Four Things You Must Know Before Deploying Wireless LANs
By Kevin Beaver, Principle Logic
Monday, 25 April 2005 11:26 EST
Monday, 25 April 2005 11:26 EST
Wireless LANs (WLANs) are all the craze these days, but before you install them in your organization there are a few things you must be aware of if all is to go smoothly. The IEEE 802.11 WLAN standards are nothing new - the original 802.11b standard (802.11a was actually first but got delayed) has been around since 1999.
Like most new technologies, it takes a few years for technology vendors to gain buy-in from the general public. In addition, in the case of WLANs, there have been quite a few potholes along the way such as price, speed and the security flaws associated with WEP - the Wired Equivalent Privacy protocol that encrypts WLAN communications.
Technical Skills Required can be Significant
Properly designing, deploying and managing requires network design skills, radio frequency (RF) knowledge and the wherewithal to properly secure all of the WLAN systems. This includes being able to pick the proper type of antennas, selecting the proper radio operating power, hardening the WLAN systems from security vulnerabilities, and managing the various security access controls and protocols on an ongoing basis. You'll also need the proper tools - most importantly a wireless network analyzer (a.k.a. sniffer) - to design and troubleshoot your WLAN. My favorite is AiroPeek, but there are several others available as well.
So, should you go at this alone or hire a vendor or consultant to help you out in your WLAN endeavors? If you feel confident about your abilities and have the right resources (books, WLAN websites, etc.) to lean on, I'd say give it a shot yourself first and have a couple of outside experts you can call only when needed.
Site Surveys are Critical
The technical skills I mentioned above are a factor before you ever install your first WLAN component. Unless you only need to connect a handful of systems to the WLAN via one access point (AP), you're going to need to perform what's called a site survey. This is a technical inspection of your building or campus to help determine how many APs and other WLAN infrastructure components will be needed as well as detecting any environmental issues such as elevation changes and signal obstructions such as concrete or metal walls that affect antenna placement.
The site survey will also provide information that may lead you to other network design issues that include having to use wireless bridges to connect separate networks and how much CAT 6 copper or fiber to run to certain wiring closets in order to connect the remote APs and bridges back to the wired LAN. If you don't already have it, you'll also want to gather host information such as the number of computers that will use the WLAN as well their location within your building or campus.
You can also use the site survey information to help you determine which WLAN technology (802.11a, b, or g) you need to implement. Hint: 802.11g is likely the way to go given its speed, cost and backwards compatibility with 802.11b systems you may already have deployed.
So why am I bringing up all of these seemingly obvious tips? I've unfortunately seen and had to use many a WLAN that was obviously not designed properly. Common issues I see are little or no signal where there should be, power outlets not readily accessible, and unsightly antennas or other components that had to be "patched" into the system in order for it to work.
For example, I recently stayed in an 800+ room conference hotel in California that touted its WLAN offering. Unfortunately, the only way I could get wireless connectivity was to stand in my doorway with one foot in the hall and the other touching the tile in the bathroom - talk about bad for your back! I heard similar complaints from other conference attendees. There's no telling how many hundreds of thousands of dollars were spent on implementing this WLAN that didn't even work properly right from the start!
Security Cannot be Overlooked
Several years ago, 802.11 WLANs got a lot of bad press due to some security vulnerabilities discovered in the WEP protocol. These often over-hyped vulnerabilities allow an attacker to capture WLAN traffic using a wireless network analyzer and crack the WEP key in a relatively short period of time so that he can decrypt and read all WLAN communications. The majority of WLANs I come across are not even running WEP - something that takes just a few extra minutes to enable on each system when first deploying WLANs. Given this, cracking WEP is often a non-issue since the majority of organizations (and home users too) prefer to blast their wares through the air in clear text - what a big mistake!
There are several major security issues even beyond WEP that, if not configured and managed properly, will allow the bad guys to hack into the WLAN and basically take or do anything they want.
These vulnerabilities include not changing default settings such as passwords and AP names, broadcasting the service set identifier (SSID - which is the WLAN name), and even placing WLAN APs and antennas in physically insecure locations. I can think of at least a dozen serious WLAN security vulnerabilities off the top of my head that absolutely positively must be addressed.
Unfortunately, I haven't come across a single WLAN in the past four years that has addressed even two or three of these weaknesses. I'll cover how to secure your WLAN on a shoestring budget in a future article.
Vendor Solutions
There are dozens of vendor solutions to help you manage and secure WLANs...but are they needed? For the average WLAN deployment, I'm not convinced they are, especially given the $10,000+ price tags on many of them. If you don't have the budget, don't need a lot of management bells and whistles, and trust that your WLAN infrastructure was designed with security in mind, you might be just as well off maintaining your systems the old-fashioned way. If you choose to forgo vendor solutions, three key things to keep in mind are to enable logging, monitor those logs for strange behavior, and perform security vulnerability testing on your systems on an ongoing basis.
Given these four things, it may sound like 802.11 WLANs might not be worth the trouble, but given all their benefits I'm highly convinced they are. If you take these points into consideration, all that's left to make WLANs work successfully for you is a little bit of patience, quite a bit of diligence, and a whole lot of common sense.