ITPRC NEWS - December 2001
The Yin and Yang of
By Irwin Lazar
From a network manager’s point of view
Wireless LANs represent two opposite extremes.
On one side is the promise of providing users with ubiquitous
access from anywhere in the office, campus or any other location with
wireless support. On the
other side are the enormous challenges of delivering sufficient
performance while also securing wireless transmissions and access to
wireless networks. In this
month’s column we’ll provide best practices for realizing the
promise of wireless LANs while avoiding the pitfalls.
Most wireless LAN concerns boil down into
the following: Interference, Security, and Mobility.
Each of these is explained in greater detail in the following
Most Wireless LANs are based on the IEEE 802.11b standard.
This standard uses the unlicensed 2.4 GHz band for all
communication. This is the
same band used by Bluetooth, cordless phones, two-way radios, and other
communications devices. But
interference in wireless LANs can also come from multiple access points
or from “hidden transmitters” (where one transmitting station is
hidden from another, resulting in a collision when both try to send to
the access point). Mitigating
interference requires careful engineering of access point placement.
An RF survey using one of several commercial tools and
applications can help pinpoint potential interference sources, as well
as confirm optimal placement of access points sufficient to insure
uninterrupted coverage throughout the location.
Enterprises may also want to consider
making the jump to 802.11a, which uses a reserved spectrum at 5 GHz and
thus is not subject to interference issues that plague 802.11b.
Keep in mind though that most public wireless services, such as
airports and libraries, use 802.11b so insuring backwards compatibility
for traveling users is a must.
To say that wireless LANs present a security risk is the mother of
all understatements. Since
it is nearly impossible to restrict radio waves from either entering or
leaving the typical enterprise location, the wireless network is
vulnerable to attack from someone sitting in the parking lot, the
building next door, or another floor within your facility.
Further complicating this issue is the vulnerability of the
default 802.11p security protocol, WEP (Wireless-Equivalency Protocol).
WEP provides an easily breakable key structure that can be hacked
by even a semi-skilled hacker using publicly available tools.
As several press articles have shown, many network managers
don’t even turn on WEP and instead leave their wireless network
completely vulnerable to anyone with a client device.
Securing wireless networks is a
multi-step approach designed to discourage attacks and protect valuable
network resources. At a
minimum, network managers should implement a unique network name (SSID)
and turn on WEP. For
further security, implement authentication mechanisms such as 802.1x
with Radius, MAC-address filtering, or even client-server VPNs.
In addition, the wireless LAN should be treated as a public
network and should be segmented from the corporate wired network by the
use of a firewall. In
addition, security tools should be implemented that prevent unauthorized
access points from being deployed on the wired network.
In an ideal environment, a user would be able to undock their wired
laptop, take it to another building or across the campus, or even home
or to a public wireless facility, and be able to connect to the
corporate network without any manual intervention.
Fortunately this isn’t a pipe dream.
Placing all access points in a single broadcast domain by the use
of VLANs easily provides wireless roaming on the campus. New products from companies such as NetMotion and Intel
establish a client-server relationship between the end-user device and a
corporate proxy server. These
products enable wireless users to reestablish secure connectivity with
corporate data resources provided that they have IP connectivity (which
may even be across the public Internet).
Wireless LANs offer tremendous benefits
to enterprise users. Employees
enjoy new freedom and are no longer tied to their desktop wired
connection to access corporate information resources. Even more
importantly, people can now get work done while they sit in long
meetings or conferences, but we’ll leave that issue for a future
Irwin Lazar is a Senior Consultant for Burton
Group where he focuses on
strategic planning and network architecture for Fortune 500 enterprises
as well as large service providers. He is the conference director for
MPLScon and runs The MPLS Resource Center
Information Technology Professional's Resource Center.
Please send any comments about this article to firstname.lastname@example.org
All Content Of This Site
Is Copyright 2000-2004 - ITPRC.COM