in order to permit flexible power management situations like optimised battery charging or vehicle-to-grid setups. They will also benefit from the above-mentioned IP-driven vehicle telemetry so that the user or preferred mechanic knows if the battery is not holding its charge in the same way that it used to, thus knowing when to have it replaced.

What needs to be done

I would prefer the in-vehicle network to be capable of working as its own network with a 3G or similar-technology WWAN as proposed by the vehicle builders in their implementation or as a member of user-selected WiFi LANs in a client / access-point (WDS) role. This can be determined by a list of “preferred” SSID / WPA(2)-PSK combinations held local to the vehicle.

The “Ethernet behind the dash” concept of using Category 5 Ethernet to create a wired LAN amongst in-vehicle subsystems has to be researched, This includes how Category 5 Ethernet can handle the problems associated with an automotive electrical system which is known to be very noisy or prone to surges and spikes such as while the vehicle’s engine is being started.

Once the concept of the automotive local area network is researched properly, there is the ability to use it as a simple data conduit across vehicle systems for all data-transfer applications, not just for Internet surfing by passengers.